WhenIGo.io and ForWhenIGo.com (together, “WhenIGo,” “we,” “our,” or “us”) operate as the same service — ForWhenIGo.com is our primary consumer-facing website, and WhenIGo.io redirects there. WhenIGo is a subsidiary of Blue Butterfly Inc. (921 H St NE #115, Washington, DC 20002), which serves as the legal data controller responsible for your personal information. We are a digital funeral pre-planning platform that helps you document your end-of-life wishes and share them with the people you trust. This Privacy Policy applies to both domains and explains what information we collect, why we collect it, and how we use it.

We collect only what we need to provide the service:

• Account information. Your name, email address, and any profile details you provide when you create an account.
• Sign-in through Google or Yahoo. If you sign in with Google or Yahoo (via OAuth), we receive your name and email address from that provider. We never see or store your Google or Yahoo password. You can revoke this access at any time in your account settings with that provider.
• Google Contacts (optional). If you choose to import contacts using “Import from Google,” we access your Google Contacts — names, email addresses, and phone numbers — solely to let you designate key notification contacts inside your plan. We do not retain this data beyond that purpose, and you can revoke access at any time.
• Your plan and preferences. The content you enter into your plan: preferences, notes, music choices, photos, trusted contacts, notification instructions, legacy letters, legacy gifts, and your personal story (“My Story”). This content may include sensitive personal information — see Section 3 for how we protect it.
• Uploaded legal documents. You may upload legal documents to your plan — such as a will, trust, advance directive, power of attorney, or similar instruments — for secure storage and to make them accessible to your trusted contacts. These documents are treated as sensitive personal information and are subject to the heightened protections described in Section 3.
• Technical data. Device type, browser, IP address, and usage patterns — collected automatically to operate, secure, and improve the service.

Because WhenIGo is a funeral pre-planning platform, some of the content you store with us is deeply personal. Your legacy letters, personal story, end-of-life wishes, and related plan content may reflect your health status, religious or philosophical beliefs, family relationships, and financial preferences. Under various privacy laws, some of this information may be classified as “sensitive personal data.”

We treat this content with the highest level of care:

• Your plan content is encrypted at rest and in transit.
• Access to your plan content is strictly limited to you and the trusted contacts you explicitly designate.
• We do not use your plan content for advertising, profiling, or any purpose other than delivering the service to you.
• We do not sell or share your sensitive plan content with third parties, except as described in Section 5 (with your consent) or as required by law.
• State law protections. If you are located in California or another state with heightened protections for sensitive data, we apply those protections to your plan content regardless of where you reside.

We use your information to:

• Create and manage your account and plan.
• Save, display, and share your plan with the trusted contacts you designate.
• Send notifications to the contacts you identify in your plan.
• Process your annual subscription payment and any other applicable transactions.
• Send you service-related communications about your account.
• Send you promotional emails about WhenIGo features or offers (you can opt out at any time — see Section 8).
• Diagnose problems and improve the platform.
• Comply with applicable legal obligations.

We do not sell your personal data. Ever.

We share your data only in the limited circumstances below. We never sell or rent your personal information.

• Service providers. We work with vendors who help us run the platform (for example, cloud hosting, email delivery, and analytics). These vendors may access your data only to perform services on our behalf, are contractually required to protect it, and may not use your data for their own purposes.
• Legal requirements. We may disclose information if required by a valid legal process (such as a court order or subpoena), or to protect the rights, property, or safety of WhenIGo, our users, or the public.
• Business transfers. If WhenIGo is acquired or merges with another company, your information may transfer as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
• Blue Butterfly Inc. (our parent company). WhenIGo is a subsidiary of Blue Butterfly Inc. We may share your information within the Blue Butterfly Inc. corporate family where necessary to operate, support, or improve the service, or to comply with legal obligations. Any such sharing is governed by this Privacy Policy and the same data protection standards that apply to WhenIGo. We do not share your data with Blue Butterfly Inc. or its affiliates for independent marketing purposes without your explicit consent.
• Third-party partners. We may partner with third-party companies (such as funeral homes, insurance providers, or legal services) to offer you additional features or services. We do not automatically share your personal data with these partners. If a feature requires sharing your information with a partner, we will tell you clearly what data is shared, with whom, and for what purpose — and we will ask for your consent before sharing. This includes any situation where a partner may need to access your plan content or uploaded legal documents to provide a service you have requested. Our partners are contractually prohibited from using your data for their own marketing or any purpose other than the specific service you requested.

Our platform may connect you with or link to third-party services — such as florists, funeral homes, insurance providers, estate planning attorneys, will and trust companies, legal services, or other vendors — to help you carry out your wishes. It is important to understand how responsibility is divided when you interact with those third parties.

