How D3 handles your information.

• Your email address (for sign-in via magic link or Google OAuth)
• Your name, when you provide it
• The information you choose to enter into D3 — names, dates, contacts, accounts, wishes
• Documents you upload (stored privately in our object store, accessible only to you)
• Standard server logs (IP, user agent, timestamps) for abuse prevention

• Your encryption passphrase — it never leaves your device
• Behavioural advertising or third-party analytics that identify you personally
• Anything we don’t need

See our security page for the full technical breakdown. In short: row-level isolation in Postgres, AES-GCM-256 client-side encryption for sensitive fields, HTTPS everywhere, and signed time-limited URLs for document access.

We share the minimum necessary with the following processors:

• Supabase — database, authentication, and file storage. Your encrypted fields remain unreadable even to Supabase, because the encryption key never leaves your browser.
• Vercel — application hosting and content delivery.
• Google— only if you choose “Sign in with Google.” We receive only the email address and name on your Google account.
• Anthropic — only when you explicitly use the document scanning feature, and only for the specific document you scanned. The file is sent via a 60-second signed URL and is not retained by Anthropic per their privacy policy.

We never sell your data.

You may export, modify, or delete your data at any time through your account settings. Deleting your account permanently removes your records and uploaded documents from our systems within 30 days.

D3 is intended for adults handling estate-planning information. We do not knowingly collect data from anyone under 13.

We’ll update the “Last updated” date below whenever this notice changes. Material changes will also be communicated to you by email at the address on file.

Privacy questions: privacy@flagship.is.