Effective: April 16, 2026 | Version 1.0
5. How We Use Your Information
8. International Data Transfers
Break Glass is operated by Zach van Dorp from New Zealand.
Break Glass ("we", "us", "our") is operated by Zach van Dorp, based in New Zealand. We are the data controller for your personal information.
For privacy inquiries: [email protected]
Your name, email, and what you choose to store. Payments handled by Stripe.
Account data: Name, email address, password (hashed, never stored in plaintext). If you sign in with Google, we receive your name, email, and profile picture from Google.
Contact data: Names, email addresses, and phone numbers of people you add as emergency contacts. This information is encrypted at rest with per-user keys.
Payload data: The encrypted content you store (instructions, messages, documents). Encrypted at rest with AES-256-GCM using per-user keys.
Payment data: Stripe processes all payments. We receive your subscription status and billing period dates from Stripe. We never see or store your credit card number.
Usage data: Page views, referrer, browser type, and country via Umami (self-hosted, cookie-free analytics). No personally identifiable information is collected by analytics.
Technical data: IP addresses in server access logs (Cloudflare). Session tokens for authentication.
Safety check-in data: Check-in timestamps, escalation state, and notification delivery records.
Notification preferences: Your configured notification channels and associated identifiers — phone numbers (for SMS/voice/WhatsApp), push notification topic identifiers, messaging platform chat IDs, and webhook URLs. Sensitive values are encrypted at rest.
Two-factor authentication: If you enable 2FA, we store your TOTP secret (encrypted) and hashed backup codes. These are never transmitted or disclosed.
Directly from you, from Google (if you use OAuth), and from our service providers.
Directly from you: When you create an account, add contacts, write payloads, or configure scenarios.
From third parties: Google (OAuth profile data), Stripe (payment confirmations), Postmark/Twilio (delivery status webhooks).
Automatically: Server access logs (Cloudflare), analytics (Umami, cookie-free), session cookies (authentication).
We process your data to provide the service you signed up for.
Contract performance: Processing necessary to deliver the service you subscribed to — storing your content, delivering payloads, running the safety check-in, sending notifications.
Legitimate interest: Security monitoring, fraud prevention, service improvement, and maintaining audit logs.
Consent: Optional notification channels (SMS, voice, WhatsApp, Telegram, push). You can enable or disable these at any time.
Legal obligation: Tax and financial records as required by New Zealand law.
To provide the service, process payments, send notifications, and improve the product.
We do not sell your personal information. We do not use your data for advertising. We do not share your data with third parties except as described in this policy.
The safety check-in automatically fires your plan if you stop responding.
Break Glass includes a safety check-in feature that monitors whether you respond to periodic check-in prompts. If you enable this feature and fail to respond within your configured grace period, your designated emergency scenario activates automatically — delivering payloads to your contacts without human review.
You configure all parameters (check-in interval, grace period, which scenario fires). You can disable the safety check-in at any time. This is disclosed under GDPR Article 22 as automated decision-making that may significantly affect individuals. You have the right to contest an automated activation by contacting us. The configurable confirmation delay serves as the mechanism for human intervention — during the delay period, you can cancel the activation before payloads are transmitted.
We use Stripe, Postmark, Twilio, and others to deliver your notifications and process payments.
We share data with the following third-party services solely to provide the Service:
ntfy (push notifications) and Umami (analytics) are self-hosted on our own infrastructure and do not share data with third parties.
Your data is stored in New Zealand. Some services process data in the US.
Your data is stored on our server in New Zealand. Some third-party services (Stripe, Postmark, Twilio, Google, Cloudflare) process data in the United States. These providers maintain appropriate safeguards for international data transfers, including Standard Contractual Clauses where applicable.
We keep your data while your account is active, then delete it 30 days after you close your account.
AES-256 encryption at rest, full-disk encryption, hardware-backed key protection.
We implement industry-standard security measures to protect your data:
Break Glass uses server-side key management. The server can decrypt your data when your plan activates. See our Security page for full architecture details. No system is perfectly secure — we implement strong protections but cannot guarantee absolute security.
One essential session cookie. No advertising or tracking cookies.
Session cookie: We use a single session cookie for authentication. This cookie is strictly necessary for the service to function and does not track you across other websites. Attributes: httpOnly, Secure, SameSite=Lax.
Analytics: We use Umami, a self-hosted analytics platform that does not use cookies and does not collect personally identifiable information.
Cloudflare: May set a bot-management cookie (strictly necessary for security).
We do not use advertising, marketing, or third-party tracking cookies. No cookie consent banner is required because we only use strictly necessary cookies.
You can access, correct, export, or delete your data at any time.
All users: You can access, correct, and delete your data through your account settings at any time.
EU/EEA/UK residents (GDPR): You have the right to access, rectification, erasure, restriction, portability, and objection. You may withdraw consent at any time. You may lodge a complaint with your local supervisory authority (e.g., the UK ICO at ico.org.uk). We respond to requests within 30 days.
California residents (CCPA/CPRA): You have the right to know, delete, correct, and opt-out of sale/sharing. We do not sell or share your personal information. We respond to requests within 45 days.
Australian residents: You have rights under the Australian Privacy Principles (APPs), including access and correction. You may complain to the OAIC at oaic.gov.au.
New Zealand residents: You have rights under the NZ Privacy Act 2020 Information Privacy Principles (IPPs), including access and correction. You may complain to the NZ Privacy Commissioner at privacy.org.nz.
To exercise any of these rights, contact [email protected].
Your emergency contacts' info is encrypted. They can request removal.
When you add emergency contacts, you store their personal information (names, emails, phone numbers) in our service. This information is encrypted at rest with per-user keys.
By adding contacts, you represent that you have a legitimate reason to store their information and that you have informed them of their inclusion in your emergency plan where practical.
Emergency contacts who receive communications from Break Glass can request removal of their data by contacting [email protected]. We will remove their information within 30 days.
Break Glass is not for anyone under 18.
Break Glass is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from someone under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact [email protected].
We will only disclose data when legally required, and we'll notify you when permitted.
We may disclose your personal information if required by law, subpoena, warrant, or court order. When we receive a valid legal request:
Payload content is encrypted at rest with per-user keys. Responding to a legal request for decrypted content requires the server to derive the user's encryption key, which is technically possible with our server-side key management architecture.
We'll notify you and relevant authorities promptly if your data is compromised.
In the event of a data breach that affects your personal information:
Delete your account anytime. 30-day grace period, then permanent deletion.
You may delete your account at any time from your account settings. Upon requesting deletion:
Legal representatives can request access or deletion.
If you are the legal representative of a deceased Break Glass user, please contact [email protected] with proof of authority (such as a death certificate and grant of probate or letters of administration).
If the user configured active scenarios, those scenarios will continue to operate according to their settings (including safety check-in timers) until the account is closed.
We'll email you about material changes.
We may update this Privacy Policy from time to time. Material changes will be notified via email at least 30 days before they take effect. Non-material changes (clarifications, formatting) may be made at any time. The effective date at the top of this page indicates when the policy was last substantively changed.
Email us at [email protected].
For privacy inquiries or to exercise your rights: [email protected]
For general support: [email protected]
For security vulnerabilities: [email protected]
Supervisory authorities: