Place a Section 29 or 35 notice

    Privacy Policy

    Last updated: 17 April 2026

    Responsible Party / Information Officer

    When I Am Gone (Pty) Ltd, Office 8, PineworX, Lonsdale Way, Pinelands, Cape Town, 7405, South Africa.
    Information Officer: Natalie Macdonald Spence — support@wheniamgone.co.za
    Regulator: Information Regulator (South Africa) - inforegulator.org.za

    1. Introduction

    When I Am Gone (Pty) Ltd ("we", "our", "us") looks after your privacy. We handle your personal information under the Protection of Personal Information Act 4 of 2013 (POPIA) and any other data protection laws that apply.

    This Privacy Policy explains how we collect, use, store and protect your personal information when you use our estate planning service. That includes the personal vault, the When I Am Gone Pro practitioner portal and any legal notice services we provide.

    2. Information We Collect

    Account Information

    When you create an account, we collect:

    • Email address (for authentication and communication);
    • Name (optional, for personalisation);
    • Phone number (optional, for account recovery); and
    • For practitioners: firm name, regulatory body, practice number and any verification evidence you submit.

    Vault Data

    You can store sensitive information in your encrypted vault. That includes assets, debts, contacts, documents and instructions. Your device locks this information with a key made from your passphrase before sending it to our servers. We only ever receive and store the locked version. Unlocking it needs your passphrase.

    Legal Notice and Practitioner Matter Data

    When you use the practitioner portal, we process the matter details you enter, such as the deceased's name, identity number, dates and notice text. We need these to draft and publish the notice. Unlike vault data, this information is processed in plain text on our servers because it has to be sent to the Government Printing Works or newspapers for publication.

    Payment Information

    Payments are processed by Paystack. We receive a transaction reference and status but do not receive or store your full card number.

    Usage Information

    We automatically collect:

    • Log data (IP address, browser type, access times);
    • Device information (device type, operating system); and
    • Usage patterns (features used, pages visited).

    3. How We Use Your Information

    We use your information to:

    • Provide and maintain our services;
    • Authenticate your identity and secure your account;
    • Send important service notifications and transactional email;
    • Process access requests from executors or trusted contacts;
    • Verify practitioner credentials and lodge legal notices on your instructions;
    • Improve our service and develop new features; and
    • Comply with legal obligations.

    4. Data Security

    Your vault data is encrypted on your device before it is uploaded. Your vault passphrase is not stored on our servers. In addition, all data we hold is protected by:

    • Encrypted connections between your browser and our servers;
    • Encrypted storage of our database and uploaded files, managed by our hosting providers;
    • Hashing of one-time verification codes and session tokens before storage;
    • Regular security reviews, dependency audits and monitoring; and
    • Strict role-based access controls for our staff.

    5. Sub-processors and Data Sharing

    We do not sell your personal information. We rely on a small number of trusted operators (sub-processors) to run the Service, each bound by contractual data protection obligations:

    • Paystack (Paystack Payments South Africa (Pty) Ltd) - payment processing for subscriptions and legal notice orders.
    • Resend (Resend, Inc.) - delivery of transactional email (verification codes, access request notifications, receipts).
    • Google Cloud Storage - encrypted storage of uploaded vault files (ciphertext only) and application assets, via our hosting provider's managed object storage.
    • Our hosting and database provider - application hosting and the managed PostgreSQL database that stores encrypted vault payloads, account records and practitioner matter data.
    • Government Printing Works and participating newspapers - only where you instruct us to publish a legal notice, and only the content necessary for that publication.

    We may also share personal information with persons you authorise through our access request workflow, and with law enforcement or regulators where legally required.

    6. Cross-border Transfers

    Some sub-processors (for example Resend and Google Cloud Storage) may process data outside South Africa. Where this happens we rely on the transfer mechanisms permitted under section 72 of POPIA, including contractual safeguards with the recipient and, where applicable, your consent.

    6A. International data processing

    When I Am Gone stores and processes personal information using infrastructure operated by international service providers in jurisdictions outside South Africa. No adequacy determination under POPIA currently applies to those jurisdictions.

    The basis for this transfer is your explicit consent, given at registration or (for existing accounts) via the consent banner, as contemplated by section 72 of the Protection of Personal Information Act 4 of 2013.

