18December
GuidesChecklistFind a specialistPricing
Sign inCreate a free accountSign up
Legal

Privacy Policy

Last updated: 14 July 2026

18December (“we”, “us”, or “our”) is committed to protecting the privacy of everyone who uses this platform. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Health Records Act 2001 (Vic), and, for users located in the European Union, European Economic Area, or United Kingdom, the EU General Data Protection Regulation (GDPR) and UK GDPR.

What matters most, in plain language:

We do not sell your data or read your documents. Your vault documents are encrypted and stored in Australia. You can download everything and close your account at any time. If something ever went wrong with your data, we would tell you. You can nominate a trusted person, and you control exactly when and what they can see. After you die, they can request access to your full account.

1. Who we are

18December is a platform operated by 18December Pty Ltd (ACN 699 023 464), Victoria, Australia. For all privacy enquiries, contact us at hello@18december.com.au.

2. What we collect

We collect the following categories of personal information:

  • Account information: your name, email address, and password when you create an account.
  • Onboarding preferences: your pathway selection (for example, that you are the person with the diagnosis, someone supporting a person you love, or someone whose person has died) and optional context flags. Because this can indicate your circumstances, we treat it as sensitive information (see Section 5). Before you create an account it is stored only in your browser's local storage and is not transmitted to us. If you create an account and tell us who it is for, we store that against your account so we can tailor what we show you.
  • Checklist progress: your completed and saved checklist items. If you are signed in, this is stored against your account so it is available across your devices. If you are not signed in, it is stored only in your browser's local storage and is not transmitted to us.
  • Guide activity: a record of which guides you have read and which you have saved. If you are signed in, this is stored against your account so your read markers and saved guides are available across your devices. If you are not signed in, it is stored only in your browser's local storage and is not transmitted to us. Because the guides you read on this platform can indicate your circumstances, we treat this as sensitive information (see Section 5).
  • Document vault contents: documents you upload to your secure vault (such as wills, advance care directives, powers of attorney, and correspondence). These are stored on our servers in encrypted form. See Section 4 for how we handle this sensitive information.
  • Usage data: pages visited, features used, session duration, and general usage patterns, collected via Google Analytics 4.
  • Location data: suburb or postcode, if you use the Specialist Directory. This is sent to Google to return nearby results and is not stored on our servers beyond your session.
  • Payment information: billing details are collected and processed by Stripe. We do not store your full card details. We receive only confirmation of successful transactions.
  • Account register entries: financial institution names, account names, account or reference numbers, institution contact details, and free-text notes you record in your account register. This information is provided voluntarily to assist the people you leave behind in identifying and contacting your accounts after your death. We do not use it for any other purpose.
  • Platform feedback: helpfulness ratings (thumbs up or down) and optional written comments you submit via the guide feedback widget or the page feedback tab, along with an optional email address if you choose to leave one so we can reply, and the page the feedback relates to. Comments are voluntary and free-text; please do not include sensitive personal or health details you would not wish to be stored. The feedback tab is not a support or emergency channel.
  • NPS responses: satisfaction scores (0 to 10) and optional written comments you submit via our feedback survey. These are used to improve the platform and are not linked to your account unless you are signed in at the time.
  • Communication data: any correspondence you send us by email, including support requests.
  • Subscription and cancellation status: your subscription status, the reason your subscription was cancelled (at your request, because the account was wound down after a death, or due to a payment failure), and the date of cancellation. This information is used to manage your account and, where relevant, to trigger the 30-day data deletion process described in Section 9. A cancellation made by winding the account down after a death does not start that 30-day process; those accounts are retained for 12 months and then deleted, as described in the data retention section below and in Section 12.
  • Medication diary records: medication names, doses, dosing instructions, and a log of when each dose was administered, by whom, and whether it was administered as a breakthrough (PRN) dose. This constitutes health information under the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic) and is handled in accordance with the heightened protections described in Section 5. Where your account is for someone you are supporting, these records may be the Person’s health information rather than your own, recorded by you on the basis described in Section 5.
  • Pending tests records: the names of medical tests awaiting results, expected result dates, and whether results have been received. This information is provided voluntarily to help you track upcoming tests during a period of illness.
  • Notification tracker entries: the organisations or people you record as needing to be told about a death, together with any category, reference number, free-text notes, and the status of each (not started, in progress, or done). You provide this voluntarily to keep track of who has been contacted and where each one is up to. It is a tracker only: we do not use it to assess entitlements, contact anyone on your behalf, or for any other purpose. Where you choose to share this area with a member of your circle or your legacy contact, they can see these entries in accordance with your access settings (see Sections 11 and 12).
  • Funeral preferences and farewell wishes: your recorded preferences for your funeral or farewell, including funeral type, burial or cremation preference, location preferences, and any personal messages you wish to leave. This information is stored solely to document your wishes and make them accessible to the people you choose.
  • Last wishes records: personal notes and instructions you record using the last wishes feature. This may include sensitive or personal content of your own choosing. It is stored solely to preserve your wishes and is disclosed only in accordance with your nominated access settings.
  • Marketing preferences: whether you have opted out of marketing emails. This preference is stored against your account and is respected on all future marketing communications. You can update it at any time in your account settings or by clicking the unsubscribe link in any marketing email.
  • Medication share token: if you choose to generate a medication diary share link, we store a cryptographic token that enables that link, along with the date the link expires and a record of when it was last opened and how many times. A share link stays active for 14 days after it was last opened and switches off on its own if it is not opened in that time. In any case it lasts no more than 90 days without you renewing it. You can renew or switch off the link at any time from your account settings. Switching it off immediately invalidates any previously shared links.
  • Mobile number (text reminders): if you choose to receive medication reminders by text message, we collect the Australian mobile number you provide, a record that you confirmed it with a one-time code, and the date and time you opted in. We use it only to send the reminders you asked for, and you can remove it at any time by turning text reminders off. Where the number you provide is the mobile of the person you are caring for, it is recorded on the authority basis described in Section 5.
  • Legacy contact information: the name and email address of any person you nominate as your legacy contact. We use this solely to send their nomination invitation and to manage their access in accordance with your instructions. See Section 12 for full details.
  • Legacy and executor access logs: a record of all legacy contact and executor access requests, including the date, time, and identity of the person requesting access, and, for executor applications, the IP address, browser and device, and the submitter's local time and timezone at submission. See Section 12 for details of how we use and retain this information.
  • Whose information each item is: for each item you store (such as a document, account register entry, medication, medication log, pending test, or funeral preference), we record whether it is your own information or the information of the person you are caring for, and, where it is theirs, the basis on which you record it (see Section 5). We use this only to keep the two separate and to control what can be passed on to a legacy contact, a circle member, or an executor. Where this has not yet been confirmed for an item, we treat that item as not yours to pass on.

3. How we use it

We collect and use your personal information to:

  • Create and manage your account and deliver the features you have requested
  • Personalise your experience based on the pathway and stage you have selected
  • Process subscription payments and manage billing
  • Save and sync your checklist progress across devices
  • Provide secure document storage through the vault feature
  • Improve the platform based on aggregated usage patterns
  • Respond to enquiries and support requests
  • Send account notifications and, if you have opted in, platform updates
  • Send automated medication dose reminders by email, based on the dosing schedule you configure in the medication diary. These emails are sent using your medication information (medication name and scheduled frequency) and constitute a use of your health information for the purpose for which it was collected.
  • Send those dose reminders by text message instead of email, if you have turned on text reminders and confirmed your mobile number. To protect your health information, these texts are deliberately generic: they never include the medication name, the dose, or any person’s name. You can stop them at any time (see Section 14).
  • Send a one-time check-in email approximately 72 hours after account creation to users who have not yet engaged with the checklist and have not opted out of marketing email. This is a marketing communication and respects your email opt-out preference.
  • Send automated pre-deletion reminder emails before your account data is permanently deleted, so you have the opportunity to download your documents.
  • Comply with our legal obligations

We do not sell, rent, or trade your personal information to third parties. We do not use your information for advertising profiling.

4. Legal basis for processing (EU and UK users)

If you are located in the European Union, European Economic Area, or United Kingdom, the UK GDPR and EU General Data Protection Regulation (GDPR) apply to our processing of your personal information. We process your personal information on the following legal bases:

  • Contract performance (Art. 6(1)(b)): processing necessary to create and manage your account, deliver the features you have subscribed to, process payments, manage billing, and send essential service notices.
  • Explicit consent (Art. 9(2)(a)): processing of sensitive information, including any health-related content you store in your document vault. You may withdraw this consent at any time as described in Section 5 below.
  • Consent (Art. 6(1)(a)): analytics cookies (Google Analytics 4), which are only placed after you accept via our cookie consent banner. You may withdraw consent at any time by updating your cookie preferences.
  • Legitimate interests (Art. 6(1)(f)): improving the platform using aggregated, anonymised usage data; preventing fraud and abuse; and maintaining the security of the platform. We have assessed that these interests are not overridden by your privacy rights.
  • Legal obligation (Art. 6(1)(c)): retaining transaction records for 7 years as required under applicable tax law.

5. Your sensitive information

18December operates in a space that often involves health information, including advance care preferences, medical conditions, and end-of-life plans. Under the Privacy Act and the Health Records Act 2001 (Vic), this information requires heightened protection. We take that seriously.

What we collect

You may store documents in your vault that contain health information (for example, advance care directives or letters to medical teams). You may also share health-related context with us in support correspondence.

