Security & Privacy

Files are protected in transit with HTTPS/TLS and stored using encrypted storage. Documents are never served via public URLs — access requires authentication.

Only the account owner and approved trusted contacts can access private information. Access levels are set by you — Viewer, Family Admin, Emergency Contact, or Memorial Contributor.

Families can share a private access code instead of sending sensitive files through text messages or email. Codes are hashed and stored — never as plain text. They can be revoked at any time.

Our system is designed so support staff cannot casually browse uploaded documents. Administrative access is limited, logged, and used only for security or support reasons.

FinalKeepSake uses HIPAA-inspired privacy principles for sensitive documents, including access controls, encryption, audit logs, and least-privilege permissions. Formal HIPAA compliance and BAA support may be added for healthcare or professional partners in a future version.

Every database table uses Row-Level Security policies. Users can only read and write their own records. There is no way to query another user's data — even with a valid session token.

Private files are never served via permanent URLs. All file downloads use signed URLs that expire in 5 minutes — too short for a leaked link to be useful.

Future advanced privacy mode may use client-side encryption so files are encrypted before upload and cannot be read by the platform — not even by FinalKeepSake staff.