Last updated: 14 July 2026
18December (“we”, “us”, or “our”) is committed to protecting the privacy of everyone who uses this platform. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Health Records Act 2001 (Vic), and, for users located in the European Union, European Economic Area, or United Kingdom, the EU General Data Protection Regulation (GDPR) and UK GDPR.
What matters most, in plain language:
We do not sell your data or read your documents. Your vault documents are encrypted and stored in Australia. You can download everything and close your account at any time. If something ever went wrong with your data, we would tell you. You can nominate a trusted person, and you control exactly when and what they can see. After you die, they can request access to your full account.
18December is a platform operated by 18December Pty Ltd (ACN 699 023 464), Victoria, Australia. For all privacy enquiries, contact us at hello@18december.com.au.
We collect the following categories of personal information:
We collect and use your personal information to:
We do not sell, rent, or trade your personal information to third parties. We do not use your information for advertising profiling.
If you are located in the European Union, European Economic Area, or United Kingdom, the UK GDPR and EU General Data Protection Regulation (GDPR) apply to our processing of your personal information. We process your personal information on the following legal bases:
18December operates in a space that often involves health information, including advance care preferences, medical conditions, and end-of-life plans. Under the Privacy Act and the Health Records Act 2001 (Vic), this information requires heightened protection. We take that seriously.
You may store documents in your vault that contain health information (for example, advance care directives or letters to medical teams). You may also share health-related context with us in support correspondence.
The medication diary feature collects health information directly: medication names, doses, dosing instructions, and a log of when each dose was administered and by whom. This data constitutes health information under both the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic). It is collected only with your consent (by using the feature) and is stored solely to support your care management. Last wishes records may also contain sensitive personal content of your choosing.
If you are signed in, we record which guides you read and save. Because our guides cover health and end-of-life topics, this activity can reasonably indicate your or another person's health circumstances, so we treat it as sensitive information. It is collected only where you are signed in (by reading or saving guides while logged in), is stored solely to show your read markers and saved guides across your devices, and is never used to build a health profile of you or disclosed to third parties. If you are not signed in, this activity stays in your browser and is not collected by us.
Where you generate a medication diary share link and share it with a third party (such as a nurse, carer, or family member), the contents of your medication diary, together with the first name of the person being cared for, become visible to that person. This constitutes a disclosure of your health information under Australian Privacy Principle 6. The share link is generated by you, shared at your discretion, and can be revoked by you at any time from your account settings. To protect your health information, the link stays active only while it is being used: it switches off on its own if it is not opened for 14 days, and in any case lasts no more than 90 days without you renewing it. We record when it is opened, both so you can see whether and how often it has been viewed and so that an actively used link keeps working. If someone opens a link that has switched off, we may email you to let you know, so you can send a fresh link if it is still needed. We do not initiate, control, or have visibility over who you share the link with. You are responsible for ensuring the link is shared only with people you trust with your health information.
If you turn on text-message reminders, the reminder texts are deliberately generic and never contain the medication name, the dose, or the name of the person being cared for. Because no health information is placed in the text, sending it through our SMS provider and the mobile networks is not a disclosure of your health information. The detail stays in the medication diary, behind your sign-in.
We collect sensitive information only with your explicit consent. By uploading a document to your vault or sharing health-related details with us, you consent to our storing and using that information solely to provide the vault feature and support you have requested. We do not access the content of your vault documents except where necessary to provide technical support at your request, or as required by law.
We will not use sensitive information for any purpose other than the specific purpose for which you provided it, unless required by law or to prevent a serious threat to life or safety.
Many people use 18December to support a partner, family member, or friend (we call that person the Person). If you have told us your account is for someone you are supporting, the information you record, most of all in the medication diary, may be the Person’s information rather than your own, and may include their health information.
When you record the Person’s information, we ask you to confirm the basis on which you do so. That basis is one of the following: the Person has given you permission, you act under an enduring power of attorney or guardianship, or the Person cannot make this decision and you are their substitute decision-maker. We rely on your confirmation. We do not independently verify it, and you are responsible for ensuring you have the authority you describe. Where the Person is able to understand that you are keeping this information for them, they should know that you are doing so.
We hold the Person’s information on the same terms, and with the same protections, as your own. We use it only to provide the features you have asked for, and we apply the heightened protections for sensitive information described above.
We keep the Person’s information separate from your own so that it is not passed on without a proper basis. A legacy contact, an executor, or a person you nominate to see your account only ever receives the items that are your own. The Person’s information is withheld from them, as is any item whose owner you have not yet confirmed, unless you have first told us it is your own. Being trusted to hold the Person’s information does not let anyone else receive it through your account.
You can see and change whose information each item is at any time from your account. If you correct an item to record that it is your own, we ask you to confirm this is accurate, because marking an item as yours allows it to be released to your legacy contact or executor. This control supports your right, and the Person’s right, to keep information accurate and up to date.
The Person has rights over their own information, including the right to ask what is held, to have it corrected, and to ask that it no longer be kept. If the Person contacts us directly, we may need to act on their request, including by correcting or removing their information, even where you are the account holder. If you or the Person wishes to exercise these rights, contact us at hello@18december.com.au. See Section 15 for more on your rights.
Where you hold an account about the Person, you can also invite them to see their own record. Once invited, the Person can sign in with their own free account to see who is in the circle and what each person can access, and they can remove anyone or withdraw any area themselves. This lets the Person see and control who can access their information directly, rather than having to ask us.
18December lets you invite other people into your account (your circle) and choose, for each person, which areas of your account they can see. When you grant someone access to an area, you direct us to disclose that information to that person so they can help you. Where the area holds health information, such as your medication diary or pending tests, this is a disclosure of sensitive information under Australian Privacy Principle 6.
Before you can share a sensitive area, we record your express consent to that disclosure against you as the data subject, together with the date you gave it. Where the account is held by a Carer supporting the Person, the disclosure is made on the authority basis you have recorded above, and you confirm you have that authority. You choose who is in your circle and what each person sees, you can change or remove any person’s access at any time, and we keep a record of when a shared area is opened. We keep that access record for 12 months, then delete it (see Section 10).
Everyone you invite into your circle accesses your account through their own free 18December account and sign-in. We do not provide a way to view shared areas without an account.
You may withdraw consent at any time by deleting your documents from the vault or closing your account. We will explain the consequences before any data deletion action is taken.
18December uses pathway selection to personalise the content and guidance shown to you. This personalisation is based on the preferences you set (such as your role and stage) and does not involve automated decision-making that produces significant legal effects on you.
We also operate the following scheduled automated processes that act on personal information without human review:
The following disclosures apply from 10 December 2026 under the Privacy and Other Legislation Amendment Act 2024 (Privacy Act ADM amendments):
We use Google Analytics 4 to understand how the platform is used. Google Analytics collects anonymised data including pages visited, scroll depth, time spent on each page, button and link interactions, outbound link clicks, session duration, and general geographic region. This data is used solely to improve the platform and is not linked to your name or email address. If you are located in the EU or UK, Google Analytics cookies are only placed after you consent via our cookie banner. You can opt out at any time by updating your cookie preferences or by using the Google Analytics Opt-out Browser Add-on.
We also use session cookies set by Clerk (our authentication provider) to keep you signed in. These are essential cookies and cannot be disabled without affecting platform functionality.
For full details of the cookies we use, see our Cookie Policy.
We do not sell your personal information. We share it only with the service providers necessary to operate the platform, and only to the extent required for that purpose:
We may also disclose your medication diary records to the recipients of a share link you generate. This disclosure is made at your explicit direction. You control who receives the link and can revoke access at any time from your account settings. We do not choose or limit who you share your link with.
Where you invite someone into your circle and grant them access to part of your account, that information is disclosed to that person at your direction. They access it through their own free account and sign-in. You choose who is invited and what each person can see, and you can change or remove their access at any time from your account. We do not decide who is in your circle.
We may also disclose your information where required by law, court order, or regulatory authority. We will notify you of such requests where permitted by law.
Some of our service providers are located outside Australia. Your personal information (excluding document vault contents, which are stored in Australia via Supabase Sydney) may be stored or processed overseas: in the United States by Google, Clerk, Stripe, and Vercel; and in Japan (Tokyo region) by Resend, our email delivery provider. Text-message reminders are sent through Texto, which is hosted in Australia (AWS Sydney), so your mobile number and reminder texts are not sent overseas.
Before disclosing your information to these overseas recipients, we take reasonable steps to ensure they protect it consistently with the Australian Privacy Principles. All listed providers are subject to GDPR-standard data processing agreements or equivalent privacy frameworks. By using our platform, you acknowledge that your information may be transferred to countries with different privacy laws to Australia.
EU and UK users: Australia does not currently hold an EU adequacy decision. Where your personal information is transferred to the United States (via Google, Clerk, Stripe, and Vercel) or to Japan (via Resend), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent transfer mechanisms adopted by those providers, to ensure an adequate level of protection.
When personal information is no longer required, we destroy or de-identify it securely.
We take reasonable steps to protect your personal information from misuse, loss, and unauthorised access. Our security measures include:
No internet transmission is 100% secure. If you believe your account has been compromised, contact us immediately at hello@18december.com.au.
Notifiable Data Breaches: if a data breach occurs that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act.
18December is a platform designed to help people plan for death and support those left behind. This section explains how we handle accounts and personal information after a subscriber dies.
When you nominate someone on 18December, they will receive an email invitation to confirm their nomination. Accepting that invitation does not give them access to your documents or any information you have stored on the platform.