The medication diary feature collects health information directly: medication names, doses, dosing instructions, and a log of when each dose was administered and by whom. This data constitutes health information under both the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic). It is collected only with your consent (by using the feature) and is stored solely to support your care management. Last wishes records may also contain sensitive personal content of your choosing.

If you are signed in, we record which guides you read and save. Because our guides cover health and end-of-life topics, this activity can reasonably indicate your or another person's health circumstances, so we treat it as sensitive information. It is collected only where you are signed in (by reading or saving guides while logged in), is stored solely to show your read markers and saved guides across your devices, and is never used to build a health profile of you or disclosed to third parties. If you are not signed in, this activity stays in your browser and is not collected by us.

Where you generate a medication diary share link and share it with a third party (such as a nurse, carer, or family member), the contents of your medication diary, together with the first name of the person being cared for, become visible to that person. This constitutes a disclosure of your health information under Australian Privacy Principle 6. The share link is generated by you, shared at your discretion, and can be revoked by you at any time from your account settings. To protect your health information, the link stays active only while it is being used: it switches off on its own if it is not opened for 14 days, and in any case lasts no more than 90 days without you renewing it. We record when it is opened, both so you can see whether and how often it has been viewed and so that an actively used link keeps working. If someone opens a link that has switched off, we may email you to let you know, so you can send a fresh link if it is still needed. We do not initiate, control, or have visibility over who you share the link with. You are responsible for ensuring the link is shared only with people you trust with your health information.

If you turn on text-message reminders, the reminder texts are deliberately generic and never contain the medication name, the dose, or the name of the person being cared for. Because no health information is placed in the text, sending it through our SMS provider and the mobile networks is not a disclosure of your health information. The detail stays in the medication diary, behind your sign-in.

How we handle it

We collect sensitive information only with your explicit consent. By uploading a document to your vault or sharing health-related details with us, you consent to our storing and using that information solely to provide the vault feature and support you have requested. We do not access the content of your vault documents except where necessary to provide technical support at your request, or as required by law.

We will not use sensitive information for any purpose other than the specific purpose for which you provided it, unless required by law or to prevent a serious threat to life or safety.

Information you record about another person

Many people use 18December to support a partner, family member, or friend (we call that person the Person). If you have told us your account is for someone you are supporting, the information you record, most of all in the medication diary, may be the Person’s information rather than your own, and may include their health information.

When you record the Person’s information, we ask you to confirm the basis on which you do so. That basis is one of the following: the Person has given you permission, you act under an enduring power of attorney or guardianship, or the Person cannot make this decision and you are their substitute decision-maker. We rely on your confirmation. We do not independently verify it, and you are responsible for ensuring you have the authority you describe. Where the Person is able to understand that you are keeping this information for them, they should know that you are doing so.

We hold the Person’s information on the same terms, and with the same protections, as your own. We use it only to provide the features you have asked for, and we apply the heightened protections for sensitive information described above.

We keep the Person’s information separate from your own so that it is not passed on without a proper basis. A legacy contact, an executor, or a person you nominate to see your account only ever receives the items that are your own. The Person’s information is withheld from them, as is any item whose owner you have not yet confirmed, unless you have first told us it is your own. Being trusted to hold the Person’s information does not let anyone else receive it through your account.

You can see and change whose information each item is at any time from your account. If you correct an item to record that it is your own, we ask you to confirm this is accurate, because marking an item as yours allows it to be released to your legacy contact or executor. This control supports your right, and the Person’s right, to keep information accurate and up to date.

The Person has rights over their own information, including the right to ask what is held, to have it corrected, and to ask that it no longer be kept. If the Person contacts us directly, we may need to act on their request, including by correcting or removing their information, even where you are the account holder. If you or the Person wishes to exercise these rights, contact us at hello@18december.com.au. See Section 15 for more on your rights.

Where you hold an account about the Person, you can also invite them to see their own record. Once invited, the Person can sign in with their own free account to see who is in the circle and what each person can access, and they can remove anyone or withdraw any area themselves. This lets the Person see and control who can access their information directly, rather than having to ask us.

Sharing information with your circle

18December lets you invite other people into your account (your circle) and choose, for each person, which areas of your account they can see. When you grant someone access to an area, you direct us to disclose that information to that person so they can help you. Where the area holds health information, such as your medication diary or pending tests, this is a disclosure of sensitive information under Australian Privacy Principle 6.

Before you can share a sensitive area, we record your express consent to that disclosure against you as the data subject, together with the date you gave it. Where the account is held by a Carer supporting the Person, the disclosure is made on the authority basis you have recorded above, and you confirm you have that authority. You choose who is in your circle and what each person sees, you can change or remove any person’s access at any time, and we keep a record of when a shared area is opened. We keep that access record for 12 months, then delete it (see Section 10).

