Data Archival and Data Retention Policy

1. Introduction and Our Promise to You

BlockWill is a digital inheritance infrastructure provider. The data you trust to us, ranging from the keys that protect your digital assets to the documents that record your final wishes, is the most personal data anyone can hold. This Policy explains, in plain language, exactly how we archive it, how long we keep it, when and how we delete it, and what we will do to protect it if, for any reason, BlockWill itself should cease to exist.

This is a public document. It is published as part of our customer and partner trust commitments. If anything we describe here changes, we will tell you, and we will do so before the change takes effect. Our promise is simple: your data outlives our company, and your continuity is engineered, not assumed.

2. Scope and Applicability

This Policy applies to all personal data, account data, and cryptographic material processed by BlockWill in the course of providing the SecureVault, DigiWish, and VaultRelay services, whether you access us as an individual user, an Asset Owner, an Asset Manager, a Guardian, an Executor, a Beneficiary, or as a partner organisation embedding BlockWill into a client offering.

It applies to every BlockWill system, employee, contractor, and processor, and it applies wherever in the world we process data. Where local law imposes a stricter standard than what is set out here, the stricter standard prevails. The terms of this policy are subject to the events mentioned in Section 12.

3. Defined Terms

Active Account

means an account with ongoing subscription, including annual subscription and lifetime subscription under any plan.

Cryptographic Erasure

means the irreversible destruction of all keys required to decrypt ciphertext, rendering the underlying data unrecoverable.

Trigger Event

means a verified death, incapacity, dead-man-switch expiry, or inactivity threshold that activates a VaultRelay release.

Vault Content

means data you store in your SecureVault, encrypted client-side under keys that only you and your designated stakeholders control. BlockWill does not have access to plaintext Vault Content at any time.

4. Guiding Principles

Five principles govern every retention and archival decision we make:

• Privacy by design. Vault Content is encrypted with keys we cannot read. Cryptographic erasure and data deletion is the default end state.
• Minimum necessary data. We collect only what is required to deliver the service and to meet legal duties. We do not monetise personal data.
• Defensible storage limitation. Every category of data has a defined active retention period, an archival period, and a final disposition step.
• Auditability. Every retention, archival, and deletion action is logged immutably and is available to regulators and to you on request.

5. Data Classification

We classify data into nine categories. The retention table in Section 6 applies the relevant treatment to each.

• Vault Content. End-to-end encrypted; zero-knowledge to BlockWill.
• Identity and KYC Data. Government identification, sanctions screening results, proof-of-address.
• DigiWish Documents. Legally-vetted proof-of-intent templates and the user's completed instances.
• VaultRelay Trigger and Release Logs. Records of trigger conditions, verifications, and release events.
• Audit Logs and Security Telemetry. Authentication events, administrative actions, anomaly detections.
• Payment, Subscription and Billing Records. Invoices, receipts, payment processor references.
• Marketing and Communications. Subscriptions, consents, communications history.
• Support, Complaint and Legal Correspondence. Tickets, dispute history, regulator correspondence.
• Anonymized Analytics and Product Telemetry. Aggregated, irreversibly anonymized usage statistics.

6. Retention Schedule

The following schedule is the master reference for how long we hold each category of data. Where multiple jurisdictions apply, the longest mandatory retention applies, after which data is archived or deleted in accordance with the disposition column.

Active retention runs from the date data is collected until your account is closed or the relevant processing purpose is concluded. Archival retention begins on account closure or trigger event, whichever applies. Final disposition is executed by automated workflow, with a manual reviewer countersignature for vault and DigiWish data.

7. Archival Mechanisms

8. Deletion and Erasure

When data reaches the end of its retention period, or when you exercise a valid erasure right, we apply cryptographic erasure first and data deletion thereafter. Cryptographic erasure destroys the keys necessary to decrypt the relevant ciphertext, rendering the data unintelligible even if the underlying storage media were ever recovered, and data deletion erases all the data stored on our servers.

Backups and disaster-recovery snapshots are subject to the same retention schedule. Where data has been deleted but still exists in an active backup set, it will be deleted on the next scheduled overwrite cycle, which occurs at intervals of no more than 35 days. Until then, the data is sealed and is not retrieved for any purpose other than disaster recovery.

9. Cross-Border Transfer and Data Sovereignty

Our primary data residency is in the DIFC and the United Arab Emirates. Onward transfers occur only to jurisdictions that provide adequate data protection, or under safeguards that meet the standards of the originating jurisdiction. These include DIFC Standard Contractual Clauses, EU and UK Standard Contractual Clauses, and the recognised adequacy mechanisms under DPDPA.

10. Trigger-Event Data Handling

When a VaultRelay Trigger Event occurs, BlockWill enters a defined release workflow. The workflow is intentionally designed so that BlockWill itself never views Vault Content at any stage.

• Notification. The Executor, Guardian, and named Beneficiaries are notified in the sequence you set.
• Release. Decryption keys flow through the multi-party arrangement you configured. Vault Content moves directly from your vault to the Beneficiary's vault.
• Logging. A release record is written to the immutable audit ledger and a hashed reference is anchored to Polygon.
• Archival. The release record, the verification evidence, and the chain of custody are archived for specific years for evidentiary and probate purposes, as mentioned in Section 6.
• Final erasure. Once the archival period expires, the data on our servers and the encryption keys are subject to cryptographic erasure and permanent data deletion.

11. Your Rights

Whatever jurisdiction you sit in, the following rights apply to your relationship with BlockWill. Where local law gives you a broader right, the broader right prevails.

Most rights are exercised directly inside your account. For any request that cannot be self-served, write to privacy@blockwill.io. We will acknowledge within 72 hours and substantively respond within 30 days, or such shorter period as local law requires.

12. Business Continuity and Cease-to-Exist Provisions

This section is the part of the Policy that matters most. A digital inheritance platform that ceases to exist without continuity arrangements would be worse than no platform at all. The entire architecture below is designed so that your data, your DigiWish documents, and your designated successor access do not depend on BlockWill remaining operational.

13. Governance and Accountability

The Head of Security is the document owner of this Policy and is responsible for keeping it current. The Board of Directors of BlockWill Analytical Technologies Limited approves every version. The Data Protection Officer, reachable at privacy@blockwill.io, is the day-to-day point of contact for users, partners, and supervisory authorities.

This Policy is reviewed at least annually, and additionally on any material change in applicable law, in the company's corporate structure, in the product, or in the underlying cryptographic schemes. Material changes are notified to users at least 30 days before they take effect.