Terms of service

Terms and Conditions

Effective Date: July 10, 2025.

These Terms of Service ("Terms") set forth the legal agreement between you ("you," "your," or "User") and Dexit Digital Account Services ("Dexit," "we," "us," or "our") governing your access to and use of our products, websites, services, applications, and digital platforms (collectively, the "Services"). Dexit provides estate-focused digital asset management tools, including DEXIPLAN, our proprietary digital estate planning platform for individuals and professionals such as estate attorneys, fiduciaries, wealth advisors, funeral directors, and healthcare providers.

By accessing or using our Services, including but not limited to visiting our websites, creating an account, uploading data, or interacting with our platform in any way, you acknowledge that you have read, understood, and agreed to be bound by these Terms, along with our Privacy Policy and any other policies or agreements expressly incorporated herein (collectively, the “Agreements”).

If you do not agree to these Terms or any of the Agreements, you must not use or access the Services.

1. Legal Notice and Acceptance of Terms

Accessing, registering for, or using the Services constitutes a binding legal agreement between you and Dexit. If you are using our Services on behalf of an organization or other legal entity, you represent and warrant that you have the authority to bind that entity to these Terms. If you do not have such authority or do not agree to these Terms, you must not use our Services.

Dexit reserves the right, at our sole discretion, to modify, update, or replace these Terms at any time. If we make material changes, we may notify you by email, through the Services, or by updating the "Last Updated" date at the top of this document. Your continued use of the Services after any such changes constitutes your acceptance of the revised Terms.

1.1 Scope and Ownership

These Terms govern your access to all features and functionality offered through our Services, including any subdomains, software, APIs, support services, and associated digital products. All rights not expressly granted herein are reserved by Dexit. The DEXIPLAN platform, and any software, content, or processes made available through our Services, remain the exclusive intellectual property of Dexit Digital Account Services.

1.2 Legal Capacity and Authority to Enter Agreement

Access to and use of Dexit's Services is limited to individuals and legal entities capable of forming legally binding agreements under applicable law. By registering for, subscribing to, or using any part of the Services, you affirm that you are at least eighteen (18) years old, or otherwise possess the legal capacity required in your jurisdiction to enter into enforceable contracts. You further confirm that you are not prohibited from using or receiving the Services under any applicable laws, including those of the United States.

If you are acting on behalf of a company, trust, estate, nonprofit, or other legal entity, you represent and warrant that you have the authority to bind that entity to these Terms and all associated policies. In such cases, references to “you” or “User” throughout this agreement shall refer to both the individual acting and the represented entity. If it is later determined that you lacked proper authority, you agree to be personally liable for all obligations under these Terms, including any fees or liabilities incurred.

Dexit relies on representations made by individuals purporting to act on behalf of organizations or third parties. If we receive instructions, documents, communications, or data that reasonably appear to originate from someone authorized to act on your behalf, we may act accordingly and shall not be liable for any resulting loss or damages. However, if we have reason to doubt the authenticity or authority of such instructions, we reserve the right—but assume no obligation—to request additional proof of authority before proceeding. In cases of ownership dispute over an account or submitted content, Dexit may suspend or restrict access pending resolution and reserves the right to terminate access if a satisfactory determination cannot be made.

“User Content” includes any data, files, credentials, metadata, digital asset instructions, or other materials you upload to or distribute through the Services, including data associated with your own clients, estates, or beneficiaries. You agree that your use of the Services—whether by you directly, by someone acting with your credentials, or by someone accessing your account indirectly—binds you to these Terms.

By submitting any content, suggestions, or feedback to Dexit (via phone, email, chat, web form, or otherwise), you acknowledge that such communications are voluntary and non-confidential. We may use or disregard your submissions without obligation or compensation, and your submissions may be similar to work already in development or previously known to us. Dexit may retain such submissions as part of service optimization, support documentation, training, or security audits, in line with our Privacy Policy.

1.3 Product Modifications, Discontinuation, and Legal Ownership

We reserve the right, at our sole discretion, to modify, adjust, update, suspend, or permanently discontinue any part of our Website, Products, or related agreements, including pricing, features, and fees, at any time, with or without notice.

While we aim to maintain and support our Products and their components for as long as reasonably possible, certain services or functionalities may become obsolete or be phased out due to strategic, technical, or operational reasons. When this occurs, affected services or features will no longer be available or supported. You are solely responsible for taking appropriate action prior to the Discontinuation Date, whether by transitioning to an updated or alternative offering (if one exists) or by ceasing use of the affected feature or Product altogether. At our discretion, we may offer a comparable service, partial credit, or a prorated refund. In some cases, we may automatically migrate your account to a newer version of the Product. You acknowledge and accept that any such migration may result in changes to features or functionality and agree that we are not responsible for any resulting loss or disruption.

If a core feature is removed but the overall service retains substantially similar functionality, we are not obligated to provide a replacement or refund. Additionally, we are not liable to you or any third party for changes, suspensions, or the termination of any Product, service component, or feature.

From time to time, we may provide updates to our Website or Products. These updates may include improvements, security patches, bug fixes, or new functionality, and they may also involve the removal of certain features. We are not required to offer updates or to maintain any specific features indefinitely. All updates will be considered part of the applicable Product or Website and subject to the same terms outlined in this Agreement.

1.4 Ownership and Intellectual Property

Except where explicitly stated, this Agreement does not grant you any ownership rights or licenses to our intellectual property or that of any third parties. All rights, titles, and interests in the Website, Products, and any accompanying third-party materials remain solely with us or the respective third-party rights holders.

“Intellectual Property Rights” refers to all legal rights related to patents, copyrights, trademarks, trade secrets, design rights, database rights, and other similar protections—whether registered or unregistered—existing now or in the future, worldwide.

Dexit® and related service marks are protected under applicable trademark laws. The following service description is protected by registered or common law trademark rights and may not be copied, imitated, or used (in whole or in part) without express written consent:

“Providing a directory-information-service, namely, providing a compilation for controlling, transferring, and terminating the digital assets and digital accounts of deceased persons, in connection with estate planning and estate administration, to assist estate administrators and executors, in the dissolution of digital accounts and distribution of digital assets; Providing Software as a Service ("SaaS"), namely, providing a compilation for controlling, transferring, and terminating the digital assets and digital accounts of deceased persons, in connection with estate planning and estate administration, to assist estate administrators and executors, in the dissolution of digital accounts and distribution of digital assets; Data collection, data mining and management of data for use in estate planning; Data processing, systematization and management services for estate planning purposes; Collecting information for estate planning.”

2. Definitions

For the purposes of these Terms of Service, the following terms shall have the meanings set forth below. Defined terms may be used in the singular or plural, as appropriate:

Authorized Fiduciary: An estate attorney, healthcare proxy, executor, or legal representative granted access to manage a user’s assets.

Account: Refers to the user-specific access credentials and associated records maintained by Dexit that permit you to use and manage the Services.

Affiliate: Means any entity that directly or indirectly controls, is controlled by, or is under common control with Dexit.

Applicable Law: Refers to all laws, statutes, ordinances, regulations, rules, codes, treaties, and international conventions that apply to your access to or use of the Services, including, without limitation, the laws of the United States, the European Union, individual U.S. states (including RUFADAA and privacy laws), and relevant foreign jurisdictions.

Authorized User: Means any person or legal representative whom you have lawfully authorized to access your Account, including but not limited to fiduciaries, estate executors, digital asset managers, legal guardians, or attorneys-in-fact.

Customer Content: Includes any data, files, instructions, metadata, communications, documents, notes, account credentials, legacy preferences, or other materials uploaded, submitted, transmitted, or stored by you or your Authorized Users in or through the Services.

Dexit, We, Us, Our: Refers to Dexit Digital Account Services, Inc., its Affiliates, subsidiaries, officers, directors, employees, agents, and licensors.

Digital Assets: Refers to any electronic records, files, accounts, credentials, tokens, intellectual property, or content stored or accessible via digital means, including but not limited to email accounts, cryptocurrency wallets, cloud storage files, domain names, and social media profiles.

Personal Data: Has the meaning assigned under applicable privacy laws (e.g., “personal information” under the CCPA, “personal data” under the GDPR), and includes any data that can be used to identify, contact, or locate a natural person.

Platform: Means the combination of proprietary software, websites, databases, infrastructure, APIs, and user interface provided by Dexit to deliver the Services.

Privacy Policy: Refers to Dexit’s Privacy Policy, which explains how we collect, use, store, share, and protect your Personal Data and is incorporated into these Terms by reference.

Services: Refers to all features, tools, software, applications, integrations, and support functions provided by Dexit for the purpose of enabling Users to manage, organize, designate, share, or delete Digital Assets and associated Content.

SOC 2 Compliance: Refers to adherence to the Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy, as defined by the American Institute of Certified Public Accountants (AICPA).

Third-Party Services: Means any websites, platforms, vendors, or tools not owned or operated by Dexit that may be integrated into or accessible through the Services, including cloud storage providers, cryptocurrency exchanges, document signing platforms, and others.

User, You, or Your: Means any individual or legal entity that creates an Account, accesses, or uses the Services, including any Authorized Users acting on behalf of such individual or entity.

User Data: Means any Content, Personal Data, or information that you or your Authorized Users provide, upload, or transmit to the Services, including metadata, usage logs, or authentication data.

3. Privacy & Data Protection

We collect only necessary information and use encryption for all data in transit and at rest. Users have the right to access, correct, or delete their data per applicable law.

Dexit provides services and tools (“Products”) that may require the collection, handling, and transfer of personal information relating to visitors, users, or Customers (“Personal Data”) during the normal use of our Website and Products. For the purposes of this section, “Personal Data” refers only to data governed by applicable privacy laws and excludes Customer Content as defined in this Agreement.

The processing of such data is governed by Dexit’s Data Processing Agreement (“DPA”), which is incorporated into these Terms by reference. The DPA outlines our commitment to lawful and secure processing of Personal Data, including international transfers, and reflects our compliance with relevant data protection laws such as the GDPR, CPRA, and other regional regulations. Where transfers of Personal Data occur from the European Economic Area or other jurisdictions with data export restrictions, the Standard Contractual Clauses (SCCs), as appended to the DPA, apply and provide the necessary legal safeguards.

Under the DPA and associated SCCs, you—whether as an individual, organization, or legal entity—act as the Data Controller (or Data Exporter, where applicable), while Dexit operates as the Data Processor. By continuing to use our Products or completing a transaction involving Personal Data, you confirm your agreement to the DPA and its associated terms, including any applicable SCCs and annexes.

Should you prefer to sign a physical copy of the DPA for your records, you may request one by emailing our privacy team at: legal@dexitplan.com.

Our Privacy Policy outlines our collection, use, and protection of personal information, consistent with:

HIPAA and HITECH Act (for health data)
CPRA and CCPA (California privacy laws)
GDPR and Stripe compliance for EU user transactions
Safe Harbor Principles (historical reference for legacy users and international transfers)

4. User Accounts, Access and Responsibilities

4.1 Account Creation

To use the Services, you must register for an Account by providing accurate, complete, and current information as prompted by our registration process. You agree to keep this information updated and to notify us of any material changes that may affect your access or use of the Services.

You may not:

Create an Account using a false identity or another person’s information without legal authorization;
Maintain more than one personal Account without our prior written consent;
Transfer or assign your Account to another party without our express prior written permission, except where legally authorized (e.g., by a court-appointed fiduciary or estate representative).

4.2 Account Security

You are solely responsible for maintaining the confidentiality and security of your login credentials, including your username, password, multi-factor authentication keys, recovery codes, and any biometric access methods used to access the Services.

You agree to:

Implement industry-standard security practices (e.g., strong passwords, updated devices, secured email);
Notify us immediately at [insert security email] if you suspect or become aware of any unauthorized access, use, or disclosure involving your Account;
Accept responsibility for all activities that occur under your Account, whether authorized by you or not, unless caused by Dexit’s gross negligence or willful misconduct.

4.3 Authorized Users

You may authorize other individuals—such as fiduciaries, executors, or legal agents—to access your Account under strict conditions and in compliance with all Applicable Laws. You are responsible for all actions taken by your Authorized Users and for ensuring they understand and agree to these Terms.

We reserve the right to:

Require documentation (e.g., power of attorney, death certificate, court orders) before granting Authorized Users access;
Deny or revoke access where authentication, legality, or compliance is uncertain or unverifiable.

4.4 Identity Verification

To comply with SOC 2 and legal standards, Dexit may require you to undergo identity verification or provide additional information before:

Gaining full access to the Services;
Authorizing third-party access;
Executing deletion or transfer directives on sensitive Digital Assets.

We may rely on third-party verification tools and data sources. By using the Services, you authorize us to conduct these checks as necessary to fulfill our obligations and protect your account.

4.5 Account Inactivity and Closure

If your Account remains inactive for a continuous period of 12 months, Dexit reserves the right to:

Suspend access temporarily;
Initiate outreach to confirm continued interest;
Close the Account after providing at least 30 days’ advance written notice to your registered email address.

Before closure, you will have the opportunity to:

Reactivate the Account;
Export your Content and Digital Asset directives;
Assign or transfer access to an Authorized User or legal representative.

4.6 Account Termination by User

You may terminate your Account at any time through your account settings or by contacting us directly. Upon termination:

Your access to the Services will be disabled;
Your Content and associated metadata will be deleted in accordance with our Data Retention and Deletion Policy;
Certain legal and transactional records may be retained for compliance purposes, as permitted or required by law.

4.7 Account Suspension or Termination by Dexit

We reserve the right to suspend or terminate your access to the Services immediately, with or without notice, if we reasonably believe you have:

Violated these Terms or any Applicable Law;
Engaged in fraud, abuse, or misuse of the Services;
Posed a security or legal risk to yourself, us, or others.

In such cases, we will make reasonable efforts to notify you and provide an opportunity to export your data, unless doing so would violate the law or create a risk to other users.

4.8 User Responsibilities

To use certain features of the Website or access specific Products, you must first create a Customer Account. By registering, you confirm that the information you provide is accurate, current, and complete and that you will maintain its accuracy over time. If we believe the details you’ve submitted are false, outdated, or incomplete, we reserve the right to suspend or terminate your account at our discretion.

You are solely responsible for all activities that occur under your account, whether or not you authorized them. It’s your obligation to keep your login credentials (including password, account number, and payment information) safe and secure. We highly recommend regularly updating your password for added security.

If you're acting on behalf of an organization or third party, we may request documentation verifying the identity or authority of the true account owner. This can include contact details, official identification, or other proof of authorization.

You agree to comply with all applicable U.S. export control laws and regulations related to your use of the Website and Products.

Any unauthorized access, suspected breach, or misuse of your Customer Account must be reported to us immediately. You may be held responsible for damages incurred by us or others due to unauthorized access or security failures related to your account, whether caused by you, someone you authorized, or a third party.

We are not liable for any losses arising from unauthorized use of your account. You may, however, be liable for losses suffered by the Company or other users in such situations.

In the event your account initiates or becomes the target of a denial-of-service (DoS) attack or similar malicious activity that disrupts our systems or affects others, we reserve the right to immediately disable your account. You may be held financially responsible for resulting damages, service costs, or other charges.

We cooperate fully with investigations into system or network violations civil, administrative, or criminal and will work with law enforcement where appropriate. Anyone found to have breached our systems or compromised security may face civil or criminal consequences.

