1. Introduction
The Last Will ("the App") is an offline encrypted vault for managing wills, beneficiaries, assets, and sensitive documents. It is developed and published by ZKidz Dev ("we," "us," or "our").
We built The Last Will with a single privacy principle: your data belongs to you and only you. The App has no servers, no cloud storage, no user accounts, and no analytics. Every piece of information you enter stays on your device, encrypted with keys that only you can derive.
This Privacy Policy explains what the App does — and, more importantly, what it does not do — with your information.
2. Information We Do NOT Collect
The Last Will does not collect, transmit, or store any personal information on external servers. Specifically, we do not collect:
- Names, email addresses, or any contact information
- Usernames, passwords, or account credentials
- Device identifiers, IP addresses, or advertising IDs
- Usage data, session logs, or interaction analytics
- Location data (GPS, Wi-Fi, or cell-tower based)
- Contacts, calendars, photos, or other on-device data
- Crash reports or diagnostic telemetry
- Cookies, tracking pixels, or browser fingerprints
- Financial or payment information (purchases are handled entirely by the Apple App Store or Google Play Store)
We have no servers to receive data, no databases to store it, and no analytics dashboards to view it. Zero data leaves your device through the App.
3. Information Stored on Your Device
The App stores the following data locally on your device using an encrypted SQLite database. This data never leaves your device unless you explicitly export it.
- Will documents — names of beneficiaries, asset descriptions, directives, and related details you enter
- Vault items — sensitive documents, notes, and files you choose to store
- Security question hashes — a one-way verification hash derived from your security question answers (the answers themselves are never stored)
- Cryptographic salt— a random value used in the key derivation process, stored in the device's secure storage and the local database
- Biometric authentication token— if you enable biometric unlock, an encrypted copy of your encryption key is stored in your device's secure enclave (managed by the operating system, not the App)
- App preferences — your chosen settings and configuration options
All of this data is encrypted at rest using AES-256-CBC encryption. See Section 4 for full details.
4. Encryption & Security
The Last Will uses industry-standard cryptographic methods to protect your data:
Key Derivation
Your encryption key is derived from your security question answers using PBKDF2-SHA256 with 100,000 iterations. This means there is no master password stored anywhere — the key exists only when you provide the correct answers and is held in memory only for the duration of your session.
Data Encryption
All sensitive data is encrypted with AES-256-CBC (256-bit Advanced Encryption Standard in Cipher Block Chaining mode). Each encryption operation uses a unique, randomly generated initialization vector (IV).
Data Integrity
The App uses an encrypt-then-MAC scheme with HMAC-SHA256 to verify that encrypted data has not been tampered with or corrupted. Data is authenticated before decryption to prevent attacks on the ciphertext.
Memory Management
Encryption keys are cleared from device memory as soon as they are no longer needed. Your security question answers are never stored — they are normalized, used to derive the key, and immediately discarded.
5. Biometric Authentication
The Last Will offers optional biometric authentication (Face ID, Touch ID, or fingerprint) as a convenience feature. Here is how it works:
- The App never accesses your biometric data. Biometric verification is handled entirely by your device's operating system (iOS or Android) at the hardware level, using the device's secure enclave or trusted execution environment.
- The App simply asks the operating system: "Is this the authorized user?" The OS returns a yes or no answer — no biometric data (fingerprints, face scans, etc.) is ever shared with the App.
- If biometric authentication is enabled, an encrypted copy of your session key is stored in the device's secure storage (Keychain on iOS, Keystore on Android), protected by the OS biometric gate.
- You can disable biometric authentication at any time in the App's settings.
6. Data Export & Sharing
The App allows you to export your data as encrypted .mlw files. Here is what you should know:
- Each export generates a fresh, independent encryption keyderived from security questions you set during the export process. The export's encryption is completely separate from your App's encryption.
- Exported files contain your encrypted data in a custom format with a header that includes key derivation parameters — but not the key itself.
- You are responsible for how you share exported files. Once you export a .mlw file, it is under your control. We recommend sharing exported files only through secure, trusted channels.
- The App does not automatically upload, sync, or transmit exported files anywhere. Sharing is entirely manual and initiated by you.
7. Third-Party Services
The Last Will uses no third-party services of any kind. Specifically:
- No analytics platforms (no Google Analytics, no Mixpanel, no Amplitude, etc.)
- No crash reporting services (no Sentry, no Crashlytics, etc.)
- No advertising networks or ad SDKs
- No social media integrations or share SDKs
- No cloud storage providers (no Firebase, no AWS, no iCloud sync)
- No third-party authentication providers
- No content delivery networks for App content
The only external touch points are the Apple App Store and Google Play Store, which handle App distribution and purchase transactions. These platforms have their own privacy policies that govern how they handle purchase data. We do not receive or store any payment information from these transactions.
8. Children's Privacy
The Last Will is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13, in compliance with the Children's Online Privacy Protection Act (COPPA) and similar international regulations.
Because the App does not collect any personal information from any user, there is no risk of inadvertent data collection from children. However, the App is designed for adults who wish to manage estate planning documents and sensitive personal records.
9. Data Retention & Deletion
Because all data is stored exclusively on your device:
- Your data exists only on your device. We do not have copies of your data on any server or backup system.
- Uninstalling the App deletes all data. When you remove the App from your device, all locally stored data — including your encrypted wills, vault items, and settings — is permanently deleted by the operating system.
- We cannot recover your data. If you lose your device, forget your security question answers, or uninstall the App, we have no way to retrieve or restore your data. We strongly recommend using the export feature to create encrypted backups.
- There is no "delete my account" process because there are no accounts. You have full, exclusive control over your data at all times.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do:
- The "Last updated" date at the top of this page will be revised.
- Significant changes will be communicated through the App's update notes on the Apple App Store and Google Play Store.
- The updated policy will be available on our website at zkidzdev.com.
We encourage you to review this policy periodically. Your continued use of the App after changes are posted constitutes acceptance of the updated policy.
11. Your Rights
Privacy regulations such as the GDPR (Europe), CCPA (California), and similar laws grant individuals rights over their personal data — including the right to access, correct, delete, and port their data.
Because The Last Will does not collect, process, or store any personal data on external servers, most of these rights are inherently satisfied:
- Right to Access: All your data is already on your device and accessible to you at any time through the App.
- Right to Correction: You can edit any information in the App at any time.
- Right to Deletion: You can delete any item within the App, or uninstall the App to remove all data entirely.
- Right to Data Portability: The export feature allows you to take your data with you in an encrypted .mlw format.
- Right to Object to Processing: We do not process your data, so there is nothing to object to.
- Right to Not Be Tracked: We do not track you in any way.
If you have questions about your rights or how they apply to The Last Will, please contact us using the information below.
12. Contact Us
If you have any questions, concerns, or feedback about this Privacy Policy or the App's privacy practices, please contact us: