Back to Legal

Privacy Policy

How we collect, use, and protect your information.

Last updated: 15 January 2026

Introduction

Prepare That Day is a trading name of AGENTYAY LABS LTD (Company Number: 16624508), registered in England and Wales. Our registered address is 2nd Floor College House, 17 King Edwards Road, Ruislip, London, HA4 7AE.

We are committed to protecting your privacy. This policy explains how we handle your personal data when you use our service at preparethatday.com.

For any privacy-related questions, contact us at [email protected].

Our Zero-Knowledge Architecture

This is the most important part of our privacy approach. Prepare That Day uses end-to-end encryption with a zero-knowledge architecture. This means:

  • Your vault contents are encrypted on your device before being sent to our servers
  • We never have access to your encryption keys or password
  • We cannot read, access, or decrypt your vault data — even if legally compelled to do so
  • Only you (and trusted contacts you explicitly authorise) can decrypt your information

For full technical details, see our Security Architecture page.

Data We Collect

Account Information (Unencrypted)

We collect and can access:

  • Email address — for authentication and communication
  • Name — to identify you to your trusted contacts
  • Password hint — only if you choose to set one
  • Trusted contact details — names and email addresses of people you designate
  • Activity timestamps — when you sign in and when records are modified
  • Subscription status — your plan and payment status

Vault Data (Encrypted — We Cannot Access)

The following is encrypted client-side and stored as unreadable ciphertext:

  • All vault entries (financial records, medical information, final wishes, etc.)
  • Document contents and personal notes
  • Any sensitive information you store

Technical Data

We may collect:

  • Device identifiers for trusted device functionality
  • Browser type and version for compatibility
  • Error logs for debugging (never containing vault contents)

How We Use Your Data

We use your personal data to:

  • Provide and maintain the Prepare That Day service
  • Authenticate you and secure your account
  • Send essential service emails (account verification, access requests, security alerts)
  • Notify your trusted contacts when access is requested
  • Process subscription payments
  • Respond to your support requests
  • Comply with legal obligations

We do not:

  • Sell your personal data to third parties
  • Use your data for advertising or marketing profiling
  • Share your data with third parties for their marketing purposes
  • Use analytics or tracking cookies

Legal Basis for Processing (UK GDPR)

We process your data under the following legal bases:

  • Contract: Processing necessary to provide our service to you
  • Legitimate interests: Maintaining security, preventing fraud, improving our service
  • Legal obligation: Complying with applicable laws
  • Consent: Where you have given specific consent (e.g., optional communications)

Data Sharing and Third Parties

We share data only with:

  • Supabase: Our database and authentication provider (stores encrypted vault data and account information)
  • Vercel: Our hosting provider
  • Resend: Our email delivery service (receives email addresses for transactional emails only)
  • Payment processor: For subscription billing (receives only payment details, not vault data)

These providers act as data processors under our instruction and are contractually bound to protect your data.

Note: Because your vault data is encrypted client-side, even our service providers cannot access its contents.

Data Retention

  • Active accounts: Data retained while your account is active
  • Account deletion: Upon request, we delete your data within 30 days
  • Lapsed subscriptions: If your subscription lapses and is not renewed, we retain your data for 60 days before deletion, giving you time to reactivate
  • Service shutdown: If we ever cease operations, we will provide 30 days notice to export your data before secure deletion

Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Portability — receive your data in a portable format
  • Restriction — limit how we process your data
  • Objection — object to certain processing

To exercise these rights, contact us at [email protected]. You can also delete your account directly from your account settings.

Important: Due to our zero-knowledge architecture, we cannot provide copies of your encrypted vault data in readable form — only you can decrypt it.

International Data Transfers

Some of our service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Remember: your vault data is encrypted before it leaves your device, providing an additional layer of protection regardless of where it is stored.

Security

We implement industry-standard security measures including:

  • End-to-end encryption (AES-256-GCM) for all vault data
  • Secure key derivation (PBKDF2 with 600,000 iterations)
  • HTTPS encryption for all data in transit
  • Row-level security in our database
  • Non-extractable cryptographic keys for trusted devices

For technical details, see our Security Architecture.

Children's Privacy

Prepare That Day is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us immediately.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or through a notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

For privacy inquiries or to exercise your rights:

AGENTYAY LABS LTD (trading as Prepare That Day)

2nd Floor College House, 17 King Edwards Road

Ruislip, London, HA4 7AE

United Kingdom

Email: [email protected]

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.