4.9 Prohibited Uses

Without limitation, you are expressly prohibited from:

Using the Services to upload, store, or distribute:
- Illegal content (e.g., stolen data, pirated materials, child sexual abuse material);
- Personally identifiable information (PII) of others without consent;
- Confidential or proprietary business records unless you are authorized;
Selling, leasing, sublicensing, or otherwise commercializing access to your Dexit account;
Using the Services for unauthorized inheritance planning, impersonating legal authorities, or engaging in any unlawful estate manipulation;
Bypassing Dexit's legacy access protocols or misusing account recovery processes;
Utilizing bots, automated tools, or scripts to manipulate, copy, or interfere with user flows.

We reserve the right to suspend or terminate any account that violates this section, without prior notice and at our sole discretion.

4.10 User Content Responsibilities

You are solely responsible for any data, directives, communications, or content (“User Content”) you submit, upload, or store using Dexit. You affirm that:

You have full legal rights to store and share such User Content;
The User Content does not violate any intellectual property rights or fiduciary duties;
The User Content complies with all applicable laws and these Terms.

Dexit is not liable for errors, omissions, misrepresentations, or unauthorized disclosures within your submitted content.

4.11 Fiduciary and Agent Conduct

If you are accessing the account or directives of a deceased or incapacitated user as a legally designated fiduciary under RUFADAA or comparable laws:

You must act within the scope of your legal authority;
You must provide all requested documentation confirming your status (e.g., court order, power of attorney, letters testamentary);
You must use the access only for legitimate, lawful purposes as defined by the account holder’s instructions or applicable law.

Any misuse of posthumous access rights or unauthorized fiduciary claims will result in immediate suspension, legal review, and potential law enforcement referral.

4.12 Enforcement and Reporting

We reserve the right to investigate any violation of this Chapter, suspend or terminate your account, and report unlawful activity to relevant authorities.

To report prohibited behavior or abuse of the Dexit platform, please contact legal@dexitplan.com. Reports are treated confidentially and will be investigated promptly.

5. Intellectual Property Rights

5.1 Ownership of the Services

All content, features, and functionality of the Dexit, including but not limited to software, user interfaces, graphics, designs, trademarks, logos, text, visual assets, source code, proprietary algorithms, documentation, and data models are and shall remain the exclusive property of Dexit, Inc. and its licensors.

These materials are protected by applicable intellectual property laws, including copyright, trademark, trade secret, and patent laws of the United States and international treaties.

Nothing in these Terms grants you any ownership or right to use Dexit’s intellectual property except as explicitly provided herein.

5.2 Limited License to Users

Subject to your compliance with these Terms, Dexit grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Services for personal, business, or fiduciary purposes consistent with these Terms.

You may not:

Modify, copy, distribute, reproduce, reverse engineer, disassemble, or attempt to derive source code from the Services;
Remove or alter any proprietary notices or branding;
Use the Services to build or support a competing product or service.

Any unauthorized use of the Services or intellectual property constitutes a breach of these Terms and may result in termination of your access.

5.3 User Content & Data

You retain ownership of all content and data (“User Content”) you upload, input, or create using the Dexit platform, including account directives, digital asset inventories, legacy plans, legal designations, or attached documents.

By submitting User Content, you grant Dexit a limited, royalty-free, worldwide license to use, host, copy, process, transmit, and display such content solely for the purpose of:

Providing the Services;
Performing internal operations (e.g., backups, diagnostics, fraud prevention)
Improving and developing the platform in accordance with privacy policies and applicable laws.

We do not claim ownership of your digital assets or any third-party data stored in your directives.

5.4 Trademarked Service Description

Any use of this description, or confusingly similar language, in a competing service constitutes an infringement of Dexit’s intellectual property rights.

5.5 Compliance Monitoring

Dexit reserves the right, but does not assume the obligation, to monitor Content and user activity to:

Detect and respond to potential violations of these Terms;
Protect system integrity and information security;
Cooperate with law enforcement or other authorities where legally required.

Monitoring activities may involve a combination of automated tools and manual reviews conducted under strict access control policies. These practices are designed to align with the principles and requirements of SOC 2 audit and privacy standards, even though the Company has not yet obtained formal SOC 2 certification.

5.6 Third-Party Content and Integrations

The Services may include integrations with or links to third-party tools, services, or content providers. Dexit:

Does not endorse or control such third-party services;
Is not responsible for their availability, accuracy, or content;
Disclaims any liability for harm resulting from their use.

Your use of third-party services is governed solely by the terms and privacy policies of those providers.

5.7 Reporting Violations

If you believe another user is violating these Terms or misusing the Services, please report it immediately to legal@dexitplan.com or through the designated reporting form on our website. We investigate reports in accordance with our internal compliance and incident response procedures.

6. Service Levels & Performance

6.1 Scheduled Maintenance

Dexit may periodically perform scheduled maintenance on its systems. We will:

Provide at least 48 hours' advance notice for planned downtime expected to exceed 15 minutes;
Schedule maintenance during non-peak hours when possible;
Minimize service interruptions through redundancy and live deployment practices.

You are responsible for monitoring posted notices and maintaining up-to-date contact information to receive alerts regarding system maintenance.

6.2 Emergency Maintenance

In rare cases, we may need to conduct emergency or unscheduled maintenance to:

Patch critical vulnerabilities;
Mitigate active security threats;
Restore data integrity or prevent loss;
Comply with urgent legal obligations.

In such events, we will make reasonable efforts to notify affected users and restore normal operations as quickly as possible.

6.3 No Warranties for Uninterrupted Service

Dexit does not guarantee that the Services will be free from errors, interruptions, delays, or imperfections at all times. The Services are provided on an "as is" and "as available" basis. We disclaim all express or implied warranties, including but not limited to:

Fitness for a particular purpose;
Non-infringement;
Merchantability;
Accuracy or timeliness of Content delivery.

6.4 Force Majeure

Dexit shall not be held liable for any failure or delay in performance caused by circumstances beyond our reasonable control, including:

Acts of God;
Natural disasters;
Cyberattacks;
Internet service interruptions;
Government actions;
War or terrorism;
Labor strikes;
Pandemic-related disruptions.

We will use reasonable efforts to resume performance as soon as practicable following such events.

7. Security & Compliance

Dexit is committed to protecting the confidentiality, integrity, and availability of your data. We implement and maintain administrative, technical, and physical safeguards designed to align with industry best practices and the AICPA’s SOC 2 Trust Services Criteria. These measures include:

Role-based access controls (RBAC) and least privilege policies for employees;
Regular vulnerability scanning, penetration testing, and patch management;
Audit logging and activity monitoring for all system-level operations.
We also maintain formal policies for information security, acceptable use, incident response, business continuity, and data classification, which are reviewed and updated regularly.

7.1 SOC I and II Alignment

Dexit is actively working toward obtaining SOC 1 Type I and II certification. While we are not yet formally certified, our security and privacy controls are designed to align with the SOC 2 Trust Services Criteria for security, availability, confidentiality, processing integrity, and privacy.
We will provide updates on our certification progress upon request, and once achieved, our SOC 2 report will be made available to enterprise clients, regulators, or other qualified requestors under a signed NDA for legitimate due diligence purposes.

7.2 Incident Detection & Response

Dexit maintains a documented and regularly tested Incident Response Plan aligned with NIST and SOC 2 best practices. In the event of a confirmed data breach involving your User Content or Personal Data, we will:

Notify affected users without undue delay, and within any legally required timeframes;
Describe the nature of the breach, affected data, mitigation efforts, and recommended protective actions;
Cooperate with regulatory authorities in accordance with applicable U.S. and international data breach laws.

7.3 Confidentiality of User Data

All User Data is treated as strictly confidential. Access by Dexit personnel, contractors, or subprocessors is permitted only on a need-to-know basis, subject to strict access controls and contractual non-disclosure obligations.
We will never access, view, or share your data unless:

It is necessary to provide or support the Services;
You give explicit consent;
We are legally required to do so;
It is needed to enforce these Terms or investigate suspected violations.

7.4 Regulatory Compliance

Dexit designs its Services to support your compliance with select legal and regulatory frameworks, including:

U.S. RUFADAA (Uniform Fiduciary Access to Digital Assets Act);
California Consumer Privacy Act (CCPA) and CPRA;
General Data Protection Regulation (GDPR), where applicable;
New York SHIELD Act;
HIPAA (for eligible enterprise clients, subject to a signed Business Associate Agreement).
Although our practices align with SOC 2 standards, we are not currently SOC 2 certified. You remain responsible for ensuring that your use of the Services complies with all applicable laws, especially if processing sensitive data (e.g., financial, legal, or medical records).

7.5. Subprocessors & Third-Party Vendors

Dexit relies on a limited number of third-party subprocessors for essential functions such as hosting, backup, identity verification, and communications. All subprocessors are subject to contractual security and confidentiality obligations and are periodically reviewed for compliance.
A current list of subprocessors, including their locations and roles, is maintained in our [Privacy Policy] and [Subprocessor Notice] and is updated as legally required.

7.6 Export Control and Sanctions Compliance

You may not use the Services:

In violation of U.S. export laws or regulations;
If you are located in a country subject to a U.S. embargo or designated as a state sponsor of terrorism;
If you are listed on any U.S. government list of prohibited or restricted parties.
By using the Services, you represent and warrant that you are not subject to such restrictions and will not use the Services in any manner that violates applicable laws.

8. Privacy & Data Protection

8.1 Privacy Commitment

Dexit respects your right to privacy and is committed to protecting your personal information in accordance with applicable data protection laws, including the California Consumer Privacy Act (CCPA/CPRA), General Data Protection Regulation (GDPR) (where applicable), and the U.S. Uniform Fiduciary Access to Digital Assets Act (RUFADAA).

Our Privacy Policy explains in detail how we collect, use, share, and protect your personal information. By using our Services, you acknowledge and agree to the practices described therein.

We do not collect or request your account numbers, passwords, login credentials, health records, or financial balances.

8.2 Types of Data Collected

We collect and process the following categories of data:

Personal Information: Name, email, phone number, address, IP address, and other identifiers.
Account Data: Login credentials, authentication logs, and settings.
Content Data: Digital assets, documents, legacy directives, access instructions, metadata, and communications you store or transmit through the Services.
Usage Data: Log files, analytics, device information, and system diagnostics.
Third-Party Data: Information from authorized integrations (e.g., cloud storage, identity management, or estate planning tools).

