Privacy & data

EternalSelf processes data to provide Digital Twin and Legacy OS. This page summarizes commitments aligned with KVKK and GDPR; a full legal policy should be reviewed by counsel before production launch.

Hosting & transfers

Production targets Supabase EU (e.g. Frankfurt) and Vercel with appropriate DPA / SCCs. Cross-border transfers follow your final vendor agreements.

Gmail & Calendar

Gmail access uses read-oriented scopes for style analysis. Twin does not send from your Gmail. Outbound mail uses @twin.eternalself.com with clear AI disclosure.

Storage & encryption

Legacy archives (photos, documents, written memories, letters, audio, video, text, and other exports) are stored in Supabase Storage with encryption at rest (AES-256). OAuth tokens must be protected with Supabase Vault — never stored in plain text in application code.

Your rights

You may request export or full deletion of your data. API routes /api/account/export and /api/account/delete will be completed with service-role automation before go-live.

Legacy & trustees

Posthumous activation follows trustee verification (e.g. document upload + manual review). Family portal access is token-based and auditable.

Contact: configure support email before launch. Last updated: project draft.