Privacy Policy

Last updated: January 7, 2026

This Privacy Policy describes the rights and responsibilities that apply to your use of Continuuum's websites, services, and mobile app (collectively, the "Service"), each owned and operated by Continuuum Holdings Ltd. ("Continuuum", "we", "our" or "us").

Please read the Privacy Policy carefully before using the Service. If you don't agree to this Policy, as well as Continuuum's Terms of Service, you may not use the Service. The Service is only available to you if you have entered the age of majority in your jurisdiction of residence and are fully able and competent to enter into, abide by and comply with the terms.

1. Your Continuuum Account

Welcome to Continuuum (formerly Vault). We are committed to protecting your privacy and ensuring the security of your digital assets. This Privacy Policy explains how we collect, use, and safeguard your information when you use our secure digital asset inheritance platform. If you create an account on the Service (your "Account"), you are responsible for maintaining the security of your Account and its Content (as defined below). You are responsible for all activities that occur under your Account and any other actions taken in connection with the Account.

You must not describe or assign Content to your Account in a misleading or unlawful manner, including in a manner intended to trade on the name or reputation of others, and Continuuum may change or remove any description or keyword that it considers inappropriate or unlawful, or otherwise likely to cause Continuuum liability. You must immediately notify Continuuum of any unauthorized uses of your Account or any other breaches of security.

2. Information We Collect

2.1 Account Information

  • Email Address: Used for account identification, authentication, and critical notifications
  • Phone Number: Optional, used for enhanced security and SMS notifications
  • Master Passphrase: Hashed using industry-standard encryption (never stored in plaintext)
  • IP Address: Recorded at registration for policy acceptance and security audit logs

2.2 Vault Data

  • Encrypted Asset Names: Metadata for organizing your vault items
  • Importance Levels: LOW, MEDIUM, or HIGH (determines release timing)
  • Encrypted Blobs: Your actual data, encrypted client-side before transmission
  • Attachment Metadata: File information (name, size) in JSON format

2.3 Nominee Information

  • Nominee Name, Email, Phone: Collected with your consent to facilitate asset transfer
  • Verification Data: Temporary codes and tokens for identity verification
  • Secret Code Hash: Stored securely for nominee authentication

2.4 Activity Data

  • Heartbeat Timestamps: Last activity indicator to detect inactivity
  • Audit Logs: System actions (login, heartbeat, state changes) for security monitoring
  • Inactivity State: ACTIVE, SILENT, COOLING, or RELEASED status

3. Zero-Knowledge Encryption Guarantee

We Never See Your Plaintext Data. All vault data is encrypted client-side (in your browser) before it reaches our servers. We store only encrypted ciphertext. Even in the event of a data breach, your actual content remains unreadable without your master passphrase.

  • Encryption happens locally in your browser using AES-256-GCM
  • Your master passphrase never leaves your device in plaintext
  • Our servers cannot decrypt your vault contents
  • Nominees receive decryption keys only after verification and release stages

4. How We Use Your Information

  • Account Management: Creating, authenticating, and maintaining your account
  • Inactivity Detection: Monitoring heartbeats to detect prolonged absence (120 days threshold)
  • Nominee Verification: Sending SMS/email codes and managing multi-step authentication
  • Asset Release: Executing staged release after cooling period
  • Security Auditing: Logging critical actions to prevent unauthorized access
  • Service Notifications: Sending inactivity warnings, release notifications, and verification codes

5. Inactivity & Asset Release Policy

Timeline Overview:

  • Day 0 - 120: ACTIVE
  • Day 120 - 134: SILENT (Grace Period)
  • Day 134 - 148: COOLING (Final Warning)
  • Day 148+: RELEASED (Staged)

Release Stages:

  • Stage 1: LOW and MEDIUM importance items released to verified nominee
  • Stage 2: HIGH importance items released (+7 days)

You can stop the release process at any time by logging in or sending a heartbeat. This immediately resets your status to ACTIVE, regardless of the current stage.

6. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share data only in these circumstances:

  • With Your Nominee: After verification and release stages, encrypted vault items are accessible to your designated nominee
  • Legal Requirements: If required by law, court order, or governmental authority
  • Service Providers: Third-party services (email delivery, SMS gateways) that assist in platform operations, under strict confidentiality agreements
  • Security Incidents: With law enforcement if unauthorized access is detected

7. Data Retention

  • Active Accounts: Data retained indefinitely while account is active
  • Released Assets: Remain accessible to nominees until they choose deletion
  • Audit Logs: Retained for 7 years for security and compliance purposes
  • Verification Codes: Automatically deleted after expiry (10 minutes for SMS, 72 hours for email)
  • Account Deletion: You may request permanent deletion; data is removed within 30 days except where legally required

8. Your Privacy Rights

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request account and data deletion (subject to legal obligations)
  • Export: Download your encrypted vault data in portable format
  • Revoke Nominee: Remove nominee access at any time before release completion
  • Opt-Out: Disable non-critical notifications (inactivity warnings remain mandatory)

9. Security Measures

  • End-to-end encryption for all vault contents
  • HTTPS/TLS for all data transmission
  • Bcrypt password hashing with salt
  • Rate limiting on authentication endpoints (5 attempts per 15 minutes)
  • Database-level encryption at rest
  • Regular security audits and penetration testing
  • Multi-step nominee verification (phone + secret code + acceptance)

10. Cookies & Tracking

We use minimal cookies for essential functionality:

  • Authentication Cookies: Secure, HttpOnly cookies for session management
  • Refresh Tokens: Stored securely to maintain login sessions
  • No Third-Party Trackers: We do not use Google Analytics, Facebook Pixel, or similar tracking tools

11. Children's Privacy

Continuuum is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with data, please contact us immediately for deletion.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. The "Last updated" date at the top indicates the latest revision. Continued use of the service after changes constitutes acceptance of the updated policy. Material changes will be communicated via email.

13. Contact Us

For questions, concerns, or requests regarding your privacy:

  • Email: support@continuuum.in
  • Support: support@continuuum.in
  • Security Issues: security@continuuum.in

Policy Version: v1.0
Effective Date: January 7, 2026
Acceptance: By creating an account, you acknowledge that you have read and understood this Privacy Policy.

View Terms of Service