We do not knowingly collect information from minors under the age of 13 without verifiable parental consent, in compliance with COPPA.

8.3 Data Use & Legal Basis

We process data for the following lawful purposes:

To provide and maintain the Services;
To fulfill our contractual obligations to you;
To communicate with you and respond to inquiries;
To detect, prevent, and mitigate fraud, abuse, and security threats;
To comply with applicable legal and regulatory requirements;
With your explicit consent (e.g., for marketing or sharing legacy directives with third parties).

For users subject to GDPR, the legal bases for processing may include: performance of contract, compliance with a legal obligation, legitimate interests, and your consent (where required).

8.4 Data Sharing & Disclosure

We do not sell your personal data.

We may share your data only in these limited cases:

With authorized subprocessors under strict confidentiality obligations;
With fiduciaries or designated parties under digital legacy instructions, consistent with RUFADAA;
With legal or regulatory authorities if required by law, subpoena, or court order;
In connection with a merger, acquisition, or corporate reorganization (you will be notified in advance of any material changes).

We ensure that third parties accessing data have equivalent or stronger data protection controls.

8.5 Data Rights & User Controls

Subject to applicable law, you may have the following rights:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your account and associated data.
Portability: Request a machine-readable copy of your data.
Objection & Restriction: Object to or restrict certain types of data processing.
Opt-Out of Sale/Sharing: For California residents, opt-out of the sale or sharing of personal information.
Legacy Rights: Appoint a fiduciary to access or delete your data in the event of death or incapacity (per RUFADAA).

You can manage many of these rights through your Dexit account dashboard or by contacting our Data Protection Officer at privacy@dexit.com.

8.6 Data Retention

We retain your personal and content data only as long as necessary:

To fulfill the purposes outlined in these Terms;
To comply with legal obligations;
To enforce our agreements;
To preserve digital directives until they are revoked, fulfilled, or expired by design.

You may request deletion of your account at any time. Residual backups may persist for up to 30 days but are deleted on a rolling basis.

8.7 International Data Transfers

If you are located outside the United States, your data may be processed in the U.S. or other jurisdictions with different data protection laws. We implement appropriate safeguards for cross-border data transfers, such as:

Standard Contractual Clauses (SCCs) under the GDPR;
Adequacy decisions where applicable;
Binding corporate rules for certain subprocessors.

By using the Services, you consent to these transfers, subject to applicable legal protections.

8.8 User Responsibilities

You are solely responsible for:

Ensuring you have the lawful right to upload, store, and share digital assets or personal data through the Service;
Notifying Dexit of unauthorized access to your account;
Keeping your authentication credentials secure;
Obtaining all necessary rights, permissions, and legal authority for fiduciary designations and digital directives.

9. Data Handling, Storage, and Retention

9.1 Data Collection and Purpose Limitation

Dexit collects and processes only the data necessary to operate securely and effectively, in accordance with data minimization principles. This includes data that is:

Necessary to provide, secure, and maintain the Services;
Required by applicable law, contractual obligation, or regulatory mandate;
Voluntarily provided by you to support your digital asset planning, storage, and legacy transfer needs.

We process personal data solely for specific, lawful purposes, including but not limited to:

Account creation and identity verification;
Secure storage of digital asset inventories and user directives;
Communication with your authorized fiduciaries, agents, or legal representatives;
Fulfillment of legal access requests and estate administration tasks.

Dexit does not process your personal data for any additional purposes without a valid legal basis or your explicit consent.

9.2 Data Storage & Security Standards

All user data is encrypted using industry-standard protocols:

In transit: Transport Layer Security (TLS) 1.2 or higher;
At rest: Advanced Encryption Standard (AES) 256-bit or stronger;
Access: Enforced through role-based access controls (RBAC), multi-factor authentication (MFA), and continuous security monitoring.

While Dexit is not currently SOC 2 certified, we are actively working toward SOC 2 Type I and II compliance. Our internal controls and security practices are designed to align with SOC 2 Trust Services Criteria, and we regularly evaluate and enhance our protocols as part of this compliance roadmap.

Dexit’s infrastructure is hosted within environments that may hold SOC 2 Type I and II, ISO 27001, or FedRAMP authorizations. These environments provide robust physical and logical security safeguards.

We conduct periodic vulnerability assessments, penetration testing, and engage independent third parties to validate the effectiveness of our security controls as we progress toward formal certification.

9.3 Data Retention Policy

Unless otherwise stated in a signed agreement or required by law:

Active Account Data: Retained indefinitely while your account remains active;
Inactive Accounts: Subject to archival or deletion after 24 months of inactivity;
Deceased Users: Data is retained until directives are fully executed or access is formally denied by a court or applicable law;
Legal Holds: Data under investigation or litigation may be retained beyond the standard retention period.

Upon account deletion or termination:

Personal data is permanently deleted from active systems within 30 days;
Backups may be retained for up to 180 days, after which they are overwritten or securely destroyed.

9.4 Data Access and Control

You retain control over your personal data and may:

Access, download, or update your information:
Designate authorized fiduciaries to access data posthumously or under incapacity;
Request data export in a machine-readable format (JSON, CSV, or PDF);
Submit a request to restrict processing or delete your account under applicable privacy laws.