Your nominated person can only view your documents when you choose to release access to them. You do this explicitly through your account settings. No access is shared automatically at any point.
You can withdraw your nominated person's access at any time. When you do, they will be notified and immediately lose the ability to view your documents.
We collect and use your nominated person's name and email address to send them their invitation and to notify them when your access settings change. We do not use this information for any other purpose, and we do not share it with third parties.
Your nominated person's information is handled in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth).
Access to shared documents is via a secure link sent to your nominated person's email address. That link does not require a password. You are responsible for revoking access if you believe the link has been forwarded or compromised. You can do this at any time from your account settings.
Subscribers may nominate a trusted person as their legacy contact from their account settings. A legacy contact is the specific person a subscriber has authorised to access their account after their death. The nomination is the subscriber's express consent under Australian Privacy Principle 6 for us to disclose their information to that person following their death.
When a nominated legacy contact wishes to access the account, they submit a request through their secure link and confirm that the subscriber has died and that they are the nominated person. Before we grant any access, we verify the request. We ask the requester to provide a copy of the subscriber's death certificate (or equivalent documentation) and proof of their own identity, being either a statutory declaration confirming they are the nominated contact or a copy of their government-issued photo identification. A member of our team reviews this documentation and only releases access once we are satisfied that the request is genuine and that the requester is the person the subscriber nominated.
We collect these verification documents solely to confirm the legitimacy of the access request. We use them only for that purpose and do not share them with third parties except where required by law. Once a request has been verified and actioned, identity and death verification documents are retained only as long as needed to maintain a record of the decision, and are then securely destroyed in accordance with our retention practices.
When a request is submitted, we also notify the subscriber at their registered email address, so that if the request was made in error or without authority the subscriber has an opportunity to contact us and have it placed on hold. If the documentation provided is insufficient or cannot be verified, we may decline the request. In that case we explain to the requester what is required and they may submit a further request.
A legacy contact has read-only access to the following:
A legacy contact cannot upload documents, delete documents, modify the checklist, or access billing, account settings, or correspondence.
A legacy contact, and an executor granted access below, only ever receive the items that belonged to the subscriber themselves. Where the subscriber used the account to support another living person, anything the subscriber recorded as that person’s information (for example their health records in the medication diary) is withheld, because it is not the subscriber’s to pass on. The same applies to a person nominated to view the account during the subscriber’s life. See Section 5 for how the ownership of each item is recorded and changed.
A subscriber can write personal messages and, for each one, choose to have it released only after their death. These messages are for the specific people the subscriber names, not for the legacy contact. When the legacy contact's access is verified, we show them who each message is for and give them a private link to pass to that person. The legacy contact cannot read the messages themselves. Each recipient opens only the messages addressed to them, through a private link that requires no password. We do not email these recipients on the subscriber's death; the legacy contact chooses when and how to pass each link on. Every time a recipient opens their messages, the access is logged. See Section 6 for how the release is triggered.
All legacy contact access requests are logged, including the date, time, and identity of the person requesting access. This log is retained for 7 years and may be provided to law enforcement or a court if required by law.
Where no legacy contact has been nominated, the executor or administrator of a deceased estate may apply for independent read-only access through our estate access page. Applicants must hold a Grant of Probate or Letters of Administration issued by a competent Australian court. We will ask for a copy of the death certificate, the grant of authority, and photo identification.
Executor access is granted by a member of our team after manual review of the submitted documentation. We do not make automated decisions on these requests. If approved, the executor receives a secure access link valid for 12 months. Executor access is read-only and is scoped to material relevant to estate administration: vault documents, the account register, and completed checklist items. All access is logged in our audit trail.
The personal information collected during an executor access application (including identity documents and grant documentation) is used solely to verify the applicant's identity and authority. It is not used for any other purpose. This documentation is retained for 7 years from the date the request was resolved, to maintain a record of the decision, and is then securely destroyed.
When an executor access application is submitted, we also record the IP address it was sent from, the browser and device used, and the local time and timezone reported by the submitter's device. We collect this only to verify the request and to protect against fraudulent or mistaken access to a deceased person's records. It is held with the access-request record, used for no other purpose, and retained and destroyed on the same 7-year basis described above.
If no legacy contact has been nominated and no executor access application has been made, the next of kin or a family member may contact us at hello@18december.com.au to discuss their options.
What happens to a subscriber's account after they die depends on the state of the account at the time of death.
If the subscription was active at the time of death, or if it had lapsed due to a payment failure rather than a deliberate cancellation: the account and all its contents are retained. A verified legacy contact or executor can access the account. There is no fixed deadline for this retention category beyond the 12-month window described below.
