Data we collect

We collect your name, email address, and payment information (processed via Stripe — we never store card numbers). We also store the content you create, and anonymised, aggregated usage analytics that cannot be traced back to you individually.

Encryption

All content is encrypted at the point of upload using AES-256 encryption. Encryption keys are not accessible to Lockets staff under normal operating conditions. Your messages, voice recordings, and media cannot be read by us.

We do not sell your data

Lockets.app does not sell, rent, license, broker, or otherwise transfer personal data to any third party for commercial purposes. This commitment is absolute and unconditional. We do not use your data for advertising. We do not share your data with data brokers. We do not permit third-party tracking on this platform.

Data we never collect

We do not collect browsing history, precise location data, device identifiers for advertising purposes, or any data from your contacts beyond what you explicitly provide when inviting someone to your circle.

Law enforcement

Where a lawful court order, warrant, or statutory demand requires us to provide data, we will comply with applicable law. Where legally permitted, we will notify you before complying. All such requests are logged and reviewed by legal counsel. Because content is end-to-end encrypted, compelled disclosure may yield only encrypted data that we cannot decrypt.

Content moderation

Automated keyword filtering screens all content for indicators of violence, self-harm, sexual exploitation of minors, and illegal activity before storage. Flagged content is reviewed by a trained human moderator within 24 hours. No automated removal occurs without human review except in cases of critical safeguarding concern.

Data retention

Your content is stored for the duration of its lock period plus 10 years beyond the unlock date, or until you request deletion. Accounts inactive for 20 years with no sealed capsules are archived and may be deleted after notice to your registered email address.

100-year archival commitment

Sealed capsules are replicated across geographically distributed encrypted storage. We maintain a continuity trust structure designed to honour this obligation even if the company changes ownership, ceases trading, or undergoes restructuring. Beneficiaries will be notified of any material changes to this commitment.

Third-party services

We use Stripe for payment processing, Resend for email delivery, and Supabase for database and storage infrastructure. Each of these services has its own privacy policy. We share only the minimum data necessary with each provider to deliver our service.

Your rights

You have the right to access, correct, or delete your personal data at any time. You may request a full export of your data by contacting hello@lockets.app. Deletion requests for sealed capsules are subject to the terms described in our Terms of Service.

Cookies

We use only essential session cookies required to keep you logged in. We do not use advertising cookies, tracking pixels, or any third-party analytics that identify you personally.

Children

lockets.app is not intended for users under 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us immediately at hello@lockets.app.

Contact

For all privacy-related enquiries, data requests, or concerns: hello@lockets.app

🔐 lockets.app is committed to being a private, honest, and trustworthy platform. Your words are yours. Your memories are yours. We are simply the vault.