Requests should be directed to legal@dexitplan.com and may require verification of identity or authority.

9.5 Cross-Border Data Transfers

Dexit operates in compliance with international data protection frameworks, including the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs) for cross-border transfers.

By using the Services, you acknowledge and consent to the transfer of your data to jurisdictions where our data centers and subprocessors operate, including but not limited to the United States, Canada, and the European Union.

9.6 Subprocessors

Dexit engages third-party subprocessors to support platform operations, including cloud infrastructure, customer support, document automation, and analytics.

All subprocessors are contractually obligated to adhere to data protection standards equal to or greater than those imposed on Dexit. A current list of subprocessors, their locations, and purposes is available at www.dexit.com/subprocessors or upon written request.

9.7 Data Breach Notification

In the event of a security incident that results in unauthorized access to your personal data, Dexit will:

Notify affected users promptly and without undue delay;
Describe the nature, scope, and likely consequences of the breach;
Provide guidance on mitigation steps;
Report to regulators where legally required.

We maintain an incident response plan that complies with SOC I and II and NIST 800-61 guidelines.

10. Account Termination, Suspension, and Survivability

10.1 Voluntary Account Termination by User

You may terminate your account at any time by submitting a written request or using the account closure function within the platform. Upon verified termination:

Your access to the Services will cease immediately;
Your stored data and directives will be scheduled for deletion per our Data Retention Policy;
You may download your data before deletion;
Fiduciary access rights will expire unless otherwise preserved through formal directives or legal order.

Once deleted, your data cannot be recovered.

10.2 Termination or Suspension by Dexit

We reserve the right to suspend or terminate your account, with or without notice, under the following conditions:

Material breach of these Terms;
Fraud, misuse, or suspected unauthorized use of the Services;
Violation of applicable laws or court orders;
Non-payment of applicable fees, if any;
Risk to platform integrity, security, or other users.

Where possible, we will provide advance notice and an opportunity to remedy the issue prior to permanent action.

10.3 Effect of Termination

Upon termination, whether voluntary or initiated by Dexit:

Your license to use the Services ends immediately;
We will disable access to your account;
Data will be retained, archived, or deleted based on your directives and our Data Retention Policy;
Obligations accrued prior to termination (e.g., indemnities, legal compliance, surviving licenses) will remain enforceable.

10.4 Survivability of Terms

The following provisions shall survive the termination of your account or this Agreement:

Intellectual Property Rights (Chapter 5);
Data Handling, Storage, and Retention (Chapter 9);
Dispute Resolution and Governing Law (Chapter 12);
Indemnity and Limitations of Liability (Chapter 11);
Fiduciary and legal access provisions under applicable laws.

10.5 Deceased or Incapacitated Users (RUFADAA Compliance)

Dexit complies with the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA) and equivalent legislation in other jurisdictions.

In the event of a user’s death or incapacity:

Access to data will be granted only to legally authorized fiduciaries, personal representatives, or agents acting under a power of attorney, trust, or court order;
The scope of access will depend on the user’s explicitly stored directives or, in their absence, applicable statutory default rules;
All requests must be submitted with appropriate legal documentation and identity verification;
Dexit reserves the right to deny access if requirements under law are not met or if conflicting claims are presented.

We encourage all users to assign a digital fiduciary and document asset-specific instructions within the platform.

10.6 Platform Discontinuation

In the unlikely event that Dexit discontinues its Services:

We will provide at least 60 days’ notice to all active users;
Users will be given the opportunity to export their data and digital directives;
After the sunset period, data will be securely archived or deleted per policy and applicable laws.

We are committed to ethical and transparent service closure procedures

11. Disclaimers, Limitation of Liability, and Indemnification

11.1 Disclaimer of Warranties

The Services are provided “as is” and “as available” without warranty of any kind, express or implied.
To the maximum extent permitted by law, Dexit disclaims all warranties, including but not limited to:

Implied warranties of merchantability, fitness for a particular purpose, and non-infringement;
Guarantees regarding uptime, availability, data integrity, or uninterrupted access;
Accuracy or legal validity of any user-provided content, digital directives, or third-party information stored within the platform.

oral or written information provided by Dexit or its representatives shall create any warranty unless expressly stated in a signed agreement.

11.2 Limitation of Liability

To the fullest extent permitted under applicable law, Dexit and its affiliates, officers, directors, employees, licensors, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to:

Loss of profits or revenue;
Loss of access to digital accounts or digital assets;
Unauthorized access, disclosure, alteration, or deletion of data;
Delays or failures resulting from system downtime, maintenance, or external attacks.

Dexit’s total liability for any claims arising out of or related to the Services shall not exceed the amount paid by the user (if any) for the Services in the twelve (12) months prior to the event giving rise to the claim, or $100, whichever is greater.

This limitation applies regardless of the legal theory—whether in contract, tort, negligence, strict liability, statute, or otherwise.

11.3 Indemnification

You agree to defend, indemnify, and hold harmless Dexit, its affiliates, officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses, including reasonable legal and accounting fees, arising out of or in any way connected with:

Your access to or use of the Services;
Your violation of these Terms;
Your uploaded content, digital directives, or instructions, including claims by third parties or fiduciaries;
Any misrepresentation, fraud, or unlawful activity committed under your account.