    Categories of data transferred

    • Account information (email address, name, phone number);
    • Vault metadata (record counts, dates, activity logs);
    • Transactional data (payment references, subscription status); and
    • Any personal information you store in the plain-text sections of your vault (such as executor, beneficiary, and guardian details submitted via the will generator or contact manager).

    Your rights

    You may withdraw your consent to international data processing at any time by deleting your account. Account deletion removes your personal information from our systems in accordance with our retention schedule. To request deletion, contact us at support@wheniamgone.co.za or use the account deletion option in your settings.

    Cross-border transfer enquiries

    For enquiries specifically about cross-border data transfers, contact our Information Officer at support@wheniamgone.co.za.

    7. Your Rights Under POPIA

    You have the right to:

    • Access the personal information we hold about you;
    • Request correction of inaccurate information;
    • Request deletion of your data;
    • Object to processing of your data;
    • Withdraw consent at any time; and
    • Lodge a complaint with the Information Regulator.

    8. Data Retention

    We keep your account and vault data for as long as your account is active. When you delete your account, we delete or permanently anonymise the related personal information as soon as we reasonably can. The exception is where the law requires us to keep specific records, such as tax, accounting or legal notice publication records. Those are kept only for as long as the applicable law requires.

    Backup copies are overwritten in the normal course of our backup rotation. Until they are overwritten, deleted records may still sit in our encrypted backups. We do not restore them into the live service except to recover from a disaster.

    9. Contact Us

    For privacy-related inquiries or to exercise your rights, contact us at:

    Email: support@wheniamgone.co.za
    Address: When I Am Gone (Pty) Ltd, Office 8, PineworX, Lonsdale Way, Pinelands, Cape Town, 7405, South Africa.

    You may also lodge a complaint directly with the Information Regulator at inforegulator.org.za.

    9A. Self-drafting acknowledgement log

    When you confirm in the will generator that you are drafting your will for yourself, we record the date, time and source IP address of that confirmation against your account. This log helps us stop someone else from pretending to be you. It also helps us co-operate with the South African Police Service or a court if your will is later disputed. We keep the record for as long as the will draft exists, and for seven years after it is revoked.

    10. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service, and update the "Last updated" date at the top of this page.

    When I Am Gone

    Secure estate information vault for South Africans.

    Coming soonInsurance cover - join the waitlist
    Checking system status…

    Follow When I Am Gone

    More languages soon

    When I Am Gone (Pty) Ltd ("When I Am Gone") provides secure digital information storage tools only. When I Am Gone is not a law firm, financial adviser, or estate planning professional. This service does not constitute legal, tax, or financial advice. Consult qualified professionals for estate planning matters. Executors and beneficiaries are responsible for verifying information and obtaining professional advice before acting.

    Will documents created using When I Am Gone must be printed, reviewed, and signed in the presence of two competent witnesses as required by the Wills Act 7 of 1953. Electronic wills are not valid under South African law. When I Am Gone does not verify will validity, witness competency, or guarantee executor or Master of the High Court acceptance.

    When I Am Gone is the responsible party for processing your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and the Promotion of Access to Information Act 2 of 2000 (PAIA). We process data based on your consent and contract performance. Data categories collected include identity, contact, estate, and financial information. Sensitive vault entries are encrypted in your browser before they reach our servers, and uploaded files are encrypted on our servers before they are stored; the security of your own device and passphrase remains your responsibility. Data is held with our cloud and database providers under written POPIA processing terms. Retention: active accounts indefinitely; deleted accounts for 7 years per legal requirements.

    You have the right to access, correct, delete, or object to processing of your personal information. Contact our Information Officer at support@wheniamgone.co.za for data subject requests. We will notify affected users of any data breach within 72 hours. See our Privacy Policy for full details.

    © 2026 When I Am Gone (Pty) Ltd. All rights reserved. Registered in South Africa.

    When I Am Gone is a registered Financial Services Provider | FSP No: 55699 | Regulated by the FSCA

    Certain services are financial services under FAIS. Administrative vault services are non-FAIS. | CPA cooling-off rights apply. | The FSP licence is held by When I Am Gone alone and is never re-presented under a partner brand.

    When I Am Gone logoWhen I Am Gone