Privacy Policy

Legacy Vault Kit is operated by PassItOn-Digital, a company founded by Sue Berry trading as The Legacy Footprint Lady. Our registered address and contact details are available on request.

We take your privacy seriously. This policy explains what personal data we collect, why we collect it, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

We collect the following categories of personal data:

• Account data: your name and email address when you register.
• Vault content: the personal, financial, legal, health, and memory information you choose to store in your vault. This is your data — we do not read it.
• Documents and files: any files you upload to your vault, stored securely in encrypted cloud storage.
• Payment data: processed by Stripe. We do not store card numbers or payment details on our servers.
• Usage data: anonymised analytics about how you use the service (pages visited, features used). No personal identifiers are included.
• Communications: if you contact us by email or via the contact form, we retain that correspondence.

We use your data to:

• Provide and maintain the Legacy Vault Kit service
• Process your subscription payment via Stripe
• Send you service-related emails (account confirmation, renewal reminders, important updates)
• Respond to your support requests
• Improve the service using anonymised usage analytics

We do not sell your data. We do not share your data with third parties for marketing purposes.

We process your data on the following legal bases:

• Contract: processing necessary to provide the service you have subscribed to.
• Legitimate interests: anonymised analytics to improve the service, fraud prevention.
• Legal obligation: retaining financial records as required by law.
• Consent: marketing emails, where you have opted in.

Your vault data is stored in encrypted cloud storage (Amazon S3) in the European Union. Data is encrypted at rest and in transit using industry-standard TLS encryption.

Access to your vault is protected by your account credentials. We recommend using a strong, unique password and enabling two-factor authentication where available.

We retain your data for as long as your account is active. If you cancel your subscription, your data is retained for 90 days before deletion, giving you time to export it.

If you nominate a trusted person to access your vault, they will be able to view the sections you grant them access to. You control which sections are visible to each trusted person. You can revoke access at any time.

Trusted persons are not able to edit or delete your vault content — they can only view what you have shared.

We use the following third-party services to operate Legacy Vault Kit:

• Stripe: payment processing. Stripe's privacy policy is available at stripe.com/privacy.
• Amazon Web Services (S3): encrypted file storage.
• Resend: transactional email delivery.

Each of these providers is contractually bound to protect your data and process it only on our instructions.

Under UK GDPR, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Rectification: ask us to correct inaccurate data.
• Erasure: ask us to delete your data (subject to legal retention requirements).
• Portability: receive your vault data in a machine-readable format.
• Objection: object to processing based on legitimate interests.
• Restriction: ask us to restrict processing in certain circumstances.

To exercise any of these rights, please contact us via the contact page. We will respond within 30 days.

We use essential cookies to keep you logged in and maintain your session. We do not use advertising or tracking cookies. For full details, see our Cookie Policy.

We may update this policy from time to time. We will notify you of significant changes by email. The date at the top of this page shows when it was last updated.

If you have questions about this policy or how we handle your data, please contact us. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.