Terms of Service
Last updated: 12 July 2026 · Beta version
The short version: Semma stores encrypted boxes we cannot open. Your master password never reaches us — if you lose it, your data is unrecoverable by design. Semma is a delivery service for your instructions; it is not a will, not legal advice, and not a financial custodian. During beta, use it alongside — never instead of — proper estate planning.
1. What Semma is
Semma ("we", "us") is a digital legacy service. It lets you store encrypted instructions about your digital assets and deliver them to people you designate ("Guardians") if you stop responding to periodic check-ins ("the living switch").
2. What Semma is not
- Not a legal will. Semma does not replace a legally executed will or any formal estate-planning instrument. Consult a solicitor for legal advice.
- Not a custodian. We never hold your money, cryptocurrency, or property. We store only encrypted text you write.
- Not a password manager. During beta, we recommend you do not store complete credentials. Store locations and instructions instead (e.g. "the seed phrase is in the safe").
3. Zero-knowledge encryption
Your vault is encrypted in your browser with AES-256-GCM before it reaches our servers. Your master password never leaves your device. This means:
- We cannot read, recover, or reset your vault.
- If you forget your master password, your vault contents are permanently lost. This is a feature of the security model, not a bug.
- Your Guardians can only decrypt your vault with the master password you chose to share with them personally. Semma never knows or transmits it.
4. The living switch
You choose a check-in interval. If you stop responding, an escalation protocol runs: a reminder to you, then an urgent warning, and finally an email notification to your Guardians. You can reset the protocol at any time by checking in. We make reasonable efforts to deliver emails but cannot guarantee delivery (spam filters, wrong addresses, and outages exist). You are responsible for keeping your and your Guardians' email addresses current.
5. Beta status
Semma is currently in beta. The service is provided "as is", free of charge, without warranties of any kind. We may experience downtime, change features, or — with reasonable notice by email — discontinue the service. We recommend keeping an exported backup of your encrypted vault (the ⬇ button in the app).
6. Your responsibilities
- You must be 18 or older and provide accurate information.
- You will not use Semma for unlawful content or purposes.
- You are responsible for sharing your master password with your Guardians securely and in person.
7. Liability
To the maximum extent permitted by law, Semma shall not be liable for indirect or consequential losses, including loss of access to digital assets, arising from your use of the service, forgotten passwords, undelivered emails, or actions taken by your Guardians. Nothing in these terms excludes liability that cannot be excluded under the law of England and Wales.
8. Governing law
These terms are governed by the law of England and Wales.
Privacy Policy
Last updated: 12 July 2026
The short version: We collect the minimum possible: your email, your Guardians' names and emails, check-in timestamps, and an encrypted blob we cannot read. We don't sell data, we don't run ads, we don't use tracking cookies.
1. Who we are
Semma is operated from London, United Kingdom. Contact: juanmazo930@gmail.com. For the purposes of UK GDPR, Semma is the data controller of the personal data described below.
2. What we collect and why
Data you give us
- Your email address — to create your account and send check-in emails (legal basis: contract).
- A derived authentication key — a cryptographic hash generated in your browser. We never receive your actual password (legal basis: contract).
- Your encrypted vault — an encrypted blob we cannot decrypt or read (legal basis: contract).
- Guardian names and emails — to notify them if your protocol activates (legal basis: legitimate interest — please tell your Guardians you have added them).
- Waitlist email (landing page) — to notify you about the launch (legal basis: consent; unsubscribe anytime).
Data we generate
- Check-in timestamps and escalation stage — to run the living switch (legal basis: contract).
3. What we never do
- We never sell or rent your data.
- We never read your vault — we can't.
- We don't use advertising or tracking cookies.
4. Where your data lives
Our infrastructure providers: Render (application server, EU region), Neon (database, EU region), Resend (email delivery), GitHub Pages (static website), and Formspree (waitlist form). Each processes data on our behalf under their own GDPR-compliant terms.
5. How long we keep it
Your account data is kept while your account is active. If your escalation protocol completes (stage 3), we retain the encrypted vault so your Guardians can access it. You may delete your account and all associated data at any time by emailing us.
6. Your rights (UK GDPR)
You have the right to access, correct, export, restrict, object to processing of, and delete your personal data, and the right to complain to the ICO (ico.org.uk). Email us and we will respond within 30 days.
7. Changes
If we materially change this policy, we will email registered users before the change takes effect.