If the subscriber cancelled their own subscription before they died (an ordinary cancellation, not a wind-down after a death): under our standard cancellation policy, account data remains accessible until the end of the final billing period and is then held for 30 days before being permanently deleted. If that window has passed before we are notified of the death, the data will no longer be available. We are not able to recover data that has already been deleted under this process.
If the account was wound down after the death of the person being supported: the account is retained for 12 months from the wind-down, rather than on the 30-day cancellation timeline, so that the account holder, and where relevant a verified legacy contact or executor, can still reach the documents and the guidance for after a death. The account holder may download their documents at any time during that period, or request deletion sooner. After 12 months, the data is permanently deleted, except transaction records required under Australian tax law (retained for 7 years).
If we are notified that a subscriber has died: we retain the account and all its contents for 12 months from the date we receive notification. During that period, a verified legacy contact or executor may access, download, or request deletion of the data. After 12 months, if no access request has been made and no earlier deletion has been requested, the account is closed and all personal information is permanently deleted, except transaction records required under Australian tax law (retained for 7 years).
A legacy contact or executor may request earlier deletion at any time by contacting us at hello@18december.com.au. We will complete the deletion and confirm it in writing.
Vault documents may contain health information (such as advance care directives) or financial information (such as wills). Account register entries contain financial information including account numbers and institution contact details. All of this information retains its sensitive status after the subscriber's death. It is disclosed only to the nominated legacy contact or an authorised legal representative, and only for the purposes described in this section.
You may browse all free content on this platform without creating an account. The guided stages, specialist finder, and checklist are accessible without providing personal information beyond what is captured by Google Analytics. Where lawful and practicable, you may interact with the platform without identifying yourself.
A named account is required to use the document vault and to save checklist progress across devices.
We send three categories of email.
Marketing emails are promotional communications about the platform. We send a welcome email when you create an account. We may also send a single check-in email approximately 72 hours after you create a free account, if you have not yet engaged with the checklist. You can opt out of all marketing emails at any time in three ways: by clicking the unsubscribe link in any marketing email, by updating your notification preferences in your account settings at 18december.com.au/account, or by contacting us at hello@18december.com.au. Once you opt out, we will not send you further marketing emails.
Service notices are transactional or legally required communications directly related to your account. These include: subscription confirmation, cancellation confirmation (including your data deletion date), data deletion completion notice, legacy contact invitation and status emails, nominated person access notifications, and circle emails (an invitation to join your circle, and notice when a person’s circle access is changed or removed). You will receive these emails regardless of your marketing preferences because they carry direct account consequences or legal notification obligations. They cannot be opted out of while your account is active.
Care reminders are automated reminders sent by our medication diary feature based on the dosing schedule you configure. By default they are sent by email and reference your health information (the name of the scheduled medication). If you turn on text-message reminders and confirm your mobile number, they are sent by text instead; those texts are generic and contain no medication name, dose, or person’s name. They are sent only while you have an active subscription and only for medications where reminders are enabled. You can stop care reminders at any time: turn off reminders for an individual medication (or remove it) in your medication diary; turn off text reminders in your medication diary; or, for text reminders, reply STOP to any reminder. Turning text reminders off also removes your stored mobile number. Care reminders are service messages you have set up, not marketing, so they do not carry a marketing unsubscribe link; you stop them using the controls just described.
Under the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic), you have the right to:
If your information has been recorded by someone supporting you, you have the same rights over that information as any other individual, including the right to access it, to have it corrected, and to ask that it no longer be kept. Contact us at hello@18december.com.au and we will help, even if you are not the account holder.
If you are located in the European Union, European Economic Area, or United Kingdom, you have the following additional rights under the GDPR and UK GDPR:
To exercise any of these rights, contact us at hello@18december.com.au. We will respond within 30 days (GDPR: within one month, extendable by a further two months for complex requests).
You also have the right to lodge a complaint with your national data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO). In other EU/EEA countries, contact the supervisory authority in your member state.
If you believe we have not handled your personal information appropriately, please contact us first at hello@18december.com.au. We take all privacy complaints seriously and will respond within 30 days.
If you are not satisfied with our response, you may lodge a complaint with:
18December is intended for adults. You must be at least 18 years old to create an account, as set out in our Terms of Service. We do not knowingly collect personal information from anyone under 18. If you become aware that a child has given us personal information, or you are a parent or guardian who believes a child in your care has done so, contact us at hello@18december.com.au and we will delete it. Where the platform is used in relation to a young person who is unwell or bereaved, it is intended to be accessed and managed by a responsible adult on their behalf.
We may update this Privacy Policy from time to time. The “last updated” date at the top of this page shows when it last changed. For minor changes, the updated policy takes effect when it is posted. If we make a change that materially affects how we handle your personal information, we will take reasonable steps to let you know in advance, for example by email or an in-app notice, and where a change reduces your rights or expands how we use your information, we will give you a reasonable opportunity to review it before it takes effect. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.