Legal

Privacy Policy

Last update: April 27, 2026

This page explains which personal data Daycade processes, why it is processed, and which technical limits apply when blockchain infrastructure is involved.

Help contact: contact@daycade.com

1. Data categories we process

Daycade processes only data needed to run the service, secure access, notify beneficiaries, and manage billing or abuse prevention.

  • Account data: email address and Google authentication metadata.
  • Vault operations data: wallet address, vault identifiers, timers, storage references, and audit events.
  • Beneficiary identity data stored off-chain: beneficiary email, optional secondary email, optional hint, and internal commitment material.
  • Operational logs: IP address, timestamps, delivery status, rate-limiting, and incident traces.
  • Billing data: Stripe customer, subscription, invoice, payment, and status references.

2. Why we process this data

We process personal data to provide the vault workflow, authenticate users, deliver service emails, detect abuse, and comply with legal obligations.

  • Account access and session security.
  • Vault creation, update, recovery, and notification workflows.
  • Email delivery, reminder, and recovery diagnostics.
  • Fraud prevention, incident response, and compliance.

3. External providers involved

Daycade relies on third-party infrastructure that may process part of your data under their own terms.

  • Google OAuth for authentication.
  • Sui network and RPC providers for on-chain contract state.
  • Walrus and related storage infrastructure for encrypted payload hosting.
  • Email delivery providers for reminder and claim messages.
  • Stripe for billing and payment events.
  • Hosting and infrastructure providers for runtime, logs, and monitoring.

4. Blockchain commitments and off-chain identities

Daycade now separates immutable blockchain commitments from erasable off-chain beneficiary identity records.

  • For new vaults and new beneficiary updates, Daycade stores on-chain only a cryptographic commitment derived from the beneficiary identifier and a beneficiary-specific server-side pepper.
  • The identifying beneficiary data itself is stored off-chain in an encrypted server-side record designed to support correction and erasure workflows.
  • Legacy test vaults created before this architecture may still rely on older pseudonymous hashes during the transition period.
  • A blockchain commitment is not directly readable as a beneficiary email or phone number without the off-chain mapping material controlled by Daycade.
  • When a vault is claimed, Daycade records on-chain a vault-scoped derived reference (sha3-256 of vault identifier combined with the beneficiary commitment), not the raw commitment. This prevents any third party from correlating the same beneficiary across different vaults by reading public chain events.

5. Right to erasure and technical limits

Daycade supports erasure of off-chain beneficiary identity data where legally and technically possible, but blockchain immutability creates structural limits.

  • When an erasure request is accepted, Daycade can delete the encrypted beneficiary identity record and destroy the beneficiary-specific off-chain mapping material used to re-identify that commitment.
  • The underlying on-chain commitment, vault transaction history, and blockchain events remain immutable and generally cannot be edited or deleted. This includes events such as vault creation, check-in records, and claim records, which contain the owner wallet address and timestamps.
  • After off-chain deletion, Daycade may no longer be able to match that on-chain commitment back to the beneficiary.
  • Identity verification may be required before a rights request is processed.

10. Third-party beneficiary data processing

When a Daycade user creates a vault and designates one or more beneficiaries, personal data relating to those beneficiaries is processed on the user's behalf.

  • Beneficiary data processed includes: email address or phone number (stored as a server-keyed cryptographic hash on-chain, and in an encrypted off-chain record for operational purposes), an optional secondary contact address, and an optional personal hint visible only after vault expiry.
  • By design, beneficiaries are not notified of their designation during the active life of the vault. This confidentiality is an intentional feature of the dead man's switch mechanism chosen by the vault owner.
  • The legal basis for this processing is the legitimate interest of the vault owner in ensuring that their digital estate is accessible to the right people in the event of incapacity or death.
  • Once the vault expires or is triggered, Daycade notifies the designated beneficiaries by email and grants them access according to the vault owner's configuration.
  • Beneficiaries may at any time contact Daycade to request information about data held about them, to request correction, or to request erasure, subject to the technical limits described in section 5 and the operational necessity of maintaining the vault workflow.

6. Security and encryption limits

Daycade uses encryption and operational safeguards, but no system can guarantee perfect security, permanent availability, or flawless delivery.

  • Encrypted design reduces risk but does not remove every technical vulnerability.
  • Incidents, software bugs, provider outages, attacks, or network failures can affect availability.
  • Daycade cannot guarantee perpetual accessibility, perfect email delivery, or recoverability in every scenario.

7. Retention periods

Data is kept only as long as needed for operational, contractual, security, accounting, and legal purposes, then deleted or anonymized where feasible.

  • Account and billing records may be retained for statutory and accounting obligations.
  • Security and audit logs may be retained to investigate fraud, abuse, or incidents.
  • Off-chain beneficiary identity records can be erased when no longer needed or when a valid request is accepted, subject to legal and security constraints.

8. Billing and payments

Payments are processed through Stripe. Daycade does not store full card numbers on its own servers.

  • Stripe manages payment instruments and payment compliance.
  • Daycade stores only the references and statuses needed to provide paid features.
  • Payment failures, disputes, or chargebacks can affect access to paid features.

9. How to exercise your rights

You may request access, correction, or deletion of off-chain personal data by contacting Daycade.

  • Requests should be sent to the support contact listed on this page.
  • Please include the wallet address or vault identifier relevant to your request when possible.
  • Daycade may refuse or limit a request where legal obligations, fraud prevention, or immutable blockchain records make full action impossible.