Privacy promise.

Last updated 15 May 2026

Efterlad ApS (CVR 44 12 89 03, Store Regnegade 12, 1110 Copenhagen, Denmark) is the data controller for the personal information you give us when you use Efterlad. This page explains what we collect, why, where it lives, and the rights you have under the GDPR.

The short version: we collect only what we need to deliver your archive to the people you choose. We never sell or share your data for advertising. Your files are encrypted at rest and stored inside the European Union.

What we collect

From you, the account holder

  • Your email address (required, the primary way you sign in).
  • Your full name, optionally your phone number, optionally your date of birth.
  • Your preferred language (English or Danish).
  • The files and writing you place in your archive: letters, photographs, voice notes, video.
  • The recipients you choose and the contact details you give us for them.
  • Billing information handled by our payment provider (we never see or store your full card number).
  • Technical information necessary to run the service: a session cookie, the date you last signed in, basic request logs.

About recipients

When you add a recipient, we store the contact details you provide (typically an email address and optional phone or postal address). Recipients have no Efterlad account and we do not contact them while you are still here. We only reach out to a recipient when your archive is released after you have passed.

Why we collect it

Our legal basis for processing your personal information is the contract between you and Efterlad (Article 6(1)(b) GDPR). We need the data above to deliver the service you signed up for: to store your archive, to confirm you are still here once a year, and, when the time comes, to deliver your archive to the people you chose.

Recipient contact details are processed on the basis of our legitimate interest in fulfilling your wishes (Article 6(1)(f)) and only used at the moment of release.

Where it lives

All personal data is stored inside the European Union.

  • The database and authentication system live on secure servers in Frankfurt, Germany.
  • Your files are encrypted at rest with AES-256 and held in European object storage.
  • Encrypted backups are written daily to a separate, physically isolated data centre in Germany.
  • The application itself runs on EU infrastructure.

A small number of our partners are based outside the EU (notably our payment processor and our email delivery service). When we transfer personal data to them we rely on the European Commission's Standard Contractual Clauses (SCCs). The full list of our infrastructure partners is at the bottom of this page.

How long we keep it

We keep your account and your archive for as long as your subscription is active. If you ask us to close your account, we delete your archive after a 30-day grace period (so an accidental close can be undone). Billing records may be kept for up to seven years to meet Danish bookkeeping law.

After your archive is released to your recipients, we keep the release records and minimal audit information for as long as is needed to resolve any later question about delivery.

Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct anything that is inaccurate or out of date.
  • Delete your account and archive (subject to the bookkeeping retention noted above).
  • Receive your data in a portable format (your archive is downloadable as an encrypted bundle at any time).
  • Object to or restrict our processing of your data.
  • Complain to the Danish Data Protection Agency (Datatilsynet) if you believe we have not handled your data correctly.

To exercise any of these rights, write to hi@efterlad.com. A person reads every message and we respond within a day.

Security

All connections to Efterlad are protected with TLS. Files are encrypted with AES-256 at rest, and database access is gated by row-level security so the application can only read your archive through your authenticated session. Backups are written daily to a separate provider and encrypted with a key held outside the primary infrastructure.

Efterlad is not end-to-end encrypted. The core promise of the service is that we deliver your archive to the recipients you have chosen after you have passed, and that delivery is not possible if only you hold the decryption keys. In practice this means that we, as a small operational team, have administrative access that could in principle let us read what you have stored. We have built strict policy around what we do with that access, and we publish it openly so we can be held to it.

Our access policy. No member of the Efterlad team opens, reads, or browses the contents of your archive. The only access path that exercises decryption is the automated delivery system, which runs when the death-trigger fires and releases your archive to the recipients you chose. That system is operated by code, not by a person looking at your files.

If you contact us for support, our team can see file metadata (names, sizes, timestamps, recipients) to help you, but we will not open the files themselves except at your explicit written request, and only the specific file you ask us to. Every administrative access event is logged on the database layer, retained for audit, and reviewable by our legal trustee, Aumento Law Firm.

We never use your archive for analytics, advertising, or any purpose other than the one you signed up for. We also do not sell, share, or rent your contents to anyone, ever. The only people who will ever see what you placed inside are the recipients you chose, on the day the archive opens.

If you lose access to your email and your verified phone number, we recover your account by hand through identity verification, confirming who you are, not reading what you have stored.

If Efterlad ever closes

Efterlad has partnered with Aumento Law Firm in Denmark as our legal trustee. If anything ever prevents us from operating, Aumento holds emergency credentials and acts on our behalf: making your archive available for you to download and keep, and where needed continuing the platform's promise so your capsules still reach the right hands.

Contact

For anything privacy-related, write to hi@efterlad.com.

Sub-processors

To deliver our service, Efterlad ApS securely transfers necessary data to the following infrastructure partners. If we add a new partner or replace one of these, we update this list and notify account holders by email at least 30 days before the change takes effect, except where a security or regulatory reason requires faster action.

  • Supabase (Germany): database hosting and user authentication.
  • Fly.io (Germany): application server hosting.
  • Hetzner (Germany): encrypted backup storage.
  • Stripe (Ireland / USA): secure payment processing and billing.
  • Resend (USA): delivering transactional emails, including the annual check-in.
  • Bird (Netherlands): delivering SMS verification codes and reminders.
  • Meta (Ireland / USA): the Facebook and Instagram advertising pixel, used only to measure whether a visit came from one of our ads. It never receives anything from inside your archive.

Transfers to partners outside the EU are protected by the European Commission's Standard Contractual Clauses (SCCs). None of these partners are authorised to use your personal data for their own purposes.