Everyone you invite into your circle accesses your account through their own free 18December account and sign-in. We do not provide a way to view shared areas without an account.

Withdrawing consent

You may withdraw consent at any time by deleting your documents from the vault or closing your account. We will explain the consequences before any data deletion action is taken.

6. Personalisation and automated processes

18December uses pathway selection to personalise the content and guidance shown to you. This personalisation is based on the preferences you set (such as your role and stage) and does not involve automated decision-making that produces significant legal effects on you.

We also operate the following scheduled automated processes that act on personal information without human review:

  • Medication reminders: a process runs every 15 minutes and sends a reminder shortly before each scheduled dose is due, based on the medication name, dose frequency, and last logged dose in your medication diary. Reminders are sent by email, or by text message if you have turned on text reminders and confirmed your mobile (those texts are generic and contain no health information). No human reviews these before they are sent. This process uses your health information for the purpose for which you provided it.
  • Reminder pause when the diary goes quiet: a process runs several times a day and, where every scheduled medication on an account has been due with nothing logged for an extended period, pauses that account’s reminders and sends a single gentle notice. Reminders resume automatically as soon as a dose is logged. This process never assumes or asserts that anyone has died.
  • Day-three check-in: a process runs daily and identifies accounts created approximately 72 hours earlier that have not yet engaged with the checklist and have not opted out of marketing email. A single check-in email is sent. This process uses your account creation date and checklist engagement data to determine eligibility.
  • Pre-deletion reminder: a process runs daily and identifies accounts approaching their data deletion date. A reminder email is sent to give you the opportunity to download your documents before deletion occurs.
  • Data deletion: a process runs daily and permanently deletes account data (vault documents, checklist progress, medication records, and all other platform data) for accounts that have passed the 30-day post-cancellation retention window. This automated process has significant and irreversible consequences: it permanently destroys your personal information. The full timeline is described in Section 10.
  • Payment-lapsed account handling: a process runs daily and permanently deletes account data for accounts where a subscription has lapsed and the applicable retention window has expired, in accordance with our retention policy.
  • Circle access log clean-up: a process runs daily and permanently deletes circle access log entries (the record of when a circle member opened a shared area) that are older than 12 months, so we hold them no longer than needed.
  • After-death message release: where a subscriber has left personal messages set to be released after their death, and their nominated legacy contact’s access has been verified, the private links that let each named recipient open the messages addressed to them are generated automatically, without human review. This process does not make a decision about any person; it makes the subscriber’s own messages available to the people they chose. The legacy contact cannot read the messages. See Section 12.
  • Operations console (being introduced): we are building an internal console that carries out routine account actions, such as adjusting billing, issuing refunds, winding down an account after a death, recovering a failed payment, and permanently deleting an account across our systems. Each action shows the operator its effects and is confirmed by a person before it runs; it is not decided solely by automation. Every action is recorded in a permanent audit log.

The following disclosures apply from 10 December 2026 under the Privacy and Other Legislation Amendment Act 2024 (Privacy Act ADM amendments):

  • Personal information used in automated processes: pathway selection, stage, and usage preferences; medication name, dose frequency, last logged dose, and (where you use text reminders) your mobile number (medication reminders and the reminder pause); account creation date and checklist engagement data (day-three check-in); subscription status and cancellation date (pre-deletion reminder and data deletion processes); the recipient names and any email addresses a subscriber recorded on messages set for after-death release, together with the legacy contact’s verification status (after-death message release); and, for the operations console being introduced, your subscription, billing and payment status, and account and identity records (console actions)
  • Decisions substantially assisted by automated processes: which content and guides are shown to you; which channel a reminder is sent on; whether to pause an account’s reminders when its diary has gone quiet; whether to send a day-three check-in email; when to send a pre-deletion reminder; and, in the operations console being introduced, whether to retry a failed payment, adjust or refund a charge, switch or pause a plan, or wind down or delete an account (each confirmed by a person before it runs)
  • Decisions made solely by automated processes that have significant effect: permanent deletion of your personal information after the post-cancellation retention period expires (data deletion and payment-lapsed deletion processes); permanent deletion of circle access log entries older than 12 months

7. Cookies and analytics

We use Google Analytics 4 to understand how the platform is used. Google Analytics collects anonymised data including pages visited, scroll depth, time spent on each page, button and link interactions, outbound link clicks, session duration, and general geographic region. This data is used solely to improve the platform and is not linked to your name or email address. If you are located in the EU or UK, Google Analytics cookies are only placed after you consent via our cookie banner. You can opt out at any time by updating your cookie preferences or by using the Google Analytics Opt-out Browser Add-on.

We also use session cookies set by Clerk (our authentication provider) to keep you signed in. These are essential cookies and cannot be disabled without affecting platform functionality.

For full details of the cookies we use, see our Cookie Policy.

8. Who we share it with

We do not sell your personal information. We share it only with the service providers necessary to operate the platform, and only to the extent required for that purpose:

  • Google Analytics 4: usage analytics. Google Privacy Policy.
  • Google Places API: specialist directory search. Location data is sent to Google to return nearby results. Google Privacy Policy.
  • Supabase: database and document storage, hosted in the Sydney (Australia) region. Supabase Privacy Policy.
  • Clerk: user authentication and account management, based in the United States. Clerk Privacy Policy.
  • Stripe: payment processing, based in the United States. Stripe Privacy Policy.
  • Vercel: platform hosting and content delivery, based in the United States. Vercel Privacy Policy.
  • Resend: email delivery service used to send all transactional emails, service notices, and medication reminders. Hosted in the Tokyo (ap-northeast-1) region. Resend Privacy Policy.
  • Texto: SMS delivery service used to send text-message medication reminders and the verification code, if you turn on text reminders. Hosted in Australia (AWS Sydney) and delivered through Australian mobile carriers, so your mobile number and reminder texts are not sent overseas. Texto Privacy Policy.

We may also disclose your medication diary records to the recipients of a share link you generate. This disclosure is made at your explicit direction. You control who receives the link and can revoke access at any time from your account settings. We do not choose or limit who you share your link with.

Where you invite someone into your circle and grant them access to part of your account, that information is disclosed to that person at your direction. They access it through their own free account and sign-in. You choose who is invited and what each person can see, and you can change or remove their access at any time from your account. We do not decide who is in your circle.

We may also disclose your information where required by law, court order, or regulatory authority. We will notify you of such requests where permitted by law.

9. Data sent overseas

Some of our service providers are located outside Australia. Your personal information (excluding document vault contents, which are stored in Australia via Supabase Sydney) may be stored or processed overseas: in the United States by Google, Clerk, Stripe, and Vercel; and in Japan (Tokyo region) by Resend, our email delivery provider. Text-message reminders are sent through Texto, which is hosted in Australia (AWS Sydney), so your mobile number and reminder texts are not sent overseas.

Before disclosing your information to these overseas recipients, we take reasonable steps to ensure they protect it consistently with the Australian Privacy Principles. All listed providers are subject to GDPR-standard data processing agreements or equivalent privacy frameworks. By using our platform, you acknowledge that your information may be transferred to countries with different privacy laws to Australia.

EU and UK users: Australia does not currently hold an EU adequacy decision. Where your personal information is transferred to the United States (via Google, Clerk, Stripe, and Vercel) or to Japan (via Resend), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent transfer mechanisms adopted by those providers, to ensure an adequate level of protection.

10. How long we keep it

  • Account information: retained for the life of your account, and for 7 years after account deletion (for business record-keeping obligations)
  • Document vault contents: retained until you delete them or close your account. If you cancel your subscription at your own request, your vault documents and all other platform data (checklist progress, account register, last wishes, pending tests, medication records) remain accessible until the end of your final billing period, then are retained for a further 30 days, then permanently and irreversibly deleted. You will receive an email when you cancel confirming the date your access ends and the date your data will be deleted, and a second email when deletion is complete. If your subscription is cancelled due to a payment failure rather than at your request, your data is retained and accessible again when you resubscribe. If you wind your account down after the death of the person you were supporting, this is not treated as an ordinary cancellation: instead of the 30-day timeline, your account is retained for 12 months so your documents and the after-death guidance remain available to you and, where relevant, to a legacy contact or executor. You can download your documents at any time during that period, or ask us to delete your data sooner. After 12 months the data is deleted. If the account holder dies, see Section 12 for the applicable retention period.
  • Checklist progress: retained until you delete your account
  • Transaction records: 7 years (required under Australian tax law)
  • Analytics data: 26 months (Google Analytics default retention period)
  • Account register entries: retained until you delete them or close your account. If the account holder dies, see Section 12 for the applicable retention period. After account closure, entries are permanently deleted within 30 days.
  • Platform feedback and NPS responses: retained for 3 years from the date of collection, then permanently deleted. Responses linked to a user account are deleted when that account is closed.
  • Medication diary entries and logs: retained until you delete them or close your account. Subject to the same post-cancellation 30-day window and deletion process as vault documents.
  • Pending tests records: retained until you delete them or close your account. Subject to the same post-cancellation 30-day window and deletion process as vault documents.
  • Notification tracker entries: retained until you delete them or close your account. Subject to the same post-cancellation 30-day window and deletion process as vault documents. If the account holder dies, see Section 12 for the applicable retention period.
  • Last wishes and funeral preferences: retained until you delete them or close your account. Subject to the same post-cancellation 30-day window and deletion process as vault documents.
  • Medication share tokens: retained until you revoke the link or close your account.
  • Legacy contact information (nominee name and email): retained for the life of the subscription and for 7 years after the relationship ends (whether by withdrawal of nomination, account cancellation, or death of the subscriber), to maintain an audit record of who held access.
  • Legacy messages set for after-death release: personal messages a subscriber chose to release after their death are kept beyond the standard post-cancellation and post-death deletion windows, so the promise to make them available to their intended recipients is not broken. They are preserved until released to their recipients, and for a reasonable period afterwards, and are not removed by the routine data-deletion processes. Messages set for immediate or future-date availability are treated like other account data and deleted on the standard windows.
  • Legacy and executor access logs: 7 years from the date of the access event, as described in Section 12.
  • Circle access log: a record of when a circle member opens a shared area. Kept for 12 months from the date of access, then permanently deleted by an automated process that runs daily.
  • Support correspondence: 3 years from the date of last contact
  • Marketing preferences: until you unsubscribe or withdraw consent
  • Records of admin actions on your account: kept for the life of your account and deleted with it; a minimal, permanent entry (who did what, and when) is retained in our immutable audit log.

When personal information is no longer required, we destroy or de-identify it securely.

11. How we keep your data safe

We take reasonable steps to protect your personal information from misuse, loss, and unauthorised access. Our security measures include:

  • Encryption of data in transit (TLS) and at rest (AES-256 for vault documents)
  • Access controls and role-based permissions
  • Secure authentication through Clerk
  • All document vault data stored in Australia (Supabase Sydney region)

No internet transmission is 100% secure. If you believe your account has been compromised, contact us immediately at hello@18december.com.au.

Notifiable Data Breaches: if a data breach occurs that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act.

12. Deceased users

18December is a platform designed to help people plan for death and support those left behind. This section explains how we handle accounts and personal information after a subscriber dies.

Your nominated person

When you nominate someone on 18December, they will receive an email invitation to confirm their nomination. Accepting that invitation does not give them access to your documents or any information you have stored on the platform.

Your nominated person can only view your documents when you choose to release access to them. You do this explicitly through your account settings. No access is shared automatically at any point.

You can withdraw your nominated person's access at any time. When you do, they will be notified and immediately lose the ability to view your documents.

We collect and use your nominated person's name and email address to send them their invitation and to notify them when your access settings change. We do not use this information for any other purpose, and we do not share it with third parties.

Your nominated person's information is handled in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth).

Access to shared documents is via a secure link sent to your nominated person's email address. That link does not require a password. You are responsible for revoking access if you believe the link has been forwarded or compromised. You can do this at any time from your account settings.

Legacy contacts

Subscribers may nominate a trusted person as their legacy contact from their account settings. A legacy contact is the specific person a subscriber has authorised to access their account after their death. The nomination is the subscriber's express consent under Australian Privacy Principle 6 for us to disclose their information to that person following their death.

When a nominated legacy contact wishes to access the account, they submit a request through their secure link and confirm that the subscriber has died and that they are the nominated person. Before we grant any access, we verify the request. We ask the requester to provide a copy of the subscriber's death certificate (or equivalent documentation) and proof of their own identity, being either a statutory declaration confirming they are the nominated contact or a copy of their government-issued photo identification. A member of our team reviews this documentation and only releases access once we are satisfied that the request is genuine and that the requester is the person the subscriber nominated.

We collect these verification documents solely to confirm the legitimacy of the access request. We use them only for that purpose and do not share them with third parties except where required by law. Once a request has been verified and actioned, identity and death verification documents are retained only as long as needed to maintain a record of the decision, and are then securely destroyed in accordance with our retention practices.

When a request is submitted, we also notify the subscriber at their registered email address, so that if the request was made in error or without authority the subscriber has an opportunity to contact us and have it placed on hold. If the documentation provided is insufficient or cannot be verified, we may decline the request. In that case we explain to the requester what is required and they may submit a further request.

What a legacy contact can access

A legacy contact has read-only access to the following:

  • The subscriber's document vault (view and download only)
  • The subscriber's completed checklist items
  • The subscriber's account register (view and print only), including financial institution names, account reference numbers, and contact details recorded by the subscriber

A legacy contact cannot upload documents, delete documents, modify the checklist, or access billing, account settings, or correspondence.

A legacy contact, and an executor granted access below, only ever receive the items that belonged to the subscriber themselves. Where the subscriber used the account to support another living person, anything the subscriber recorded as that person’s information (for example their health records in the medication diary) is withheld, because it is not the subscriber’s to pass on. The same applies to a person nominated to view the account during the subscriber’s life. See Section 5 for how the ownership of each item is recorded and changed.

Personal messages left for others

A subscriber can write personal messages and, for each one, choose to have it released only after their death. These messages are for the specific people the subscriber names, not for the legacy contact. When the legacy contact's access is verified, we show them who each message is for and give them a private link to pass to that person. The legacy contact cannot read the messages themselves. Each recipient opens only the messages addressed to them, through a private link that requires no password. We do not email these recipients on the subscriber's death; the legacy contact chooses when and how to pass each link on. Every time a recipient opens their messages, the access is logged. See Section 6 for how the release is triggered.

Access logging

All legacy contact access requests are logged, including the date, time, and identity of the person requesting access. This log is retained for 7 years and may be provided to law enforcement or a court if required by law.

Executor access

Where no legacy contact has been nominated, the executor or administrator of a deceased estate may apply for independent read-only access through our estate access page. Applicants must hold a Grant of Probate or Letters of Administration issued by a competent Australian court. We will ask for a copy of the death certificate, the grant of authority, and photo identification.

Executor access is granted by a member of our team after manual review of the submitted documentation. We do not make automated decisions on these requests. If approved, the executor receives a secure access link valid for 12 months. Executor access is read-only and is scoped to material relevant to estate administration: vault documents, the account register, and completed checklist items. All access is logged in our audit trail.

The personal information collected during an executor access application (including identity documents and grant documentation) is used solely to verify the applicant's identity and authority. It is not used for any other purpose. This documentation is retained for 7 years from the date the request was resolved, to maintain a record of the decision, and is then securely destroyed.

When an executor access application is submitted, we also record the IP address it was sent from, the browser and device used, and the local time and timezone reported by the submitter's device. We collect this only to verify the request and to protect against fraudulent or mistaken access to a deceased person's records. It is held with the access-request record, used for no other purpose, and retained and destroyed on the same 7-year basis described above.

If no legacy contact has been nominated and no executor access application has been made, the next of kin or a family member may contact us at hello@18december.com.au to discuss their options.

Data retention after death

What happens to a subscriber's account after they die depends on the state of the account at the time of death.

If the subscription was active at the time of death, or if it had lapsed due to a payment failure rather than a deliberate cancellation: the account and all its contents are retained. A verified legacy contact or executor can access the account. There is no fixed deadline for this retention category beyond the 12-month window described below.

If the subscriber cancelled their own subscription before they died (an ordinary cancellation, not a wind-down after a death): under our standard cancellation policy, account data remains accessible until the end of the final billing period and is then held for 30 days before being permanently deleted. If that window has passed before we are notified of the death, the data will no longer be available. We are not able to recover data that has already been deleted under this process.

If the account was wound down after the death of the person being supported: the account is retained for 12 months from the wind-down, rather than on the 30-day cancellation timeline, so that the account holder, and where relevant a verified legacy contact or executor, can still reach the documents and the guidance for after a death. The account holder may download their documents at any time during that period, or request deletion sooner. After 12 months, the data is permanently deleted, except transaction records required under Australian tax law (retained for 7 years).

If we are notified that a subscriber has died: we retain the account and all its contents for 12 months from the date we receive notification. During that period, a verified legacy contact or executor may access, download, or request deletion of the data. After 12 months, if no access request has been made and no earlier deletion has been requested, the account is closed and all personal information is permanently deleted, except transaction records required under Australian tax law (retained for 7 years).

A legacy contact or executor may request earlier deletion at any time by contacting us at hello@18december.com.au. We will complete the deletion and confirm it in writing.

Documents and records containing sensitive information

Vault documents may contain health information (such as advance care directives) or financial information (such as wills). Account register entries contain financial information including account numbers and institution contact details. All of this information retains its sensitive status after the subscriber's death. It is disclosed only to the nominated legacy contact or an authorised legal representative, and only for the purposes described in this section.

13. Using the platform anonymously

You may browse all free content on this platform without creating an account. The guided stages, specialist finder, and checklist are accessible without providing personal information beyond what is captured by Google Analytics. Where lawful and practicable, you may interact with the platform without identifying yourself.

A named account is required to use the document vault and to save checklist progress across devices.

14. Marketing emails and service notices

We send three categories of email.

Marketing emails are promotional communications about the platform. We send a welcome email when you create an account. We may also send a single check-in email approximately 72 hours after you create a free account, if you have not yet engaged with the checklist. You can opt out of all marketing emails at any time in three ways: by clicking the unsubscribe link in any marketing email, by updating your notification preferences in your account settings at 18december.com.au/account, or by contacting us at hello@18december.com.au. Once you opt out, we will not send you further marketing emails.

Service notices are transactional or legally required communications directly related to your account. These include: subscription confirmation, cancellation confirmation (including your data deletion date), data deletion completion notice, legacy contact invitation and status emails, nominated person access notifications, and circle emails (an invitation to join your circle, and notice when a person’s circle access is changed or removed). You will receive these emails regardless of your marketing preferences because they carry direct account consequences or legal notification obligations. They cannot be opted out of while your account is active.

