ILTFY I Left This For You
Privacy Policy

How your data is handled

ILTFY is a digital legacy vault. This policy explains what we collect, how we store it, and who can see it.

Collection

What we collect

  • User profile — Name and email address, provided via Clerk authentication.
  • Vault metadata — Check-in interval, grace period, encryption mode, status timestamps.
  • Vault items — Text content, attached media files, and per-item metadata you create.
  • Recipients & verifiers — Names and contact info for people you designate.
  • Media files — Photos, documents, and other files you upload to your vault.
Storage

How data is stored

Structured data (vaults, items, recipients, verifiers) lives in Cloudflare D1, a distributed SQLite database. Media files are stored in Cloudflare R2 object storage. Both are managed within Cloudflare's infrastructure—there is no centralized cloud provider or third-party data warehouse.

Encryption

Three encryption modes

Each vault has an encryption mode chosen at creation. The mode determines what the server can see.

No encryption

Content stored in plaintext. The server can read it.

Server-side encryption

Content encrypted at rest with a server-managed key. Protects against raw storage access, but the server can decrypt if needed.

End-to-end encryption

A vault key is generated in your browser. Each recipient gets their own key, wrapped with the vault key using envelope encryption. The server stores only ciphertext and wrapped keys—it cannot decrypt your content. A recovery key is your only backup.

Third parties

Third-party services

  • Clerk — Authentication (sign-up, sign-in, session management). Clerk receives your email and name.
  • Cloudflare — Infrastructure (Workers, D1, R2). Hosts compute and storage.

That's it. No analytics services. No ad networks. No data brokers. No tracking pixels.

Automation

Automated processing

A cron job runs every 2 hours to check vault lifecycle states. It transitions vaults from active to grace (missed check-in), grace to triggered (grace period expired), and triggered to delivered (delivery complete). No human reviews this process—it's fully automated based on the intervals you configure.

Retention

Data retention

Your data persists until you delete it. There is no automatic expiration. Delivered items remain accessible to recipients indefinitely. If you delete your vault, all associated items, recipients, and verifiers are removed.

Access

Who can see what

  • Vault owner — Full access to all vault data, items, recipients, and verifiers.
  • Recipients — Can view only the items assigned to them, only after delivery is triggered.
  • Verifiers — Can confirm the vault owner's passing to trigger delivery. They cannot see vault contents.
Communication

No email sending

ILTFY does not send emails on your behalf. Invitations to recipients and verifiers are shared manually by you—via a link you copy and send yourself. We don't have access to your recipients' inboxes.

Security

Security measures

  • HTTPS everywhere—all traffic is encrypted in transit.
  • Scoped authentication—each request is verified against your session and vault ownership.
  • Encryption at rest—available via server-side or end-to-end modes.
  • No shared credentials—recipient and verifier access uses scoped, single-use invite tokens.
Your rights

Your rights

You can delete your account and all associated data at any time. If you need a data export, contact us—there is no self-serve export yet, but we will provide your data on request.

Contact

Get in touch

For privacy questions, data requests, or anything else: hello@stereovoid.com