Security & Trust

Last updated: April 2, 2026

Eternal After Life is designed for sensitive legacy content. This page describes, in plain language, how the service is built and what you can expect. Eternal After Life is not independently SOC 2 certified. We host on providers that publish their own compliance programs (for example, Vercel describes SOC 2 Type II for its platform).

1. Infrastructure

• Application hosting: The web application runs on Vercel. Vercel operates the edge and serverless execution environment. Built on SOC 2–compliant infrastructure (Vercel)refers to the hosting provider's certifications—not a separate certification of Eternal After Life itself.
• Database: In production, data is typically stored using Turso (libSQL). Local development may use SQLite on a developer machine. Encryption at rest and operational controls depend on the database provider's documented practices.
• Authentication: Sign-in is handled with NextAuth. Optional Google sign-in is subject to Google's policies.

2. Encryption & data in transit

• HTTPS: Traffic between visitors and the site is protected with TLS (HTTPS) as served by our hosting platform.
• Passwords: Account passwords are stored using one-way hashing (bcrypt), not in plain text.
• Vault media: Video and file content you attach is referenced by URL (for example, links you provide or uploads you configure). Eternal After Life does not claim end-to-end encryption of those files unless you use a storage provider that provides that separately. Metadata (titles, recipient contact information, letter text you enter, configuration) is stored in the application database like other account data.

3. Who can access vault messages

• You (the account holder): You can create, view, and delete your vault items through the authenticated application while logged in.
• Loved ones (designated recipients): When the release protocol runs according to your settings, recipients may receive a unique link to view content you associated with them. Anyone with that link could open it until you rotate or invalidate access (if such features exist).
• Operators: People with access to hosting accounts, database credentials, and application logs may be able to access or recover data as part of operating and debugging the service. We do not sell personal data. Access should be limited to what is needed to run the product.

4. Data retention & deletion

• We retain account and vault data while your account is active and as needed to provide the service.
• To request deletion of your account and associated personal data, email support@eternal-afterlife.com. We will confirm identity and process requests within a reasonable time, subject to legal or security holds.
• Backups or logs held by infrastructure providers may persist for a period according to their policies.

5. Incident response

• We monitor hosting and application health through the cloud providers' tooling.
• If we become aware of a breach that affects personal data, we will take steps to contain it, assess impact, and notify affected users where required by law and when practicable.
• Report suspected security issues to support@eternal-afterlife.comwith subject line "Security disclosure".

For how we collect and use personal data, see our Privacy Policy. For terms of use, see our Terms of Service.

This page is informational and may be updated. It is not a legal contract. For regulated or high-risk use cases, consult qualified counsel.