dmskey.comAn inheritance vault for self-custody

Privacy Policy

Last updated: 29.05.2026

This Privacy Policy explains how VALERY GROMOV ("DMS", "we", "us", "our") collects, uses, stores, and shares personal data when you use dmskey.com and related services.

DMS is built to minimize what we can see. Vault creation, recovery, and verification happen in your browser. We do not receive your plaintext vault contents, recovery shares, or decryption keys through our standard product flow.

1. Who we are

Controller:

  • VALERY GROMOV
  • Tax ID (NIP): 7831898504
  • ks. Jakuba Wujka 7a, apart 11, 61-581 Poznan, Poland
  • support@dmskey.com

If you have privacy questions or want to exercise your rights, contact us at support@dmskey.com.

2. What this policy covers

This policy applies to:

  • visitors to dmskey.com;
  • customers who buy a paid DMS plan or add-on;
  • users who contact us for support;
  • users who enable optional analytics;

3. Data we collect

We may collect the following categories of personal data.

A. Information you provide directly

  • Contact details such as your email address when you buy a plan, request license recovery, or contact support.
  • Information you enter into purchase or recovery-related forms.
  • Any messages or attachments you send to support.

B. Transaction and account-linked metadata

  • Stripe checkout and payment metadata, such as transaction identifiers, purchased plan, payment status, and billing-related references.
  • License and entitlement records, including lookup tokens, entitlement status, and activation-related references.
  • Recovery or restore metadata needed to confirm a prior purchase.

C. Technical and service-use data

  • Server logs and operational metadata such as timestamps, request IDs, coarse-grained event types, and basic device or browser information needed for security and reliability.
  • Audit events that record product operations at a high level.

D. Optional analytics data

If you explicitly enable analytics, we may collect limited pseudonymous usage data such as page visits, button clicks, and feature usage. We aim to avoid collecting vault contents or other sensitive text through analytics and use client-side filtering to suppress keys that could carry secret material.

4. Data we do not intend to collect through the normal product flow

Under the normal DMS flow, we do not collect:

  • plaintext vault contents;
  • recovery shares;
  • the decryption key;
  • seed phrases or passwords submitted to our server for processing.

If you send sensitive information to support outside the intended product flow, you do so at your own discretion.

5. Why we use personal data

We use personal data to:

  • provide the website and core service;
  • process purchases and deliver entitlements;
  • restore a purchase or help verify a prior transaction;
  • maintain security, prevent abuse, and investigate incidents;
  • respond to support requests;
  • measure product usage if you explicitly opt in to analytics;
  • comply with legal obligations and enforce our terms.

6. Legal bases for processing

Where the GDPR or similar laws apply, we rely on one or more of the following legal bases:

  • performance of a contract, such as providing purchased features, entitlement resolution, or account-related support;
  • legitimate interests, such as fraud prevention, service security, debugging, and keeping the service reliable;
  • consent, where required, such as optional analytics or certain communications;
  • compliance with legal obligations.

Where we rely on legitimate interests, those interests generally include running a secure, privacy-conscious digital inheritance product, preventing misuse, and maintaining records necessary to support purchases and service integrity.

7. Analytics and consent

Analytics are optional and should remain off unless you choose to enable them. If you enable analytics, we may use a pseudonymous identifier and analytics storage technologies to understand product usage.

You can withdraw analytics consent at any time through the in-app Settings page (Privacy & analytics → "Disable analytics").

8. How long we keep data

We keep personal data only as long as reasonably necessary for the purposes described above, including legal, accounting, security, and support needs.

Typical retention periods:

  • purchase and billing records: 7 years (kept to meet bookkeeping and tax obligations);
  • entitlement and license records: for as long as the license is valid, plus up to 24 months after expiry for support, refund-window, and fraud-prevention reasons;
  • support correspondence: 24 months;
  • security and audit logs: 90 days;
  • optional analytics events: 13 months.

If we no longer need data, we will delete it or de-identify it where feasible.

9. Who we share data with

We may share personal data with:

  • payment providers, including Stripe;
  • hosting, infrastructure, and storage providers;
  • analytics providers, if you opt in;
  • email or communications providers, if reminder or support features are enabled;
  • advisers, auditors, insurers, or professional service providers;
  • courts, regulators, law enforcement, or other third parties when required by law or needed to protect rights, safety, or security.

We do not sell your personal data for money.

We do not share plaintext vault contents because the service is designed not to receive them in the normal flow.

10. International transfers

Your personal data may be processed in countries other than your own, including countries outside the European Economic Area, the United Kingdom, or Switzerland, depending on our service providers.

Where required by law, we use appropriate safeguards for such transfers, such as adequacy decisions, standard contractual clauses, or comparable mechanisms.

For details on transfer mechanisms or to request a copy of relevant safeguards, contact support@dmskey.com.

11. Your rights

Depending on where you live, you may have rights to:

  • access your personal data;
  • correct inaccurate data;
  • delete data;
  • restrict or object to certain processing;
  • withdraw consent;
  • request portability;
  • complain to a supervisory authority or regulator.

California and certain U.S. state residents may have additional rights, including rights to know, delete, correct, and limit certain uses of sensitive personal information, subject to applicable exceptions.

To exercise your rights, email support@dmskey.com from the address you used at checkout (or from any address, including a clear reference to the order or license id). We may need to verify your identity before acting on your request.

12. Security

We use technical and organizational measures designed to protect personal data. These may include encryption in transit, access controls, signed entitlements, structured logging practices, and data-minimization choices in product architecture.

No service can guarantee absolute security. You remain responsible for how you store printed materials, who receives recovery shares, and whether the people you designate can safely participate in recovery.

13. Children

DMS is not intended for children under 16, and we do not knowingly collect personal data from children through the service.

14. Third-party services

The service may link to or rely on third-party services such as Stripe. Their privacy practices are governed by their own notices and policies.

15. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date and, where required, provide additional notice.

16. Contact

Privacy contact:

  • VALERY GROMOV
  • Tax ID (NIP): 7831898504
  • ks. Jakuba Wujka 7a, apart 11, 61-581 Poznan, Poland
  • support@dmskey.com