Privacy Policy

Belima is a private video letter app developed and operated by Northgaard ApS, CVR under stiftelse, a limited liability company registered in Denmark ("Belima", "we", "us"). Northgaard ApS is the data controller for the personal data we process about you.

Contact: belimaapp@gmail.com · belima.app

Reading this in Danish, Swedish, or Norwegian? Visit /dk/privacy, /se/privacy, or /no/privacy.

We collect only what is necessary to provide the service:

• Email address and phone number — used for login (one-time password) and dead-man's-switch notifications.
• First name (optional) — used for your in-app greeting.
• Video content — the core of the service. Encrypted on your device before it reaches our servers. We can never read or view your videos.
• Message titles, folder names, recipient names — to organise your library.
• Subscription status — to grant access to Belima Plus features.
• Anonymised error and performance data — to fix bugs and improve the app.

We do not collect location data, browsing history, advertising identifiers, or any data for advertising purposes.

Your videos are encrypted on your device using AES-256-GCM with a key derived via Argon2id from a secret you control. Our servers receive only ciphertext — we cannot decrypt it.

A 24-word recovery phrase is generated at setup. Store it safely — it is your only way to recover your account.

We share data only with the data processors needed to operate the service. All processors have signed Data Processing Agreements with Northgaard ApS under GDPR Art. 28:

• Supabase Inc. (EU — Frankfurt) — database, auth, and encrypted video storage.
• Resend (EU/US with SCCs) — transactional emails (DMS notifications, invitations, death-certificate protest).
• Twilio (EU/US with SCCs) — SMS notifications for dead-man's-switch.
• Sentry (EU — Frankfurt) — anonymised crash and performance monitoring (no PII, only pseudonymised user IDs).
• Apple Inc. (global) — app distribution, In-App Purchase processing, and iOS platform services.Your encrypted video vault is explicitly excluded from iCloud backup (using Apple's NSURLIsExcludedFromBackupKey). Our secrets stored in iOS Keychain use the "ThisDeviceOnly" accessibility class, meaning they are never synced to iCloud Keychain even if you have that feature enabled. Non-sensitive app preferences (e.g. onboarding flags) may be included in a user-initiated iCloud backup; these contain no personal data or video content. Our relationship with Apple as a processor is governed by the Apple Developer Program License Agreement (DPLA), which includes GDPR-compliant data-processing terms. Apple hosts EU users' iCloud data primarily in European data centers (Denmark, Ireland) but does not guarantee EU-only storage; any transfers outside the EU rely on EU-US Data Privacy Framework and Standard Contractual Clauses.
• Expo (EAS) (US with SCCs) — build infrastructure (no user PII).
• Your chosen recipients and trusted contacts — only after your explicit configuration.

We never sell your data. We never share it with advertisers or data brokers.

If you activate the dead-man's switch, a trusted contact you personally choose can initiate a delivery flow. Belima then sends you daily notifications (email + SMS + push) for 7 days. You can cancel at any time. Only if you do not respond for 7 full days are your messages delivered.

We do not verify death automatically. We do not notify recipients of the reason for delivery.

Fallback when DMS fails: If your automated DMS flow cannot run (e.g., your trusted contact has died, lost their trigger link, or there is a family dispute), next of kin may contact Northgaard ApS with valid probate documentation. We verify, retain the document up to 2 years, and observe a 7-day internal protest period before release. See belima.app/death-certificate for full process.

• Your account data — deleted immediately upon account deletion ("Delete everything" in Profile).
• Encrypted videos — deleted immediately when you delete a message, or within 30 days of delivery.
• Anonymised audit logs — retained for 5 years (Danish Accounting Act §10 and GDPR Art. 17(3)(b)). User IDs are nullified on deletion.
• Death-certificate documentation — retained up to 2 years after release, or until all planned post-mortem messages have been delivered, whichever comes first.
• IAP receipts — retained for 5 years (Danish accounting regulations).
• Error reports — automatically deleted after 90 days by Sentry.

You have the right to access, correct, delete, restrict, or port your data, and to object to processing. Contact us at belimaapp@gmail.com or use Profile → Delete all in the app.

We respond within 30 days. Note: if a message has already been delivered and a recipient has downloaded it to their device, we cannot force deletion of their copy.

Our infrastructure is primarily hosted in the EU. Any transfers outside the EU are made under EU Standard Contractual Clauses.

Belima is not intended for children under 13. We do not knowingly collect data from minors under 13.

We will notify you of material changes at least 30 days before they take effect via email and/or in-app notification.

You may lodge a complaint with the Danish Data Protection Agency (Datatilsynet): datatilsynet.dk · dt@datatilsynet.dk · +45 33 19 32 00

This Privacy Policy is governed by Danish law. Any disputes arising from this policy shall be settled before Copenhagen City Court (Københavns Byret) as the venue.

Consumers residing in the EU or EEA retain their mandatory protections under EU Regulation 1215/2012 (Brussels I recast, Art. 18) and the Lugano Convention (for EEA), allowing them to bring action in their country of residence. This clause does not limit those rights.

Northgaard ApS
CVR under stiftelse
adresse oplyses ved registrering
Danmark
belimaapp@gmail.com
belima.app

For GDPR data-access requests (Art. 15) or deletion requests (Art. 17), email with subject "GDPR". For probate-related questions, subject "Death certificate". For security reports, subject "Security".