What we can see, and what we can't.
We built When I'm Gone so that we cannot read your journal - not by accident, not on purpose, not under legal pressure. This notice spells out exactly how that works, what we do see, and what your rights are.
Last updated: 17 May 2026
Who we are
When I'm Gone is operated by White Woodlands Ltd, a company registered in England. If you have any questions about your data or this notice, write to info@whenimgone.life. A real person will answer.
What we cannot see
Your journal is encrypted on your device, with a key derived from your password. The encrypted blob is the only thing that ever leaves your device. We can't read it. Our staff can't read it. If we were ever compelled to hand over data by a court order, all anyone would see is encrypted gibberish.
This means we have no way to:
- Read what you've written in your journal.
- Recover your journal if you lose both your password and your recovery code.
- Search your data, profile you, or build any kind of dataset from journal contents.
- Share your journal contents with anyone, including any government or law enforcement.
That is the deliberate trade-off. The price of a journal that no-one else can ever read is that we cannot help you get back in if you've lost the way in. The recovery code we give you at setup is the only safety net we can offer.
What we do see
To run the service, we and our providers see a small amount of information:
- The encrypted blob itself. When you click "Save a copy", we store the encrypted version of your journal in Google Firestore (a cloud database). The contents are unreadable to us. We also store an anonymous identifier derived from your recovery code so the right device can find the right blob when you sync between devices.
- A Firebase anonymous user ID. When the app talks to the cloud it creates a temporary anonymous Firebase account. There's no email, no password, and no way to link that ID back to you personally. We use it only for rate-limiting and abuse prevention.
- Standard server logs. Like any website, our hosting provider (Azure Static Web Apps) records basic request information - IP address, browser type, page requested. These are retained for a short period for security and diagnostics, then deleted.
- A password-safety check (Have I Been Pwned). When you choose your password at setup, the app checks it against the public database of passwords exposed in past data breaches, run by the Have I Been Pwned service (hosted on Cloudflare). Your password never leaves your device: the app sends only the first 5 characters of a one-way fingerprint (hash) of it — enough for the service to return a list of candidates, but not enough for anyone to work out your password. Like any web request, the service also sees your IP address. If the check can't be reached, setup continues without it.
- Payment information. When you pay £12.95, our payment processor handles the transaction. They see the card details required to process the payment; we do not store your card number. We receive confirmation that a payment was made, and the email address associated with the transaction. That payment record is kept separate from your journal — there is no technical link between what you paid and what you write.
Cookies and local storage
We don't use tracking cookies. We don't use Google Analytics or any other behaviour- tracking tool. The app uses your browser's local storage and IndexedDB for three things:
- Your encrypted journal. The journal itself is stored in IndexedDB, encrypted on your device. This is not tracking data — it is your content.
- Your language preference. If you switch the journal language, we save your choice in local storage under the key
wig-lang. This is a single word (e.g.frfor French) and stays on your device only. - Your theme preference. Light or dark mode, if you change it.
None of these values are sent to us or to any third party.
Sample journal pages
The sample pages on this site show fictional journal entries to help people understand what the product looks like before they buy. Those pages contain no forms and collect no data. All names and details shown are invented.
Your rights under UK GDPR
You have the right to:
- Ask what data we hold about you.
- Ask for your encrypted blob to be deleted from our cloud backup.
- Object to processing or withdraw consent at any time.
- Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we've mishandled your data.
To exercise any of these, email info@whenimgone.life. Because we hold so little data, most requests are quick - typically resolved within a week.
Optional email updates
At the end of journal setup, we offer an optional step: you can give us your email address if you'd like occasional updates about When I'm Gone — new features, guides, that kind of thing. This step has a prominent Skip button and is entirely voluntary.
If you choose to share your email:
- We store it in a separate database table (Google Firestore), with the date you signed up and the label
setupas the source. - We store no link between your email and your journal, your vault, or your anonymous Firebase ID. The stored record contains only the email address, a timestamp, and the word
setup— nothing that identifies a journal. - When you sign up, an automatic notification email is sent to us through Resend, an email delivery provider based in the United States. Resend processes your email address for the sole purpose of delivering that notification.
- We will only use your email to send product updates and occasional news about When I'm Gone. We will never sell it or use it for anything else, and the only third party that processes it is the email delivery provider above.
- To unsubscribe or have your email deleted at any time, email info@whenimgone.life.
What we cannot link together
We store no connection between a payment record and a specific journal. The Firebase anonymous user ID, the encrypted vault document, and any payment record are stored as separate identifiers with no linking field. This is intentional: we have designed the system so that identifying which journal belongs to a specific person is not something our stored data can answer.
Languages
The journal is available in eleven languages: English, German, Spanish, French, Italian, Portuguese, Dutch, Polish, Arabic, Chinese, and Hindi. Switching language stores a single preference code on your device (see Cookies and local storage above). No language data is sent to us.
Children
When I'm Gone is intended for adults planning their estate. We don't knowingly collect data from anyone under 16. If you believe a child has used the service, please contact us and we'll remove their backup.
International transfers
Our cloud backup runs on Google Firestore, which may store the encrypted blob in data centres outside the UK. Because the blob is encrypted before it leaves your device, the legal exposure is limited - anyone with access to those data centres sees only encrypted gibberish.
Two other providers may process limited data outside the UK: Resend (United States) delivers the notification email if you opt in to updates, and Have I Been Pwned (hosted on Cloudflare's global network) receives the partial password fingerprint described above during setup. Neither receives your journal contents or anything capable of revealing them.
Changes to this notice
If we change anything material, we'll update the "Last updated" date at the top and explain the change in plain English at the top of this page. We won't change the fundamental promise - that we can't read your journal - without a very loud announcement.