Privacy Policy
Last updated: June 25, 2026
We do not sell your personal data, including any sensitive or biometric personal data, to third parties. We also do not share your personal data with third parties for purposes of cross-context behavioral advertising. Disclosures of personal data to service providers and contractors acting on our behalf to deliver the Services do not constitute a sale or sharing of personal data for purposes of applicable privacy law.
DoveLock LLC (“Company“, “we“, “our“, or “us“) respects your privacy and is committed to protecting it through our compliance with this policy. DoveLock is not a law firm, medical provider, hospice provider, insurer, or fiduciary, and does not provide legal or medical advice. The Services are designed to help users organize, store, and communicate personal preferences and information related to end-of-life planning and legacy matters. This policy describes how we collect, process, retain, and disclose personal data about you when providing services to you through our website and application that link to this policy (our “Services“) and our practices for using, maintaining, protecting, and disclosing that information. We are committed to data minimization: we collect, process, and retain only the personal data that is reasonably necessary to provide the Services and fulfill the purposes described in this policy.
This policy applies only to information we collect:
- Through the Services.
- In communications, including email, text, chat, and other electronic messages, between you and the Services.
It does not apply to information collected by:
- Us through any other means, including on any other website operated by Company or any third party (including our affiliates and subsidiaries) that does not link to this policy; or
- Any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or through the Services.
We may provide additional or different privacy policies that are specific to certain features, services, or activities.
Please read this policy carefully to understand our policies and practices regarding your information and how we treat it. By interacting with our Services or providing us with your information, you agree to the collection, use, and sharing of your information as described in this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the Services after we make changes as described in this policy is deemed to be acceptance of those changes, so please check the policy periodically for updates.
Children’s and Minors’ Data
Our Services are not intended for, and we do not knowingly collect any personal data from, children under the age of 18. If we learn we have collected or received personal data from a child under 18 years old without verification of parental consent, we will delete that information.
The Personal Data That We Collect or Process
“Personal data” is information that identifies, relates to, or describes, directly or indirectly, you as an individual, such as your name, email address, telephone number, home address, or payment information (for example, account information such as name, postal address, email address, or any other identifier we may use to contact you online or offline).
The types and categories of personal data we collect or process include the following. Some of these categories may qualify as sensitive personal data under applicable state law; those categories are further described in the Sensitive Personal Data section below.
- Account and contact information, including name, address, email address, phone number, username, and other contact information you provide us.
- Payment information, including credit card numbers, debit card numbers, card expiration dates, CVV or security codes, billing addresses, bank account information, and other payment credentials and methods you wish to disclose to your Designated Recipients or use in connection with the Services.
- Account history, including information about your subscription, account, transactions, and order history.
- Demographic information, including your age, gender, income level, education, or family or marital status,if you have consented to such information collection.
- Location information, including general geographic location such as country, state or province, or city, and, where you have enabled and consented to such collection, precise geolocation information. See Sensitive Personal Data below for additional detail on how we handle precise geolocation data.
- Device information, including your IP address, device identifiers, operating system and version, browser type and settings, and other device information.
- Content and information you elect to provide, including copies of estate planning documents and related files you upload to or store through the Services, as well as information in your account profile and any communications sent to us.
- Images, voice recordings, and videos you elect to upload, record, or store in connection with the Services. See Sensitive Personal Data below for additional detail on how we handle biometric data, including voice recordings.
- Identity document information and account credentials, such as Social Security and driver’s license numbers, which we may collect for identity verification purposes or which may appear in estate planning documents you upload to the Services; and account login credentials, including usernames, passwords, and access credentials for non-financial accounts (such as email, social media, and other online service accounts) that you elect to store through the Services. Credentials for financial accounts are discussed in the Sensitive Personal Data section below; further see Sensitive Personal Data below for additional detail on how we handle such information.
- Names, email addresses, and other contact details of individuals you designate as trusted contacts or recipients through the Services.
DoveLock is not a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA). Information you choose to store in the Services is not protected health information under HIPAA, even if it relates to health, medical wishes, or care preferences. You should not upload information you expect to be treated as HIPAA-protected unless you understand and accept this limitation. Additionally, documents and files you upload to the Services may contain personal data about individuals who are not users of the Services, including beneficiaries, family members, healthcare agents, attorneys, financial advisors, and other individuals named in your estate planning documents, as well as information about minor children in their capacity as beneficiaries or dependents. By uploading such documents, you represent that you have the authority to do so. DoveLock will process any such third-party personal data solely for the purpose of storing and facilitating authorized access to your documents in accordance with this policy and will not use it for any independent purpose.
Sensitive Personal Data. Certain categories of personal data are classified as “sensitive” under one or more U.S. state privacy laws. Given the nature of DoveLock’s Services – which are designed to store highly personal end-of-life and legacy information – we may collect or encounter the following categories of sensitive personal data:
- Government-issued identification numbers, including Social Security numbers, driver’s license numbers, and passport numbers, which may appear in estate planning documents you upload or which we may collect for identity verification purposes.
- Health and medical information, including information about your physical or mental health conditions, diagnoses, treatment preferences, medical wishes, advance healthcare directives (such as living wills and healthcare proxies), and end-of-life care preferences that you choose to store through the Services.
- Biometric information, including voice recordings and other biometric identifiers you elect to upload, record, or store through the Services, to the extent such information constitutes biometric data under applicable law.
- Precise geolocation data, if you have enabled and consented to the collection of precise location information through your device or the Services.
- Financial account information and credentials, including account numbers, routing numbers, credit card numbers, debit card numbers, card security codes, beneficiary designations, and login credentials (usernames and passwords) for financial accounts such as bank accounts, investment accounts, retirement accounts, and insurance accounts, whether provided in connection with payment for the Services or stored by you through the Services.
- Login credentials and passwords for non-financial accounts, including usernames, passwords, and access credentials for email, social media, digital storage, subscription services, and other online accounts that you elect to store through the Services. Under certain state privacy laws, account log-in information combined with a password or security code that would permit access to an individual’s account may constitute sensitive personal data or personal information subject to heightened protections.
- Racial or ethnic origin, religious or philosophical beliefs, and sexual orientation or gender identity, to the extent you voluntarily include such information in documents, instructions, or communications stored through the Services or provide it as part of your account profile.
- Citizenship or immigration status, to the extent it may appear in documents or instructions you choose to upload or store through the Services.
- Contents of personal communications, including private messages, letters, or other communications stored through the Services that you intend to be delivered to designated recipients.
We collect and process the sensitive personal data categories described above only (i) with your explicit consent, (ii) to provide the Services you have requested, or (iii) as otherwise permitted or required under applicable law. We do not use sensitive personal data to infer characteristics about you beyond the purposes described in this policy, and we do not sell or share sensitive personal data for purposes of targeted advertising. You decide what documents and information to upload to the Services, and by uploading content that includes sensitive personal data, you consent to our processing of that data solely for the purposes described in this policy. We treat all uploaded content and sensitive personal data with the highest level of security controls described in the How We Protect Your Personal Data section below. If you choose not to provide certain sensitive personal data, we may not be able to provide you with all requested features or Services.
We also collect:
- Statistics or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from personal data. For example, we may aggregate personal data to calculate the percentage of users accessing a specific Services feature.
- Technical information. Technical information includes information about your internet connection and usage details about your interactions with the Services, such as clickstream information to, through, and from our Services (including date and time), products that you view or search for; page response times, download errors, length of your visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), or methods used to browse away from a page.
If we combine or connect non-personal statistical or technical data with personal data so that it directly or indirectly identifies an individual, we treat the combined information as personal data.
How We Collect Your Personal and Other Data
You Provide Information to Us
We collect information about you when you interact with our Services, such as when you create or update an account, purchase or subscribe to our Services, upload or modify copies of estate planning documents or personal notes, upload lists of accounts with other service providers along with log-in credentials, designate authorized individuals to access your documents, or communicate with us.
Automatically Through Our Services
As you navigate through and interact with our Services, we may use automatic data collection technologies to collect information that may include personal data. Information collected automatically may include usage details, IP addresses, operating system, and browser type, and information collected through cookies, web beacons, and other tracking technologies, including details of your interactions with our Services, such as traffic data, logs, and other communication data, and which resources and Services features that you access and use.
Using automatic collection technologies helps us to improve our Services and to deliver a better and more personalized experience.
The technologies we use for this automatic data collection may include:
- A cookie is a small file placed on your device when you interact with the Services. You may refuse to accept or disable cookies by activating the appropriate setting on your browser or device. However, if you select this setting, you may be unable to access certain features of the Services.
- Web Beacons. Some parts of the Services, and our emails, may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those parts or opened an email and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity).
When you interact with the Services, there are third parties that may use automatic collection technologies to collect information about you or your device. These third parties may include:
- Analytics companies.
- Your device manufacturer.
- Your internet or mobile service provider.
These third parties may use tracking technologies to collect information about you when you use the Services. The information they collect may be associated with your personal data or they may collect information, including personal data, about your online activities over time and across different websites, apps, platforms, and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
From Service Providers
We may receive personal data about you from other sources and combine that with information we collect directly from you. For example, we may obtain information about you from service providers that we engage to perform services on our behalf, such as payment processors and security and anti-fraud services.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal data, to:
- Provide you with the Services and any contents, features, information, products, or services that we make available through the Services.
- Fulfill and manage subscriptions, purchases, payments, and account administration.
- Fulfill any other purpose for which you provide it.
- Provide you with notices about your account or subscription, including expiration and renewal notices.
- Improve our Services, including by analyzing your information and creating aggregated data derived from your information to develop, maintain, analyze, improve, optimize, measure, and report on our Services and their features and how users interact with them.
- Communicate with you about our Services, business, and offerings.
- Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- Notify you when Services updates are available and about changes to any products or services we offer or provide through them.
- Facilitate authorized access to your stored estate planning documents by individuals you have designated through the Services, including verifying the identity and authorization of such designated individuals.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
The usage information we collect, whether connected to your personal data or not, helps us improve our Services and deliver a better and more personalized experience by enabling us to:
- Estimate our audience sizes and usage patterns.
- Store information about your preferences, allowing us to customize the Services according to your individual needs and interests.
- Speed up your searches.
- Recognize you when you return to our Services.
We may also use your information to contact you about products or services that may be of interest to you. If you do not want us to use your information in this way, please adjust your user preferences in your account profile. For more information, see Your Rights and Choices About Your Information.
Where we collect general location information, we use it to deliver and improve our Services, ensure compliance with applicable laws based on your jurisdiction, and detect and prevent unauthorized access and fraudulent activity. Where you have enabled and consented to the collection of precise geolocation information, we may use it to support account security and access verification. We do not use location information for targeted advertising or marketing purposes.
To Whom We Disclose Your Information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may also disclose personal data that we collect or you provide as described in this privacy policy:
- To contractors, service providers, and other third parties we use to support our organization and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of DoveLock LLC’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by DoveLock LLC is among the assets transferred.
- To fulfill the purpose for which you provide it. For example, if you designate an individual to access your estate planning documents through the Services, we will share the relevant documents and related information with that individual upon verification of their identity and in accordance with the access permissions you have established.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
- To individuals you have designated through the Services as authorized to access your stored estate planning documents, subject to identity verification and the access permissions you have configured upon presentation of satisfactory legal documentation, such as a death certificate or court order.
We may also disclose your personal data:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce or apply our Terms of Use and other agreements, including for billing and collection purposes.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our organization, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
The categories of personal data we may disclose include:
- Account and contact information.
- Payment information.
- Account history, including information about your subscription, account, transactions, purchases, order history, or discounts.
- Demographic information.
- Location information.
- Device information.
- Content and information you elect to provide to us, including uploaded estate planning documents and related files, to your designated recipients.
