WhatNow

Privacy Policy

Last updated: October 2025

ybSilent,LLC dba WhatNow, is dedicated to safeguarding your privacy and ensuring the security of your personal information, especially for sensitive end-of-life planning data. This privacy policy outlines how we collect, use, and protect your personal data on the WhatNow website and associated services (the "Platform"). It applies to all WhatNow services that link to this policy and does not cover services with separate privacy notices.

Collection of Your Personal Information

We collect personal data based on how you use the WhatNow Platform and the choices you make, ensuring compliance with legal obligations like HIPAA for healthcare-related data. **Information you provide directly**: When you create an account or build your end-of-life plan, we collect details such as your name, email address, phone number, and specific planning preferences (e.g., healthcare directives or estate details). For users opting for family-shared accounts, you may provide details about designated family members. For private accounts, access protocols are set for survivors. **Information collected automatically**: We gather data like your IP address, browser type, and usage patterns (e.g., pages viewed or links clicked) to enhance your experience and secure the Platform. **Third-party sources**: We may supplement data with information from trusted third parties, such as demographic data providers or public records, to improve personalization, always adhering to strict privacy standards.

Use of Your Personal Data

WhatNow uses your data to deliver a secure and personalized experience, including:

- Creating and managing your end-of-life plans, whether shared with family or kept private with survivor access protocols.

- Enhancing Platform security, particularly for HIPAA-compliant storage of Protected Health Information (PHI).

- Improving user experience through analytics and tailored features.

- Processing transactions, such as subscription payments for premium features.

- Sending essential notifications (e.g., account updates, security alerts) and, with your consent, promotional updates about new features or services.

Security and HIPAA Compliance

Your data’s safety is our priority. WhatNow uses **Supabase**, a SOC 2 Type 2 and **HIPAA-compliant** database, ensuring robust protection for sensitive information like PHI. Data is encrypted **at rest with AES-256** and **in transit with TLS**, with access restricted through **Row Level Security**, role-based permissions, and multi-factor authentication. Regular backups, penetration testing, and DDoS protection further safeguard your information. For private accounts, we implement strict survivor access protocols to ensure your wishes are honored, giving you peace of mind that your data remains secure and accessible only as intended.

Sharing of Your Personal Data

WhatNow does not share your personal data with outside parties except as necessary to provide our services (e.g., with secure payment processors or Supabase for data storage) or as required by law. For family-shared accounts, data is accessible to designated family members during planning. For private accounts, data remains confidential until a verified survivor follows the designated access protocol post-mortem. We may share data within our corporate group or with service providers under strict confidentiality agreements, ensuring compliance with HIPAA and other regulations.

Retention and Access to Your Personal Data

We retain your data only as long as needed to fulfill your end-of-life planning, comply with legal requirements, or resolve disputes. You can access or update your information via the "My Account" section of the Platform or by contacting us at privacy@whatnow.com. For private accounts, survivors must follow a secure protocol to access data after your passing, ensuring your privacy is maintained.

Choice and Preferences

You control your data. You can opt out of marketing emails by adjusting preferences in your account or emailing privacy@whatnow.com. For cookies, you can modify browser settings, though this may impact Platform functionality. California residents and others under applicable U.S. state privacy laws (e.g., CCPA) can request access, correction, or deletion of their data, and we will respond within 30 days.

Data Privacy Framework and International Transfers

WhatNow complies with the **EU-U.S. Data Privacy Framework (DPF)** and uses **Standard Contractual Clauses (SCCs)** for data transfers from the EEA, UK, or Switzerland to the U.S., ensuring your data is protected globally. Our primary data centers are in the U.S., chosen for efficiency and redundancy, with HIPAA-compliant safeguards in place.

Contact Information

For privacy concerns, questions, or to exercise your rights, contact us at privacy@whatnow.com or by mail at Attn: Privacy, WhatNow, Inc., 8133 OH-48, Maineville, Ohio 45039 United States. For EU/EEA and Swiss residents, our data protection representative can be reached at the same email or via support@whatnow.one

This policy may be updated to reflect changes in our services or laws, with the "last updated" date revised accordingly. We encourage you to review it periodically. At WhatNow, your trust is our priority, and we’re committed to protecting your sensitive end-of-life planning data with the highest standards of care.