Privacy Policy

MyVota is operated by Appdromeda Technologies Inc. (“we,” “us,” or “our”). MyVota is a digital legacy application that helps you document important life information and messages for your loved ones. This Privacy Policy explains how we collect, use, and protect your personal information when you use our web application at myvota.com (the “Service”).

By using MyVota, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

Account Information

When you sign in with Google, we receive your name, email address, and profile identifier from Google. We do not receive or store your Google password.

Legacy Plan Data

You provide the content of your legacy plan, which may include contacts, financial account details, device information, personal messages, custom notes, and file attachments. This data is stored in our database and associated with your account.

Private Messages

Private messages are encrypted using AES-256-GCM encryption before storage. The encrypted content is stored in our database. Encryption and decryption occur server-side using keys derived from a master key stored in a secure secret manager. We cannot read the content of your encrypted messages.

Usage Information

We collect basic usage and technical data (for example, login timestamps, page activity, and performance telemetry) to operate, secure, and improve the Service. We use this information in aggregate where possible.

• To provide and maintain the Service, including storing your legacy plan
• To authenticate your identity when you sign in
• To facilitate the trusted person access system, including sending invitation and access request emails
• To deliver private message notifications to your designated recipients
• To send you important account notifications (access requests, invitation updates)
• To process account deletion requests

We do not sell, rent, or trade your personal information. We share information only in these limited circumstances:

• Trusted Person Access: When you invite a trusted person and they are granted access, they can view your legacy plan (excluding private messages). This is a feature you control and initiate.
• Private Message Recipients: Private messages are delivered only to the specific email addresses you designate. Recipients must sign in to view the decrypted content.
• Service Providers: We use third-party providers to operate the Service, including Supabase (database, storage, and authentication), Vercel (hosting and performance analytics), Google (OAuth sign-in), and AWS SES (transactional email). These providers process data on our behalf and are bound by their own privacy policies.
• Legal Requirements: We may disclose information if required by law, court order, or governmental authority.

We take security seriously and implement the following measures:

• Private messages encrypted with AES-256-GCM using a two-key system
• Encryption keys derived server-side — never stored alongside encrypted data
• Master encryption key stored in a secure secret manager
• All data transmitted over HTTPS/TLS
• Authentication via Google OAuth 2.0 (we never handle your password)
• File attachments limited to 25 MB per file and 100 MB per plan

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

Your data is retained as long as your account is active. You can delete your entire account at any time from the Settings page. When you delete your account:

• All legacy plans, messages, contacts, accounts, devices, and notes are permanently deleted
• All file attachments are permanently deleted from storage
• All trusted person invitations you sent are removed
• All access requests associated with your account are removed
• A deletion confirmation email is sent to your email address
• Your trusted persons are notified that your plan is no longer available

Deletion is immediate and permanent. We do not retain backups of deleted accounts.

You have the right to:

• Access and review all data stored in your account through the app
• Edit or update any information in your legacy plan at any time
• Delete your account and all associated data at any time
• Revoke trusted person access at any time
• Unsubscribe from non-essential email notifications

MyVota is not intended for users under the age of 18. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

Depending on your location, your information may be processed in countries other than your own by us or our service providers. Where required, we rely on appropriate safeguards for cross-border transfers.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or your data, contact us at privacy@appdromeda.com.

For company contact details, visit appdromeda.com.