DME Privacy Policy

1. What This Policy Covers

This Policy applies to information we collect through:

• The DME website at dme.estate
• The DME platform and any related software, applications, or services
• Email and other communications between you and DME
• Any third-party services that integrate with DME, but only as described below

This Policy does not apply to third-party websites or services that may link to or from DME. Their own privacy practices govern your use of those services.

2. Information We Collect

We collect information in three ways: information you give us, information we collect automatically, and information we receive from third parties.

2.1 Information You Give Us

This is most of what we collect. It includes:

Account information:

• Name
• Email address
• Phone number (optional)
• Authentication credentials (Google, Apple, or magic link email)

Estate planning information:

• Marital and family status
• Names, contact information, and relationships of family members, beneficiaries, executors, trustees, guardians, and other named persons
• Information about your dependents, including minor children
• Information about your assets, including bank accounts, retirement accounts, real estate, investments, business interests, and insurance policies
• Funding status of assets relative to a trust
• Personal letters or messages you choose to include in your plan
• Anything else you input into the platform

Health-related information:

• Healthcare preferences and instructions provided for the Advance Health Care Directive
• Names and contact information of healthcare agents

Payment information:

• Billing name and address
• Payment method information, processed by our payment processor Stripe. DME does not store full credit card numbers on our servers.

Communications:

• Messages you send us through email, support requests, or other channels

2.2 Information We Collect Automatically

When you use DME, we automatically collect:

• IP address
• Browser type and version
• Device type and operating system
• Pages viewed and actions taken on the platform
• Time and date of access
• Referring website
• Approximate geographic location (derived from IP address)

We collect this information using cookies, web beacons, and similar technologies. See Section 9 for more on cookies and your choices.

2.3 Information from Third Parties

We may receive information from:

• Identity providers (Google, Apple) when you sign in using their authentication
• Payment processors (Stripe) when you complete a purchase
• Analytics providers (PostHog) regarding your interaction with the platform
• Marketing partners and advertising platforms (Meta, TikTok, Google Ads) regarding ad performance and audience characteristics

3. Sensitive Personal Information

Some information you share with DME qualifies as sensitive personal information under various state laws. This includes:

• Healthcare information (your Advance Health Care Directive contents)
• Financial account information
• Information about minor children in your care
• Precise geolocation (if you choose to share it)

We collect sensitive personal information only to provide the services you have requested. We do not use sensitive personal information for advertising, profiling, or any purpose unrelated to delivering your estate plan.

You may have additional rights regarding sensitive personal information depending on your state. See Section 7 for state-specific disclosures.

4. How We Use Your Information

We use the information we collect to:

Deliver the service:

• Create your account and authenticate you
• Generate your estate planning documents using your inputs
• Populate the What To Do Now system with your information
• Provide the Trust Funding Workflow guidance
• Process payments
• Send transactional emails (purchase confirmation, document ready, account alerts)
• Provide customer support

Improve the service:

• Understand how customers use the platform
• Identify drop-off points and improve conversion
• Test new features
• Train our team on common questions and improvement areas

Communicate with you:

• Send lifecycle emails based on your progress (with the ability to opt out of marketing emails at any time)
• Notify you of life events that may affect your plan
• Send updates about DME's services
• Respond to your questions

Stay legally compliant:

• Comply with applicable laws
• Detect and prevent fraud, abuse, and security incidents
• Enforce our Terms of Service
• Respond to legal requests, subpoenas, and government inquiries

With your consent, for additional purposes you authorize at the time of collection.

We do not use the contents of your estate planning documents (the specific wishes, beneficiaries, healthcare directives) for any purpose other than providing the service to you.

5. How We Share Your Information

We do not sell your personal information. We do not share your estate planning information for advertising purposes.

We share information only in these specific situations:

5.1 Service Providers

We share information with third parties that help us operate DME. These include:

We may add or change service providers from time to time. When we do, we will update this list. Each of these providers has its own privacy practices. We require them by contract to handle your information only for the purposes we direct.

5.2 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government request, or to:

• Enforce our Terms of Service
• Investigate fraud, security issues, or violations of law
• Protect the rights, property, or safety of DME, our customers, or the public
• Defend against legal claims

5.3 Business Transfers

If DME is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and your choices.

5.4 With Your Direction

If you direct us to share your information (for example, with a family member, executor, or attorney you designate), we will do so according to your instructions.

5.5 Aggregated or De-Identified Information

We may use and share aggregated or de-identified information (information that does not identify any individual) for any lawful purpose, including research, analytics, and marketing.

6. Your Privacy Rights

DME respects your right to control your personal information. Depending on where you live, you may have specific rights under applicable law. DME extends most of these rights to all customers regardless of state, as a matter of policy.

You may:

Access your information. Request a copy of the personal information we hold about you.

Correct your information. Update inaccurate or incomplete information at any time through your account. For information you cannot update directly, contact us.

Delete your information. Request that we delete the personal information we hold about you. Some information may be retained as required by law, for fraud prevention, or to enforce our Terms.

Receive your data in a portable format. Request a copy of your information in a machine-readable format.

Opt out of marketing communications. Click "unsubscribe" in any marketing email or contact us. You will continue to receive transactional emails necessary to provide the service.

Opt out of sale or sharing. DME does not sell your personal information and does not share it for cross-context behavioral advertising. There is no opt-out needed because we do not do these things.