We reserve the right to assume exclusive control of any matter subject to indemnification and, in such cases, you agree to cooperate in our defense.

11.4 Jurisdictional Limitations

Some jurisdictions do not allow certain limitations on warranties or liability. In such cases, the above limitations may not apply to you in full. In those jurisdictions, Dexit’s liability will be limited to the maximum extent permitted by applicable law.

11.5 Waiver of Class Actions and Jury Trials

To the extent permitted by law, you agree to resolve any disputes with Dexit on an individual basis and not as part of a class, collective, or representative action.

You further waive any right to a trial by jury in any proceeding arising out of or related to these Terms.

12. Dispute Resolution and Governing Law

12.1 Governing Law

These Terms and any action related to your use of the Services shall be governed by and construed in accordance with the laws of the State of North Carolina, without regard to its conflict of law provisions.
If you reside outside the United States, you agree that North Carolina law shall apply to all matters arising from or related to these Terms, and you consent to jurisdiction in the United States.

12.2 Informal Dispute Resolution First

Before initiating formal legal action, both you and Dexit agree to attempt to resolve any dispute informally:

Notice of dispute must be provided in writing within 30 calendar days of the event giving rise to the claim;
You must send your notice to: legal@dexit.digital or by certified mail to Dexit’s registered business address;
We will attempt to resolve the matter through good faith negotiations for a period of at least 30 days from receipt of notice.

If informal resolution fails, either party may proceed with formal dispute resolution under the methods below.

12.3 Binding Arbitration Agreement (U.S. Users Only)

Except for claims that qualify for small claims court, you and Dexit agree to resolve all disputes exclusively through final and binding arbitration, administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules.

Key arbitration provisions:

One arbitrator, mutually agreed upon or appointed by the AAA;
Location: Charlotte, North Carolina, unless otherwise agreed;
Arbitration will be conducted in English;
The arbitrator may award monetary or injunctive relief only as permitted by these Terms and applicable law.

You and Dexit both waive the right to a trial by jury and to participate in any class action or representative proceeding.

12.4 Opt-Out of Arbitration (30-Day Window)

If you do not wish to be bound by the arbitration clause, you must opt out by notifying Dexit in writing within 30 days of your first acceptance of these Terms. Send your opt-out notice to:

legal@dexitplan.com
Subject line: Arbitration Opt-Out

Your notice must include your full legal name and a clear statement that you wish to opt out of mandatory arbitration. Opting out will not affect any other provisions of these Terms.

12.5 Venue and Jurisdiction

If a dispute is not subject to arbitration (or if arbitration is not enforceable in your jurisdiction), you agree:

The dispute shall be brought in a state or federal court located in Mecklenburg County, North Carolina;
You hereby consent to the exclusive jurisdiction and venue of such courts.

12.6 Statute of Limitations

Any claim or cause of action arising out of or related to the use of the Services or these Terms must be filed within one (1) year after such claim or cause of action arose, or it shall be forever barred, to the fullest extent permitted by law.

12.7 Equitable Relief

Nothing in this section shall limit Dexit’s right to seek injunctive or equitable relief in a court of competent jurisdiction to protect its intellectual property rights, confidential information, or to prevent actual or threatened unauthorized access to or misuse of its systems.

13. General Provisions

13.1 Entire Agreement

These Terms, together with our Privacy Policy and any supplemental agreements, policies, or guidelines expressly incorporated by reference, constitute the entire agreement between you and Dexit with respect to the Services. They supersede all prior or contemporaneous communications and proposals, whether oral or written, between the parties.

No oral or written statement not expressly included herein shall be binding on either party unless incorporated by a written amendment signed by an authorized representative of Dexit.

13.2 Severability

If any provision of these Terms is found by a court of competent jurisdiction to be unlawful, void, or for any reason unenforceable, then that provision shall be deemed severable from these Terms and shall not affect the validity and enforceability of the remaining provisions.

13.3 Waiver

No waiver by Dexit of any breach or default shall be deemed a waiver of any preceding or subsequent breach or default. Any waiver must be in writing and signed by an authorized representative of Dexit to be legally binding.

13.4 Assignment

You may not assign or transfer your rights or obligations under these Terms without prior written consent from Dexit. Any attempt to do so will be null and void.
Dexit may freely assign or transfer these Terms without restriction in connection with a merger, acquisition, reorganization, or sale of assets.

13.5 Force Majeure

Dexit shall not be liable for any delay or failure to perform resulting from causes outside its reasonable control, including but not limited to: acts of God, war, terrorism, labor disputes, internet or utility failures, pandemics, natural disasters, or governmental actions.

13.6 No Third-Party Beneficiaries

Except as expressly provided in these Terms, there are no third-party beneficiaries to these Terms. No third party shall have any rights under these Terms.

13.7 Headings and Interpretation

Headings used in these Terms are for reference purposes only and shall not affect the meaning or interpretation of any provision. The term “including” means “including without limitation.” These Terms shall not be construed against the drafter.

13.8 Contact Information

For any legal or compliance questions regarding these Terms, please contact:

Dexit Digital Account Services, LLC
Attn: Legal Department
Email: legal@dexitplan.com

Back home >

DEXITPLAN™ FOR YOUR DIGITAL ASSETS

Terms and Conditions