• Data you give directly to third parties. When you provide information directly to a third-party service — for example, entering your name and address on a florist’s order form, or submitting details to an insurance provider — that information goes directly to them. WhenIGo does not receive, control, or store that data. The third party’s own privacy policy governs how they collect, use, and share it, and we are not responsible for their practices.
• Notice before handoff. Whenever you are about to interact with or be redirected to a third-party service, we will display a clear notice identifying the third party and letting you know that their privacy policy — not ours — will apply to any information you provide to them. We encourage you to review their privacy policy before submitting any personal information.
• We are not responsible for third-party practices. We do not control how third-party services use the information you give them, including whether they use it for future marketing. If you have concerns about how a third party has used your data, you should contact that company directly or review their privacy policy.
• When WhenIGo shares data on your behalf. Where WhenIGo itself shares your data with a partner on your behalf (rather than you providing it directly), Section 5 above applies: we will obtain your consent first, tell you what is being shared and why, and require the partner to use it only for the purpose you authorized.

Tip: Before submitting personal information to any third-party vendor, look for a privacy policy link on their site and check whether they allow you to opt out of marketing communications.

Because WhenIGo is a funeral pre-planning service, we have specific policies about who can access your plan and what happens to your data after your death. You are in control of these decisions while you are alive.

• During your lifetime. While your account is active, only you can access your full plan. Trusted contacts you designate receive only the information and notifications you have specifically authorized.
• Trusted contact access. You may designate one or more trusted contacts inside the app who will be granted access to your plan after your passing. They will receive only the portions of your plan you have authorized them to see. You can add, change, or remove trusted contacts at any time.
• Family or legal representative requests. A verified immediate family member or legal representative (such as an executor or administrator of your estate) may contact us to request access to or deletion of your plan after your death. We will require documentation verifying their identity and relationship before granting any access.
• Uploaded legal documents after death. Any legal documents you have uploaded to your plan — such as a will, trust, or advance directive — will be accessible to the trusted contacts you have designated, consistent with the access permissions you set during your lifetime. A verified legal representative or executor may also request access to these documents after your death, subject to the same identity verification requirements above. WhenIGo does not independently distribute or act upon uploaded legal documents.
• Inactive and lapsed accounts. WhenIGo requires an annual subscription to keep your account active. If we are unable to process your renewal payment, we will contact you at the email address on file to give you the opportunity to update your payment information. If your account remains unpaid and there has been no activity on your plan, we will delete your account and all associated data. Before doing so, we will make a reasonable attempt to notify your designated trusted contacts so they are aware that the plan will no longer be available.
• Your right to delete. At any time while you are alive, you may request full deletion of your account and all associated data by contacting us at privacy@forwhenigo.com.

Tip: We recommend designating at least one trusted contact so your wishes are accessible to the people who need them when the time comes.

You are in control of your information:

• Access and correction. You can view and update your account and plan at any time inside the app.
• Revoke third-party access. You can revoke WhenIGo’s access to your Google or Yahoo account through that provider’s settings page at any time.
• Deletion. You can request that we delete your account and associated data by emailing privacy@forwhenigo.com. We will process your request within 30 days, subject to any legal retention obligations.
• Email marketing opt-out. If you receive promotional emails from us, every email includes an unsubscribe link. You can also opt out by emailing privacy@forwhenigo.com. Note: even if you opt out of marketing emails, we will still send you essential service communications (such as account security notices or plan execution notifications).
• California residents (CCPA). California residents have additional rights under the California Consumer Privacy Act (CCPA) — see Section 9 for details.
• EU/UK residents (GDPR). If you are located in the European Union or United Kingdom, you may have rights under GDPR, including the right to access, correct, delete, or restrict processing of your data, and the right to data portability. Contact us at privacy@forwhenigo.com to exercise these rights.
• Other state residents. Residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws may have similar rights. Contact us and we will respond in accordance with applicable law.

If you are a California resident, the California Consumer Privacy Act (CCPA) requires us to provide the following additional disclosures.

Categories of personal information we collect:

• • Identifiers: name, email address, IP address.
  • Account and profile data: plan content, preferences, legacy letters, photos, uploaded legal documents.
  • Internet or network activity: usage data, browser type, pages visited.
  • Geolocation data: approximate location derived from IP address.
  • Sensitive personal information: end-of-life wishes, legacy content, uploaded legal documents, trusted contact designations.

Purposes for collection: to provide and improve the service, send notifications, process payments, and comply with legal obligations.

We do not sell or share your personal information for cross-context behavioral advertising.

To submit a verifiable consumer request, email privacy@forwhenigo.com with the subject line “California Privacy Request.” We will respond within 45 days as required by law.

We use cookies and similar technologies to keep the service running and to understand how people use it. When you first visit, a banner will ask for your cookie preferences.

