Beta · the first 100 founding members get free access for life. It’s free right now — normally £12.95.
When I'm Gone
Privacy notice

What we can see, and what we can't.

We built When I'm Gone so that we cannot read your journal - not by accident, not on purpose, not under legal pressure. This notice spells out exactly how that works, what we do see, and what your rights are.

Last updated: 17 May 2026

The one-line version. Everything you type into your journal is encrypted on your device, with a key only you hold. We never see the contents. When you back up to the cloud, what we store is a sealed envelope that we have no way to open.

Who we are

When I'm Gone is operated by White Woodlands Ltd, a company registered in England. If you have any questions about your data or this notice, write to info@whenimgone.life. A real person will answer.

What we cannot see

Your journal is encrypted on your device, with a key derived from your password. The encrypted blob is the only thing that ever leaves your device. We can't read it. Our staff can't read it. If we were ever compelled to hand over data by a court order, all anyone would see is encrypted gibberish.

This means we have no way to:

That is the deliberate trade-off. The price of a journal that no-one else can ever read is that we cannot help you get back in if you've lost the way in. The recovery code we give you at setup is the only safety net we can offer.

What we do see

To run the service, we and our providers see a small amount of information:

Cookies and local storage

We don't use tracking cookies. We don't use Google Analytics or any other behaviour- tracking tool. The app uses your browser's local storage and IndexedDB for three things:

None of these values are sent to us or to any third party.

Sample journal pages

The sample pages on this site show fictional journal entries to help people understand what the product looks like before they buy. Those pages contain no forms and collect no data. All names and details shown are invented.

Your rights under UK GDPR

You have the right to:

To exercise any of these, email info@whenimgone.life. Because we hold so little data, most requests are quick - typically resolved within a week.

Optional email updates

At the end of journal setup, we offer an optional step: you can give us your email address if you'd like occasional updates about When I'm Gone — new features, guides, that kind of thing. This step has a prominent Skip button and is entirely voluntary.

If you choose to share your email:

What we cannot link together

We store no connection between a payment record and a specific journal. The Firebase anonymous user ID, the encrypted vault document, and any payment record are stored as separate identifiers with no linking field. This is intentional: we have designed the system so that identifying which journal belongs to a specific person is not something our stored data can answer.

Languages

The journal is available in eleven languages: English, German, Spanish, French, Italian, Portuguese, Dutch, Polish, Arabic, Chinese, and Hindi. Switching language stores a single preference code on your device (see Cookies and local storage above). No language data is sent to us.

Children

When I'm Gone is intended for adults planning their estate. We don't knowingly collect data from anyone under 16. If you believe a child has used the service, please contact us and we'll remove their backup.

International transfers

Our cloud backup runs on Google Firestore, which may store the encrypted blob in data centres outside the UK. Because the blob is encrypted before it leaves your device, the legal exposure is limited - anyone with access to those data centres sees only encrypted gibberish.

Two other providers may process limited data outside the UK: Resend (United States) delivers the notification email if you opt in to updates, and Have I Been Pwned (hosted on Cloudflare's global network) receives the partial password fingerprint described above during setup. Neither receives your journal contents or anything capable of revealing them.

Changes to this notice

If we change anything material, we'll update the "Last updated" date at the top and explain the change in plain English at the top of this page. We won't change the fundamental promise - that we can't read your journal - without a very loud announcement.