- Images, voice recordings, and videos collected or stored in connection with the Services, if you have consented to such information collection.
- Identity document information, account login credentials (including usernames and passwords for financial and non-financial accounts), and payment credentials including credit card and debit card information.
Your Rights and Choices About Your Information
This section describes mechanisms you can use to control certain uses and disclosures of your information and rights you may have under state law, depending on where you live.
Advertising, marketing, cookies, and other tracking technologies choices:
- Cookies and Other Tracking Technologies. You can set your browser to refuse all or some browser cookies or other tracking technology files, or to alert you when these files are being sent. If you disable or refuse cookies or similar tracking files, some Services features may be inaccessible or not function properly. Some browsers include a “Do Not Track” (DNT) setting that can send a signal to the online services you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our Services may not respond to all browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described in this policy.
- Promotions by the Company. If you do not wish us to use your information to promote our own products or services, you can opt out by adjusting your account settings or by clicking the unsubscribe link included in any marketing email we send you. All commercial email communications we send comply with the CAN-SPAM Act and will include a clear and conspicuous mechanism to opt out of future marketing messages. Please note that even if you opt out of marketing communications, we will continue to send you transactional and administrative messages related to the Services, such as notices about your subscription, security alerts, and updates to this policy.
Our Privacy Commitments to You
As a matter of policy and as part of our commitment to your privacy, we voluntarily extend the following rights to all users of our Services, regardless of where you live:
- Access and Data Portability. You may request confirmation of whether we process your personal data and ask for a copy of the personal data we hold about you. Where feasible, we will provide data in a portable format.
- You may ask us to correct inaccuracies in your personal data, and we will make reasonable efforts to do so taking into account the nature of the information and how it is used.
- You may ask us to delete personal data we hold about you. We will honor such requests where we are able to do so within thirty (30) days of receiving a verifiable request, though in some cases we may need to retain certain information for legitimate operational, legal, or safety reasons.
DoveLock does not engage in automated decision-making or profiling that produces legal or similarly significant effects concerning users. If you have any questions about how your personal data is used in connection with automated processes, please contact us using the information in the Contact Information section below.
To exercise any of these rights, please contact us using the information provided in the Contact Information section below. To appeal a decision regarding a consumer rights request, please submit a written appeal to the same contact address, and we will respond within the timeframe required by applicable law.
Authorized Agents and Legal Representatives. Given the nature of DoveLock’s Services, privacy rights requests may be submitted by authorized agents and legal representatives on behalf of users in the following circumstances:
(ii) Upon a User’s Death. Following a user’s death, a Trusted Keeper may request access to, correction of, or deletion of the deceased user’s personal data.
(iii) Upon a User’s Incapacity. A Trusted Keeper may submit requests on behalf of an incapacitated user.
In all cases, any authorized access to a user’s account or stored documents will also be subject to the account holder’s in-product settings and designated access permissions, which take priority in accordance with applicable digital asset access laws as further described in our Terms of Use. We will respond to authorized representative requests within the timeframe required by applicable law and reserve the right to deny requests where we cannot verify the requester’s legal authority or where fulfilling the request would conflict with the account holder’s documented instructions.
Some browsers and browser extensions support the Global Privacy Control (“GPC”) that can send a signal to process your request to opt out from certain types of data processing, including data “sales” as defined under certain laws. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting as required by applicable law.
How We Protect Your Personal Data
We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. In compliance with the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act, we implement and maintain reasonable safeguards to protect the security, confidentiality, and integrity of private information, including measures appropriate to the size and complexity of our business, the nature and scope of our activities, and the sensitivity of the personal information we collect. Our security program includes designating one or more employees to coordinate our data security practices, identifying reasonably foreseeable internal and external risks to the security of personal data, assessing the sufficiency of existing safeguards to control identified risks, training our personnel in security program practices and procedures, selecting service providers capable of maintaining appropriate safeguards and requiring those safeguards by contract, and adjusting our security program in light of business changes or new circumstances. Given the sensitive nature of estate planning documents entrusted to us, we employ encryption both in transit and at rest, access controls, and regular security assessments as part of our safeguards. However, no website, mobile application, system, electronic storage, or online service is completely secure, and we cannot guarantee the security of your personal data transmitted to, through, using, or in connection with the Services. In particular, email, texts, and chats sent to or from the Services may not be secure, and you should carefully decide what information you send to us via such communications channels. Any transmission of personal data is at your own risk.
