Data controller and Data Protection Officer
The controller of your data is the company that publishes and operates the Sucesio service. For any privacy-related question, you may contact our Data Protection Officer (DPO).
Data controller
Sucesio SA, public limited company, publisher of the Sucesio service (sucesio.io / app.sucesio.io). Registered office address available on request.
Data Protection Officer
To exercise your rights or for any question: dpo@sucesio.io. We commit to respond within one month at the latest.
Categories of data collected
To make the service possible, Sucesio collects the following categories of data, provided voluntarily by you:
- Identity data: surname, first name, date of birth, type and number of ID document.
- Contact data: email address, phone number, country of residence, preferred language.
- Estate data: inventory of your assets (bank accounts, real estate, crypto-assets, objects, intellectual property rights), liabilities (loans, debts), associated attachments.
- Data relating to your loved ones: name, email, phone, relationship of your heirs and your trusted contact. This collection is based on legitimate interest; you warrant that you have informed these people.
Purposes of processing
Your data is processed only for the following purposes:
- Provide you with the digital estate vault service: encrypted hosting, personal access, export, deletion.
- Run the post-mortem transmission protocol: periodic proof of life, escalation to the trusted contact, transmission to designated heirs after official validation of death.
- Manage your subscription, billing and customer support.
- Ensure the security of the service and prevent fraud: access logging, anomaly detection, immutable audit log.
- Send you, only with your prior, granular and revocable consent, optional communications: tips and best practices, product news, commercial offers. Each consent is independent of the others and can be withdrawn at any time from your personal area or from the unsubscribe link present in every email.
Legal basis for processing
In accordance with article 6 of the GDPR, each processing operation is based on one of the following legal bases:
- Performance of contract (art. 6.1.b): for service delivery, billing, authentication, transmission protocol.
- Consent (art. 6.1.a): for optional communications (monthly vault reminders, newsletters), revocable at any time.
- Legitimate interest (art. 6.1.f): for service security, fraud prevention, product improvement (without individual profiling).
- Legal obligation (art. 6.1.c): for the retention of audit logs for evidentiary and tax compliance purposes.
You may withdraw your consent at any time via your personal area or by writing to dpo@sucesio.io. This does not affect the lawfulness of processing carried out before withdrawal.
Recipients of data and processors
Your data is never sold or transferred to third parties for commercial purposes. It may be transmitted to the following recipients, strictly necessary for the provision of the service:
- Authorised Sucesio team: limited number of persons under confidentiality undertaking, with access limited to operations strictly necessary (support, compliance, manual validation of a death certificate).
- Processors (GDPR art. 28): Hetzner Cloud (Germany) for hosting, Scaleway (France) for encrypted backups, Resend for transactional emails, Clerk for authentication, Stripe for payments, Inngest for asynchronous tasks.
- Your designated heirs: only after your death, after official validation by our team and after the 30-day grace period.
- Public authorities: only upon judicial requisition or formally established legal obligation.
Transfers outside the European Union
Sucesio enforces a strict European hosting policy. No personal vault data is transferred outside the European Economic Area (EEA):
- Application servers: Hetzner Cloud, Germany (Nuremberg).
- Encrypted backups: Scaleway Object Storage, France (Paris).
- Database: self-hosted on our servers in Germany.
- Attachments (PDF, images, audio, video): stored encrypted on the same infrastructure.
Retention period
We keep your data only for as long as necessary for the purposes for which it was collected:
- Vault data: as long as your account is active.
- Post-deletion grace period: 30 days after your deletion request, to allow you to cancel.
- Effective deletion: after the 30 days, all your encrypted data is erased irreversibly.
- Anonymised audit logs: kept 10 years in France (article 2272 of the Civil Code) and 5 years in Spain, with no identifiable personal data.
- Billing data: 10 years in accordance with accounting and tax obligations.
- Post-mortem transmission data: data transmitted to heirs is deleted 30 days after full transmission.
Upon expiry of these periods, your data is securely erased or irreversibly anonymised.
Your rights and complaint procedure
Under GDPR, you have the following rights at any time: access (art. 15), rectification (art. 16), erasure (art. 17), restriction (art. 18), portability (art. 20) and objection (art. 21). The rights of access and erasure are directly accessible from your personal area, «Data & privacy» section of «My account».
If you reside in France
You may lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL): www.cnil.fr, 3 place de Fontenoy, 75007 Paris.
If you reside in Spain
You may lodge a complaint with the Agencia Española de Protección de Datos (AEPD): www.aepd.es, C/ Jorge Juan, 6, 28001 Madrid.
Technical security and human validation
Your most sensitive data (assets, messages, heir identifiers) is encrypted with the AES-256-GCM algorithm before any storage in the database. Each user's master key is itself protected by a threshold cryptographic protocol (Shamir 2-of-3), guaranteeing that no actor alone, including Sucesio, can access your data without the full transmission procedure. All connections are protected by strict HTTPS (TLS 1.3), strong authentication (password + optional but recommended TOTP 2FA).
Our differentiating commitment: validation of any death certificate and the triggering of transmission are performed manually by an authorised human Sucesio operator, never by an automated algorithm or artificial intelligence. This human validation is accompanied by a 30-day grace period, cross-checking with official civil registry records, and an immutable audit log.
Changes to this policy
This policy may evolve to reflect legal, technical or organisational changes. Any substantial change will be notified to you by email at least 30 days before it takes effect. The last update date appears at the top of this page.