Care reminders are automated reminders sent by our medication diary feature based on the dosing schedule you configure. By default they are sent by email and reference your health information (the name of the scheduled medication). If you turn on text-message reminders and confirm your mobile number, they are sent by text instead; those texts are generic and contain no medication name, dose, or person’s name. They are sent only while you have an active subscription and only for medications where reminders are enabled. You can stop care reminders at any time: turn off reminders for an individual medication (or remove it) in your medication diary; turn off text reminders in your medication diary; or, for text reminders, reply STOP to any reminder. Turning text reminders off also removes your stored mobile number. Care reminders are service messages you have set up, not marketing, so they do not carry a marketing unsubscribe link; you stop them using the controls just described.

15. Your rights

Australian users

Under the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic), you have the right to:

  • Access the personal information we hold about you
  • Correct personal information that is inaccurate, outdated, or incomplete
  • Withdraw consent to the collection of sensitive information
  • Opt out of direct marketing at any time
  • Complain about how we have handled your personal information

If your information has been recorded by someone supporting you, you have the same rights over that information as any other individual, including the right to access it, to have it corrected, and to ask that it no longer be kept. Contact us at hello@18december.com.au and we will help, even if you are not the account holder.

EU and UK users

If you are located in the European Union, European Economic Area, or United Kingdom, you have the following additional rights under the GDPR and UK GDPR:

  • Right of access (Art. 15): request a copy of the personal information we hold about you and information about how we process it.
  • Right to rectification (Art. 16): request correction of inaccurate or incomplete personal information.
  • Right to erasure (Art. 17): request deletion of your personal information where it is no longer necessary for the purpose collected, where you have withdrawn consent, or where processing is unlawful. Note that some data must be retained for legal reasons (e.g., transaction records).
  • Right to restriction of processing (Art. 18): request that we pause processing your data in certain circumstances, such as while you contest its accuracy.
  • Right to data portability (Art. 20): request your personal information in a structured, machine-readable format and, where technically feasible, transfer it to another provider. This applies to data processed by automated means on the basis of consent or contract.
  • Right to object (Art. 21): object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
  • Rights relating to automated decision-making (Art. 22): we do not make decisions about you solely by automated means that produce significant legal or similarly significant effects. Our personalisation (pathway and stage content) does not meet this threshold.
  • Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at hello@18december.com.au. We will respond within 30 days (GDPR: within one month, extendable by a further two months for complex requests).

You also have the right to lodge a complaint with your national data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO). In other EU/EEA countries, contact the supervisory authority in your member state.

16. Complaints

If you believe we have not handled your personal information appropriately, please contact us first at hello@18december.com.au. We take all privacy complaints seriously and will respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with:

  • Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992
  • Health Complaints Commissioner (Victoria) for complaints relating to health information, at hcc.vic.gov.au

17. Children’s privacy

18December is intended for adults. You must be at least 18 years old to create an account, as set out in our Terms of Service. We do not knowingly collect personal information from anyone under 18. If you become aware that a child has given us personal information, or you are a parent or guardian who believes a child in your care has done so, contact us at hello@18december.com.au and we will delete it. Where the platform is used in relation to a young person who is unwell or bereaved, it is intended to be accessed and managed by a responsible adult on their behalf.

18. When this policy changes

We may update this Privacy Policy from time to time. The “last updated” date at the top of this page shows when it last changed. For minor changes, the updated policy takes effect when it is posted. If we make a change that materially affects how we handle your personal information, we will take reasonable steps to let you know in advance, for example by email or an in-app notice, and where a change reduces your rights or expands how we use your information, we will give you a reasonable opportunity to review it before it takes effect. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.

← Back to 18December · Terms of Service · Cookie Policy · Refund Policy · Disclaimer
18December

Built from lived experience. Practical, plain, and always on your side.

The journey
DiagnosisLiving with terminal illnessMaking the most of the timeImmediately after deathWinding up the estateLife after loss
Platform
ChecklistFind a specialistAll guidesSaved guidesPricingFor organisationsAbout
Organisations
Aged careHospicesEmployee Assistance ProgramsRequest a demo
Support
Crisis helplinesGrief supportContact usFamily account accessDisclaimer

18December provides general information only. Nothing on this platform constitutes medical, legal, or financial advice. Content is relevant to Australian law and may not apply in other jurisdictions. Laws governing wills, estates, and end-of-life decisions vary by state and territory. Always seek professional advice for your specific circumstances.

18December acknowledges the Traditional Custodians of Country throughout Australia and their continuing connection to land, sea, and community. We pay our respects to Elders past and present.

Aboriginal and Torres Strait Islander peoples are advised that this website may contain the names, images, or voices of people who have died.

© 2026 18December Pty Ltd · Melbourne, Victoria, AustraliaPrivacy Policy · Terms of Service · Cookie Policy · Refund Policy · Disclaimer · Do Not Sell or Share My Personal Information