Continur Privacy Policy

Last Updated: February 20, 2026

1. Introduction

Verum SG LLC (“Verum SG,” “we,” “us,” or “our”) operates the Continur business-continuity platform (the “Service” or “Continur”) at https://continur.com.

This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the Service. By accessing or using the Service, you consent to the collection and use of information in accordance with this Policy.

We are built on a zero-knowledge architecture: Your vault, your keys, your control. We never see, store, or have access to your actual credentials, business documents, or sensitive content—only the minimal metadata signals and encrypted pointers you explicitly authorize. Every pointer in your Succession Map uses field-level encryption with AWS KMS; we cannot decrypt or view it.

This Policy is incorporated into and governed by our Terms of Service. Capitalized terms not defined here have the meaning given in the Terms.

2. Information We Collect

2.1 Information You Provide

Account details: name, email address, phone number.
Successor information: name, email, phone number, and any relationship notes you enter.
Succession Map content: checklists, pointers to credentials, physical locations, action steps, and any other information you upload or type into the vault. These are stored encrypted with keys you control.
Any support communications you send us.

2.2 Automatically Collected Metadata & Signals

Activity/metadata signals from the third-party SaaS accounts you choose to connect (e.g., Gmail, Google Workspace, GitHub, Slack, X/Twitter). We monitor only the “pulse”—never the content, files, messages, or transaction details.
Derived resilience score based on those signals.
Technical data: IP address, device type, browser, operating system, and usage logs (for security, fraud prevention, and service improvement).

2.3 Authentication Information

We use passwordless magic links for account access and two-factor verification (signed email link plus SMS code) for successor vault release. We do not store passwords. Authentication tokens are short-lived and cryptographically signed.

2.4 Information from Third Parties

Limited metadata received via secure API connections you authorize. No other third-party data is collected.

We do not collect sensitive categories of data (e.g., health, race, religion) beyond what is strictly necessary for the Service.

3. How We Use Your Information

We use the collected information solely to:

Provide, maintain, and improve the Service (monitoring signals, calculating resilience score, sending wellness checks).
Trigger the Succession Map release process after prolonged inactivity (48 h wellness SMS → 72 h successor alert → 84 h encrypted release via 2FA link).
Notify your designated successor(s) only when the defined inactivity triggers are met.
Communicate with you (wellness checks, account updates, support).
Ensure security and prevent fraud.
Comply with legal obligations.

We do not use your data for marketing, advertising, or any purpose unrelated to business-continuity functionality.

4. How We Share or Disclose Your Information

4.1 Successor Release

Upon the 84-hour inactivity trigger, we release your encrypted Succession Map to the successor(s) you designated via a secure 2FA-protected link. At that point the successor gains access to the decryption keys and pointers you provided. We have no further control or responsibility after release.

Data is only shared with an authorized Successor explicitly designated by the User, acting as the User's agent, and only upon the fulfillment of the User's predefined triggers.

4.2 Service Providers

We share strictly necessary information with trusted vendors who help operate the Service (e.g., AWS for encrypted storage and KMS, SMS/email delivery providers). Google API data is never shared with analytics providers or any other third party. All vendors are contractually bound to use your data only on our behalf and to maintain equivalent security standards where applicable.

4.3 Legal Requirements

We may disclose information if required by law, subpoena, court order, or to protect rights, safety, or property (ours or others).

4.4 No Selling or Renting

We do not sell, rent, or trade your personal information, including contact information such as phone numbers and email addresses for any purpose.

4.5 Google API Data Disclosure

Continur’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

Passive Monitoring Scope: Our application only requests the minimum necessary metadata (headers) from Gmail and Google Calendar to monitor for founder activity.
Data Minimization: We do not read, store, or process the body content of emails or calendar event descriptions. Once raw Google API metadata is used to classify activity, it is discarded. Only a derived activity timestamp is retained for service functionality.
AI Processing: Metadata is processed via xAI Grok solely for the purpose of classifying activity as "human" or "automated" to maintain the founder's activity status. We do not use Google User Data to train, improve, or fine-tune any AI or machine learning models, including the LLM used for metadata categorization.
No Data Sales: Continur does not sell, rent, or provide Google user data to third-party ad platforms or data brokers.
Security: All metadata is handled according to our zero-knowledge encryption architecture, ensuring that data encryption keys are managed via AWS KMS and are inaccessible to Continur staff.

5. Data Security

We implement industry-leading technical, organizational, and administrative safeguards, including:

End-to-end / field-level encryption (AWS KMS) on all Succession Map pointers.
Zero-knowledge design—decryption keys exist only in ephemeral, in-memory request processing and are never stored or logged.
Secure API connections only.
Regular security audits and penetration testing.

However, no system is completely secure. We cannot guarantee absolute security, and you remain responsible for keeping your device, email account, and successor contacts secure.

6. Data Retention

Active account data (metadata, pointers, successor contacts) is retained only as long as your account is active or as needed to provide the Service.
After account deletion, we delete or irreversibly anonymize your data within 30 days, except any Succession Map that has already been released to a successor (legal obligations may require limited retention in that case).
Aggregated, de-identified resilience scoring data may be retained indefinitely for service analytics.

7. Your Rights and Choices

California Residents (CCPA/CPRA)

You have the right to:

Know what personal information we collect, use, and disclose.
Request deletion of your personal information (subject to exceptions).
Opt out of any “sale” of personal information (we do not sell data).
Non-discrimination for exercising these rights.

To exercise these rights, email legal@verumsg.com with “CCPA Request” in the subject. We will verify your identity and respond within the required timeframe.

All Users

Access / update / delete your account and Succession Map via the dashboard.
Withdraw consent for monitoring specific SaaS accounts at any time (this may disable core features).
Opt out of non-essential communications via account settings or by replying “STOP” to SMS.

For GDPR users (if applicable): you may also request restriction of processing or data portability. Contact us to exercise any rights.

8. Children’s Privacy

The Service is not directed to or intended for anyone under 18. We do not knowingly collect data from children. If we learn we have collected data from a child under 18, we will delete it promptly.

9. International Users

The Service is hosted in the United States. By using Continur, you consent to the transfer of your information to and processing in the U.S. (which may have different data-protection standards). We rely on standard contractual clauses or other lawful mechanisms where required for international transfers.

10. Third-Party Links and Services

The Service connects to third-party SaaS accounts you authorize. Their privacy practices are governed by their own policies. We are not responsible for their data practices.

11. Changes to This Privacy Policy

We may update this Policy from time to time. We will notify you of material changes via email or in-app notice at least 30 days before they take effect. Your continued use after the effective date constitutes acceptance of the revised Policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Verum SG LLC
9320 N. Crimson Cyn
Fountain Hills, Arizona 85268
Email: legal@verumsg.com
Support: support@verumsg.com