Privacy Policy for Last Message

Last Updated: 1st February 2025

1. Introduction

Last Message ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Last Message application and services ("the Service").

2. Information We Collect

2.1 Information You Provide

  • Account information (email address, password)
  • Message content and recipient information
  • Check-in confirmations
  • Payment information (processed by third-party providers)
  • Password hints for message decryption

2.2 Automatically Collected Information

  • Device information (device type, operating system)
  • IP address and location data
  • Usage data (check-in patterns, app interactions)
  • Error logs and crash reports

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Process and deliver messages according to your settings
  • Send notifications about check-ins and message delivery
  • Process payments and manage subscriptions
  • Improve and optimize our Service
  • Comply with legal obligations

4. Data Storage and Security

4.1 Message Encryption

  • All messages are encrypted using AES-GCM encryption
  • Encryption keys are derived using PBKDF2
  • Messages remain encrypted on our servers until delivery conditions are met
  • We cannot access the content of your encrypted messages

4.2 Data Storage

  • Data is stored on secure servers within the European Union
  • We implement industry-standard security measures
  • Regular security audits and updates are performed
  • Backups are encrypted and stored securely

5. Data Sharing and Disclosure

We share your information only in the following circumstances:

  • With message recipients (only when delivery conditions are met)
  • With service providers (payment processing, hosting)
  • When required by law or to protect rights
  • In the event of a business transfer or merger

We do NOT:

  • Sell your personal data
  • Share message content with third parties
  • Use message content for marketing
  • Access encrypted message content

6. Data Retention

6.1 Account Data

  • Active accounts: Data retained until account deletion
  • Deleted accounts: Data removed within 30 days
  • Payment records: Retained as required by law

6.2 Message Data

  • Undelivered messages: Stored until delivery conditions are met
  • Delivered messages: Deleted within 30 days of delivery
  • Failed deliveries: Retained for 45 days for re-attempt (Premium users)

7. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request data deletion
  • Export your data
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • File a complaint with supervisory authorities

8. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children.

9. Third-Party Services

Our Service may include links to third-party services. This Privacy Policy does not cover these services. We recommend reviewing their privacy policies.

10. International Data Transfers

We process data within the EU. If data transfers outside the EU occur, we ensure appropriate safeguards are in place.

11. Changes to Privacy Policy

We may update this Privacy Policy. Users will be notified of significant changes via:

  • Email notification
  • In-app notification
  • Service announcement

12. Cookie Policy

We use essential cookies to:

  • Maintain your session
  • Remember your preferences
  • Ensure service functionality

13. Contact Information

For privacy-related questions:

  • Email: support@lastmessage.net
  • Data Protection Officer: gdpr@lastmessage.net

14. Legal Basis for Processing

We process data under the following legal bases:

  • Contract fulfillment (service provision)
  • Legal obligations
  • Legitimate interests
  • User consent

15. Breach Notification

In case of a data breach that risks your rights:

  • We will notify relevant supervisory authorities within 72 hours
  • Affected users will be notified without undue delay
  • We will provide recommendations for protecting your interests

16. Complaint Resolution

If you have concerns about data processing:

  1. Contact our Data Protection Officer
  2. We will respond within 30 days
  3. You may escalate to supervisory authorities
  4. You retain the right to seek judicial remedy

By using Last Message, you acknowledge this Privacy Policy and consent to the described data practices.