Privacy Policy

Account Information

When you create an account, we collect your full name, email address, and a hashed version of your authentication credentials. Your master password is never transmitted to or stored on our servers — it is used exclusively on your device to derive encryption keys.

Encrypted Vault Data

All vault items (passwords, financial accounts, documents, messages, and other sensitive information) are encrypted client-side using AES-256-GCM before being transmitted to our servers. We store only the encrypted ciphertext. Due to our zero-knowledge architecture, we cannot read, access, or decrypt your vault data under any circumstances.

Payment Information

When you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not store your credit card number or full payment details. We only receive and store a Stripe customer identifier, subscription status, and basic transaction metadata (plan type, billing period, payment status).

Usage Data

We collect minimal technical data to maintain and improve our service, including: IP address (for security and fraud prevention), browser type and device information, pages visited and features used (aggregated, non-identifying), and check-in activity timestamps.

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Herentia service
• To process your subscription payments and manage your account
• To operate the check-in system and send verification notifications
• To deliver vault contents to designated beneficiaries when a release is triggered
• To send important service communications (security alerts, check-in reminders, account updates)
• To detect and prevent fraud, abuse, and security threats

Herentia is built on a zero-knowledge architecture. This means your master password never leaves your device. All encryption and decryption happens locally in your browser or app. We derive encryption keys using PBKDF2 with 600,000 iterations, and each vault item is encrypted with its own unique key using AES-256-GCM.

As a result, Herentia employees, administrators, and systems cannot access your unencrypted data — even if compelled by legal process. We can only provide encrypted ciphertext, which is unreadable without your master password.

This also means that if you lose your master password, we cannot recover your data. This is a deliberate security design choice to ensure maximum protection for your information.

Your encrypted data is stored on secure, SOC 2-compliant infrastructure provided by Supabase. All data is encrypted at rest and in transit.

We implement multiple layers of security, including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption at rest for all database storage
• Client-side zero-knowledge encryption for all vault data
• Regular security audits and penetration testing

We use a limited number of trusted third-party services to operate Herentia. Each has been selected for its security standards and compliance certifications:

Supabase

Supabase provides our database infrastructure and authentication services. They are SOC 2 Type II compliant. Your encrypted vault data is stored on Supabase infrastructure. They do not have access to your decryption keys.

Stripe

Stripe handles all payment processing. They are PCI DSS Level 1 compliant — the highest level of payment security certification. We never see or store your full card number. Stripe's privacy policy governs their use of your payment data.

Resend

Resend is our email delivery service, used to send check-in reminders, release notifications, and account communications. They process only your email address and the content of transactional emails. They do not have access to your vault data.

We retain your account information and encrypted vault data for as long as your account is active. If you cancel your subscription, your data is retained for 30 days to allow for reactivation, after which it is permanently deleted.

You may request complete deletion of your account and all associated data at any time through your account settings or by contacting us. Account deletion is irreversible and will be processed within 30 days.

Upon account deletion, all encrypted vault data, beneficiary configurations, check-in settings, and personal information are permanently removed from our systems and backups within 90 days.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate personal data
• Right to erasure: Request deletion of your personal data
• Right to data portability: Request an export of your data in a machine-readable format
• Right to restrict processing: Request that we limit how we use your data
• Right to object: Object to certain types of processing, including marketing communications

To exercise any of these rights, please contact us at contacto@axentia.com.mx. We will respond to all legitimate requests within 30 days. We may need to verify your identity before processing your request.

Herentia is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will promptly delete that information. If you are a parent or guardian and believe your child has provided personal information to us, please contact us at contacto@axentia.com.mx.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and, if you have an account, sending you an email notification. Your continued use of Herentia after changes become effective constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data practices, please contact us: