Last updated: March 13, 2026
Stillago collects only the information you provide when creating your emergency operations manual. This includes your email address (for authentication and notifications), and the business-critical information you enter into your manual sections — things like account details, contact lists, and operational notes.
We collect this data for one reason: to help you create a comprehensive emergency manual that your trusted person can access if something happens to you. We don't collect browsing data, sell advertising, or track you across the web.
Your manual data is encrypted using AES-256-GCM encryption — the same standard used by banks and government agencies. Every sensitive field in your manual is encrypted individually (field-level encryption) before it's stored, meaning even if someone accessed our database directly, they'd see only encrypted gibberish.
All data is stored on MongoDB Atlas with encryption at rest enabled. Data in transit is protected via TLS. Encryption keys are managed securely and are never stored alongside your data.
We do not sell, rent, trade, or share your personal data with any third parties. Period. Your emergency manual data is yours. The only people who see it are you and anyone you explicitly grant emergency access to.
We use Resend for transactional emails (magic link authentication and notifications). They process your email address solely to deliver those messages and do not retain or use it for any other purpose.
You can export your complete manual as a PDF at any time from the Settings page in your account. The export includes all sections and is generated on-demand with your decrypted data. We believe your data belongs to you, and you should always be able to take it with you.
You can request account deletion from the Settings page. When you delete your account, we initiate a 30-day grace period during which your data is retained but inaccessible. This gives you time to change your mind. After 30 days, all your data — including your manual, account information, and any emergency access links — is permanently and irreversibly deleted from our systems.
In the unlikely event of a data breach that affects your personal information, we will notify you via email within 72 hours of discovering the breach. The notification will include what happened, what data was affected, and what steps we're taking to address it. We will also notify relevant authorities as required by applicable law.
If you have questions about this privacy policy or how your data is handled, reach out to us at privacy@stillago.com.
© 2026 Stillago. Everything is still a go.