• Essential cookies. Required to keep you signed in and to make core features work. These cannot be turned off because the service does not function without them.
• Analytics and performance cookies. Help us understand how visitors use the app so we can improve it. We currently use:
• Google Analytics (GA4) — page visits and user flows.
• Microsoft Clarity — anonymized session replays and heatmaps.
• ContentSquare — user interaction patterns.
• New Relic — application performance and error monitoring.

If you decline non-essential cookies through our banner, we will not load analytics tools. You can also clear cookies in your browser at any time. We honor the Global Privacy Control (GPC) signal: if your browser sends a GPC signal, we treat it as an opt-out from non-essential cookies.

We use industry-standard security measures — including encryption in transit and at rest, access controls, and regular security reviews — to protect your information. No system is perfectly secure, but we take reasonable and appropriate steps to safeguard your data, with heightened protections applied to sensitive plan content (see Section 3).

We keep your information for as long as your account is active or as needed to provide the service and comply with our legal obligations. When you delete your account, we will delete or anonymize your personal data within 30 days, unless the law requires us to keep it longer.

In the event of a data breach that affects your personal information, we will notify you as required by law. For most U.S. states, this means we will notify you without unreasonable delay and within the timeframe required by your state’s breach notification law (typically 30–60 days). Notice will be sent to the email address associated with your account and, where required, to the relevant state attorney general. The notice will describe what happened, what data was affected, what we are doing about it, and what steps you can take to protect yourself.

WhenIGo is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, please contact us at privacy@forwhenigo.com and we will delete it promptly.

This Privacy Policy is incorporated into and subject to our Terms of Service, which govern your use of the WhenIGo platform. By using WhenIGo, you agree to both this Privacy Policy and our Terms of Service. In the event of any conflict between this Privacy Policy and the Terms of Service with respect to privacy matters, this Privacy Policy controls. Our Terms of Service are available at ForWhenIGo.com/terms [Note: confirm this URL is live before publishing this policy].

We are committed to making this Privacy Policy accessible to all users, including those who use assistive technologies. This policy is available in standard HTML on our website and is designed to be compatible with screen readers. If you need this policy in an alternative format or have difficulty accessing it, please contact us at privacy@forwhenigo.com and we will provide it in a format that works for you.

WhenIGo is a digital planning and documentation platform. We are not a licensed funeral home, cemetery, insurance company, pre-need seller, attorney, or financial advisor. We do not hold, manage, or administer pre-need funeral trust funds or estate assets on your behalf. You may upload legal documents (such as a will, trust, or advance directive) to your plan for secure storage and to make them accessible to your trusted contacts. WhenIGo stores these documents solely as a convenience to you and does not review, interpret, validate, or provide any legal advice regarding their contents. You are responsible for ensuring that any documents you upload are accurate, current, and legally valid in your jurisdiction.

When we connect you with funeral homes, insurance providers, financing partners, estate planning attorneys, or will and trust companies, those entities are separately licensed and regulated under the applicable laws of the state in which they operate. Any pre-need contract, insurance policy, financing agreement, legal engagement, or estate planning arrangement you enter into with a third-party partner is solely between you and that partner. WhenIGo is not a party to those agreements and bears no financial or legal liability under them.

WhenIGo operates nationwide. When we connect you with funeral homes, insurance providers, financing partners, estate planning attorneys, or will and trust companies in any state, those entities are separately licensed and regulated under the laws of the state in which they operate. If you have concerns about any licensed provider we have connected you with, you should contact the relevant licensing or regulatory authority in your state. Most states have a state board of funeral directors, a department of health, a department of insurance, or a state bar association that oversees these providers. Your state attorney general’s office can also be a resource for consumer complaints.

This Privacy Policy and any disputes arising out of or related to it are governed by the laws of the State of Delaware, without regard to its conflict of law principles. Blue Butterfly Inc. is incorporated in Delaware, and Delaware law governs the interpretation and enforcement of this policy.

If you have a concern or complaint about how we have handled your personal information, we encourage you to contact us first at privacy@forwhenigo.com. We will make every reasonable effort to resolve your concern promptly and fairly. If we are unable to resolve your complaint directly, you may have the right to lodge a complaint with a supervisory authority or data protection authority in your jurisdiction.

Nothing in this section limits any rights you may have under applicable federal or state privacy law, including the rights described in Sections 8 and 9 of this policy.

We may update this policy from time to time. If we make material changes, we will notify you by email or by a prominent notice in the app at least 30 days before the changes take effect. Your continued use of the service after that date constitutes your acceptance of the updated policy. The “Last Updated” date at the top of this page reflects the most recent revision. Prior versions of this policy are available upon request.

If you have questions or concerns about this policy or your data, please reach out:

WhenIGo — A subsidiary of Blue Butterfly Inc.

Privacy Team: privacy@forwhenigo.com

921 H St NE #115

Washington, DC 20002

ForWhenIGo.com