The safety and security of your information also depends on you. You are responsible for taking steps to protect your personal data against unauthorized use, disclosure, and access, including maintaining the confidentiality of your account credentials. In the event of a security breach involving your personal data, we will notify affected individuals and applicable government authorities in compliance with all applicable state and federal breach notification laws. As required by the New York SHIELD Act, we will provide notification to affected New York residents and the New York State Attorney General in the most expedient time possible and without unreasonable delay. We will similarly comply with the breach notification requirements of any other applicable state law based on the state of residence of affected individuals, which may impose varying notification timeframes, content requirements, and regulatory reporting obligations. In all cases, we will endeavor to notify affected no later than thirty (30) days following our discovery of a breach, to the extent permitted by law enforcement and applicable law. Given the highly sensitive nature of the personal data we maintain, we treat all potential security incidents with the highest priority.
DoveLock operates in the United States, and your personal data is stored on servers located in the United States. However, our third-party service providers and infrastructure vendors, including those providing cloud hosting, storage, and related technical services, may process your personal data in jurisdictions other than the jurisdiction in which it is stored. This means that even where your data is stored in the United States, it may be accessed or processed in another country or region in connection with the operation, maintenance, or security of our Services. By using the Services, you acknowledge that your personal data may be subject to processing in jurisdictions whose data protection laws may differ from those of your state or country of residence. We require all such vendors to maintain appropriate data protection obligations by contract and to process your personal data only as necessary to provide services to DoveLock.
How We Retain Your Personal Data
We keep the categories of personal data described in this policy for as long as reasonably necessary to fulfill the purposes described or for as otherwise legally permitted or required, such as maintaining the Services, operating our organization, complying with our legal obligations, resolving disputes, and for safety, security, and fraud prevention. Estate planning documents and related files uploaded to the Services will be retained for as long as your account remains active. Please note that deletion of your personal data and account is not automatic – data is not deleted upon account cancellation, inactivity, or the death of an account holder without an affirmative deletion request. In the event of account holder death or incapacity, retention and access will be governed by the account holder’s explicit in-product settings, if any. If no settings or instructions have been provided, DoveLock may, in its discretion and upon receipt of reasonable documentation, retain, provide in portable format, restrict access to, or delete the account and its associated stored documents. You, or your authorized representative, must submit an affirmative deletion request in order for your personal data to be deleted. You may request deletion of your account and associated data at any time, subject to legal retention requirements. This means that we consider our legal and business obligations, potential risks of harm, and nature of the information when deciding how long to retain personal data. At the end of the applicable retention period, personal data will be deleted, destroyed, or deidentified.
Changes to Our Privacy Policy
We may update this policy from time to time, and we will provide notice of any such changes to the policy as required by law. The date the privacy policy was last updated is identified at the top of the page. We will notify you of changes to this policy by updating the “last updated” date and posting the updated policy on the Services. We may email or otherwise communicate reminders about this policy, but you should check our Services periodically to see the current policy and any changes we have made to it. This Privacy Policy is incorporated into and governed by DoveLock LLC’s Terms of Use. If there is a conflict between this Privacy Policy and the Terms of Use, the Terms of Use control to the extent permitted by law.
Contact Information
To exercise your rights or ask questions or comment about this privacy policy or our privacy practices, contact us at:
DoveLock LLC, PO Box 758, Lake Katrine, NY 12449, or by email at privacy@dovelock.com
To register a complaint or concern, please contact us at the address or email listed above. We will investigate and respond to your complaint within thirty (30) days.