Limit use of sensitive personal information. Sensitive personal information is used only to provide the service. There is no need to limit it because we do not use it for other purposes.

Non-discrimination. We will not deny service, charge different prices, or provide a different quality of service because you exercised a privacy right.

To exercise your rights, contact us at privacy@dme.estate. We will verify your identity before responding. We will respond within 45 days, with one possible 45-day extension if necessary.

7. State-Specific Disclosures

7.1 Utah Residents

The Utah Consumer Privacy Act (UCPA) gives Utah residents specific rights regarding their personal data. Although DME may not currently meet the statutory thresholds that require UCPA compliance, we voluntarily honor the rights set out in the UCPA for Utah residents. To exercise your rights, contact us at privacy@dme.estate.

7.2 California Residents

The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give California residents specific rights regarding their personal information. Although DME may not currently meet the statutory thresholds that require CCPA compliance, we voluntarily honor the rights set out in the CCPA for California residents.

Categories of personal information collected in the past 12 months (as defined by the CCPA):

• Identifiers (name, email, IP address)
• Customer records (account information)
• Commercial information (purchase history)
• Internet or network activity (usage data)
• Geolocation data (approximate)
• Inferences drawn from the above
• Sensitive personal information (account credentials, health information, precise geolocation if provided, contents of mail and email if applicable)

We do not sell or share personal information for cross-context behavioral advertising.

To exercise California rights, contact us at privacy@dme.estate. We respond to verifiable requests within 45 days.

7.3 Other States

DME may serve residents of additional states in the future. As we expand, we will update this section to reflect state-specific rights under the privacy laws of Colorado, Virginia, Connecticut, Texas, and any other state with applicable laws.

If you are a resident of a state with a comprehensive privacy law, contact us at privacy@dme.estate to learn about your specific rights.

8. Data Retention

We retain your information for as long as you have an active DME account, plus a reasonable period afterward to:

• Comply with legal obligations (including record-keeping for tax and accounting)
• Resolve disputes
• Enforce our agreements
• Maintain backup copies until they expire on standard schedules

Specific retention rules:

• Account and estate planning information: Retained for the life of your account. After account closure, retained for 7 years for legal and accounting purposes, then deleted or anonymized.
• Payment records: Retained as required by tax and accounting laws (typically 7 years).
• Communications: Retained for 3 years from last contact.
• Marketing and analytics data: Retained until you opt out or until the data is no longer needed for the purpose collected.

You may request earlier deletion under Section 6.

9. Cookies and Tracking Technologies

DME uses cookies and similar technologies to:

• Keep you signed in
• Remember your preferences
• Understand how you use the platform
• Measure the effectiveness of our marketing

Categories of cookies we use:

Strictly necessary cookies. Required for the platform to function. These cannot be disabled.

Functional cookies. Remember your preferences and improve your experience.

Analytics cookies. Help us understand how the platform is used. We use PostHog for product analytics.

Marketing cookies. Help us measure the effectiveness of ad campaigns on platforms like Meta, TikTok, and Google. These are set only with your consent where required by law.

You can control cookies through your browser settings. Blocking cookies may affect platform functionality.

When required by applicable law, we will display a cookie banner on your first visit, allowing you to consent to or decline non-essential cookies.

We respect the Global Privacy Control (GPC) signal as an opt-out request where applicable.

10. Data Security

We use reasonable administrative, technical, and physical security measures to protect your information, including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Access controls and authentication requirements for our team
• Regular security reviews of our systems and providers
• Logging and monitoring for unusual activity
• Vendor security assessments for third-party service providers

No system is perfectly secure. We cannot guarantee that your information will never be accessed by an unauthorized party. If we become aware of a security breach affecting your information, we will notify you and the appropriate authorities as required by law.

11. Children's Privacy

DME is not intended for use by anyone under 18. We do not knowingly collect personal information from children under 13.

You may include information about your minor children in your estate plan (such as their names, ages, and guardians). This information is provided by you, the parent or legal guardian, and is used only to populate your estate planning documents.

If we learn that we have collected personal information from a child under 13 in any other context, we will delete it.

12. International Users

DME's services are designed for residents of U.S. states where we operate. If you access DME from outside the United States, your information will be transferred to, stored in, and processed in the United States.

The United States may have different data protection laws than your country. By using DME, you consent to the transfer and processing of your information in the United States.

13. Do Not Track

Some browsers offer a "Do Not Track" signal. There is no industry consensus on how to respond to Do Not Track signals, and DME does not currently respond to them. We respect the Global Privacy Control signal where applicable.

14. Third-Party Links

DME may contain links to third-party websites and services. We are not responsible for the privacy practices of those third parties. Read their privacy policies before sharing information with them.

15. Changes to This Policy

We may update this Policy from time to time. When we do, we will:

• Post the updated Policy on dme.estate with a new "Last Updated" date
• For material changes, notify you by email or in-product notice at least 30 days before the change takes effect

Your continued use of DME after the effective date of any update means you accept the updated Policy.

16. Contact Us

Questions, concerns, or requests regarding this Policy? Contact us:

Email: privacy@dme.estate

Mail:
Decisions Made Easy, LLC
Attn: Privacy
[Mailing address TBD]

We will respond to verifiable requests within 45 days.

For urgent privacy matters, mark your email "URGENT" in the subject line and we will respond within two business days.