Privacy Policy

Last updated: February 2026


This privacy policy is provided in draft form and is pending professional legal review.
1. Who We Are

Keepsafe is operated by Illuminate UX Ltd, a company registered in England and Wales. We are the data controller for the personal data you provide through the Service.

Registered address:

Illuminate UX Ltd, c/o Dafferns LLP

Coventry, UK, CV31 1UU

2. What Data We Collect

We collect the following categories of personal data:

Account data: email address, password (stored as a cryptographic hash, never in plain text).

Personal data: name, date of birth, address, phone number, National Insurance number, tax information.

Financial data: bank accounts, pensions, investments, debts, gifts, household bills, subscriptions.

Legal data: wills, lasting powers of attorney, trusts, other legal documents.

Property data: property details, vehicle information.

Health data (special category): organ donation preferences. This data is processed only with your explicit consent.

Technical data: IP address, browser type, usage patterns, and server logs.

3. How We Collect Data

We collect data directly from you when you register for an account and enter information into the Service. We also collect technical data automatically through essential cookies and server logs.

4. Lawful Basis for Processing

We process your personal data on the following lawful bases under the UK GDPR:

Contract: processing is necessary to provide the Service to you.

Consent: you give explicit consent when you register and agree to our terms. Special category data (organ donation preferences) is processed only with your explicit consent.

Legitimate interest: for security, fraud prevention, and improving the Service.

Legal obligation: where we are required to retain data for regulatory compliance.

5. How We Use Your Data

We use your personal data to:

Provide and maintain the Service

Authenticate your identity and secure your account

Store and encrypt your estate planning records

Maintain audit logs of changes to your records

Send you important notifications about your account

6. Data Storage and Security

We take the security of your data seriously:

All sensitive data is encrypted at rest using the ASP.NET Data Protection API

Data is stored on UK-based servers

Access is controlled through secure authentication with optional two-factor verification

All changes to records are tracked through comprehensive audit logging

Passwords are hashed and checked against known breach databases

7. Data Retention

We retain your data as follows:

Active accounts: your data is stored for as long as your account remains active.

Deleted accounts: personal data is deleted upon account closure. Audit logs are anonymised (not deleted) and retained for up to 7 years for financial regulatory compliance.

Server logs: retained for 30 days for security and debugging purposes.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of access: you can request a copy of the personal data we hold about you (Subject Access Request).

Right to rectification: you can update or correct your data at any time through the Service.

Right to erasure: you can request deletion of your account and associated data. Audit logs will be anonymised rather than deleted where required for legal compliance.

Right to restrict processing: you can request that we limit how we use your data.

Right to data portability: you can request your data in a structured, machine-readable format.

Right to object: you can object to processing based on legitimate interests.

Rights related to automated decision-making: we do not use automated decision-making or profiling.

To exercise any of these rights, please contact us using the details in section 13 below.

9. Third-Party Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. We may share data with service providers who assist us in operating the Service (such as email delivery for two-factor authentication), and they are contractually bound to process your data only as instructed by us.

10. International Transfers

Your data is stored and processed within the United Kingdom. We do not currently transfer personal data outside the UK. If this changes in the future, we will ensure appropriate safeguards are in place and update this policy accordingly.

11. Cookies

We use only essential cookies that are necessary for the Service to function. For full details, see our Cookie policy.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have questions about this privacy policy or wish to exercise your data rights, please contact us at:

Illuminate UX Ltd

c/o Dafferns LLP

Coventry, UK

CV31 1UU

14. Complaints

If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane

Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Website: ico.org.uk (opens in new window)