Legal

Privacy Policy

Last updated: May 20, 2025

1. Introduction

Nokslock ("we," "our," or "us") operates a digital vault platform that allows users to securely store passwords, payment cards, cryptocurrency keys, files, and manage digital inheritance through a Dead Man's Switch feature. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • First and last name
  • Phone number
  • Authentication credentials (password hash — we never store your plaintext password)

2.2 Next of Kin Information

If you configure a Next of Kin (NOK) for the Dead Man's Switch feature, we collect their full name, email address, alternate email, phone number, and NIN. This information is encrypted server-side before storage and is only used to facilitate the digital inheritance process you configure.

2.3 Vault Data

All vault items (passwords, cards, crypto keys, files) are encrypted client-side before being transmitted to our servers. We use a zero-knowledge encryption architecture, which means:

  • Your Vault Key is generated in your browser and never sent to our servers
  • Your Master Password is used to derive an encryption key locally via PBKDF2
  • We store only the AES-GCM-wrapped version of your Vault Key
  • We cannot read, access, or decrypt your vault contents under any circumstances

2.4 Payment Information

Payments are processed by Paystack. We do not store your credit card numbers or bank account details. We retain only transaction references, plan type, and payment timestamps for billing records.

2.5 Usage Data

We automatically collect:

  • Login timestamps and session activity (for the Dead Man's Switch inactivity timer)
  • Device type and browser information
  • IP address

3. How We Use Your Information

  • Provide and maintain the service — authenticate your identity, render your encrypted vault, and process your requests
  • Dead Man's Switch — monitor heartbeat activity to determine inactivity thresholds and trigger the digital inheritance process when configured
  • Billing — process subscription payments and manage your plan
  • Notifications — send transactional emails (verification codes, password resets, NOK alerts, Dead Man's Switch warnings)
  • Security — detect and prevent unauthorized access, fraud, and abuse
  • Improvement — analyze usage patterns to improve the platform (we never analyze your encrypted vault data)

4. Data Storage and Security

Your data is stored on Supabase infrastructure with the following protections:

  • Encryption at rest — all database records are encrypted on disk
  • Encryption in transit — all communications use TLS/HTTPS
  • Zero-knowledge vault — vault contents are encrypted client-side with AES-256-GCM before transmission; we hold only ciphertext
  • Row-Level Security — database policies ensure users can only access their own data
  • Server-side escrow encryption — sensitive Dead Man's Switch data (NOK email, emergency key) is additionally encrypted with AES-256-CBC using a server-held escrow key

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only in the following limited cases:

  • Dead Man's Switch activation — when your configured inactivity threshold is reached, your Next of Kin receives access to the vault items you designated for sharing, along with the emergency key to decrypt them
  • Payment processing — transaction data is shared with Paystack to process payments
  • Legal obligations — we may disclose information if required by law, subpoena, or court order. However, due to our zero-knowledge architecture, we cannot provide decrypted vault contents even under compulsion

6. Data Retention

  • Active accounts — data is retained for the lifetime of your account
  • Deleted accounts — account data is permanently deleted within 30 days of account deletion
  • Payment records — billing records are retained for up to 7 years to comply with tax and financial regulations
  • Dead Man's Switch — NOK claim data and death certificates are retained for the duration of the claim process

7. Your Rights

You have the right to:

  • Access your personal data stored in your account settings
  • Correct inaccurate personal information
  • Delete your account and all associated data
  • Export your vault data at any time
  • Withdraw consent for optional data processing

8. Cookies

We use essential cookies only for authentication and session management. We do not use advertising or third-party tracking cookies.

9. Third-Party Services

  • Supabase — database hosting and authentication
  • Paystack — payment processing
  • Google OAuth — optional social sign-in

Each third-party service has its own privacy policy governing their use of your data.

10. Children's Privacy

Nokslock is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us at support@nokslock.com.