Privacy notice
How D3 handles your information.
D3 holds some of the most sensitive information in your life. We treat that as a sacred responsibility, and the architecture of the app reflects it.
What we collect
- Your email address (for sign-in via magic link or Google OAuth)
- Your name, when you provide it
- The information you choose to enter into D3, names, dates, contacts, accounts, wishes
- Documents you upload (stored privately in our object store, accessible only to you)
- Standard server logs (IP, user agent, timestamps) for abuse prevention
- Sign-in activity: every successful sign-in records timestamp, IP, approximate location (city / region / country from your network), a friendly device + browser hint, and which sign-in method was used. You can review this from your settings. Records are kept for 180 days and then automatically purged.
What we do not collect
- Your encryption passphrase — it never leaves your device
- The contents of your D3 records or uploaded documents, for the purpose of building an advertising profile about you
- Anything we don’t need
How we secure it
See our security page for the full technical breakdown. In short: row-level isolation in Postgres, AES-GCM-256 client-side encryption for sensitive fields, HTTPS everywhere, and signed time-limited URLs for document access.
Who we share with
We share the minimum necessary with the following processors:
- Supabase: database, authentication, and file storage. Your encrypted fields remain unreadable even to Supabase, because the encryption key never leaves your device.
- Vercel: application hosting and content delivery.
- Google: only if you choose “Sign in with Google.” We receive only the email address and name on your Google account.
- Anthropic: only when you explicitly use the document scanning feature, and only for the specific document you scanned. The file is sent via a 60-second signed URL and is not retained by Anthropic per their privacy policy.
- Google AdSense: D3 displays advertisements inside the signed-in app to help cover hosting and operating costs. AdSense never receives your D3 records, uploaded documents, or client-side-encrypted fields — only the standard signals your browser sends to any website (IP address, user agent) and the URL of the page the ad is rendered on. See “Advertising” below for more.
We never sell your personal information. If we ever sell or share aggregated, fully de-identified statistics (e.g. count of users in a given state who have set up an advance directive), we’ll list that here first and never tie it back to an individual.
Advertising
D3 is free during the beta and we intend to keep the core experience free forever. Hosting, OCR credits, and email delivery are paid for partly by donations and partly by small ads served by Google AdSense in a handful of fixed spots inside the signed-in app. There are no ads on the marketing site, the sign-in page, or the privacy / terms / security pages.
AdSense is a third party and may use cookies, web beacons, and similar technologies to serve ads that are more relevant to you based on your prior visits to D3 and other sites. We do not share the contents of your records or documents with AdSense, and AdSense never gets access to your encryption passphrase or any field encrypted with it.
You can opt out of personalized advertising from Google at Google’s Ads Settings or, for any participating network, the Digital Advertising Alliance opt-out. Opting out doesn’t remove ads, just the personalization layer. Third-party vendors, including Google, use cookies to serve ads based on a user’s prior visits to this site or other sites.
Your rights
You may export, modify, or delete your data at any time through your account settings. The Download my D3 (JSON or PDF) option in the gear menu produces a complete decrypted snapshot of every record we hold for you. Encrypted fields are decrypted on your device before the file is written, so you always own the readable copy.
Deleting your account permanently removes your records and uploaded documents from our systems within 30 days.
Breach notification
If we discover a security incident that may have exposed your personal information, we will notify affected users by email within 72 hours of confirming the scope of the incident. The notice will describe what was accessed, what we’re doing about it, and what you can do to protect yourself. We’ll also notify the relevant state authorities where required by law.
Note that fields encrypted with your passphrase (SSNs, account numbers, passwords, PINs, security codes) remain unreadable even if the database itself were exposed. The decryption key never leaves your device.
Children
D3 is intended for adults handling estate-planning information. We do not knowingly collect data from anyone under 13.
Changes to this notice
We’ll update the “Last updated” date below whenever this notice changes. Material changes will also be communicated to you by email at the address on file.
Contact
Privacy questions: privacy@flagship.is.
Last updated: 2026-05-07.