Privacy Policy
Last updated: February 2026
1. Who We Are
Keepsafe is operated by Illuminate UX Ltd, a company registered in England and Wales. We are the data controller for the personal data you provide through the Service.
Registered address:
Illuminate UX Ltd, c/o Dafferns LLP
Coventry, UK, CV31 1UU
2. What Data We Collect
We collect the following categories of personal data:
Account data: email address, password (stored as a cryptographic hash, never in plain text).
Personal data: name, date of birth, address, phone number, National Insurance number, tax information.
Financial data: bank accounts, pensions, investments, debts, gifts, household bills, subscriptions.
Legal data: wills, lasting powers of attorney, trusts, other legal documents.
Property data: property details, vehicle information.
Health data (special category): organ donation preferences. This data is processed only with your explicit consent.
Technical data: IP address, browser type, usage patterns, and server logs.
3. How We Collect Data
We collect data directly from you when you register for an account and enter information into the Service. We also collect technical data automatically through essential cookies and server logs.
4. Lawful Basis for Processing
We process your personal data on the following lawful bases under the UK GDPR:
Contract: processing is necessary to provide the Service to you.
Consent: you give explicit consent when you register and agree to our terms. Special category data (organ donation preferences) is processed only with your explicit consent.
Legitimate interest: for security, fraud prevention, and improving the Service.
Legal obligation: where we are required to retain data for regulatory compliance.
5. How We Use Your Data
We use your personal data to:
Provide and maintain the Service
Authenticate your identity and secure your account
Store and encrypt your estate planning records
Maintain audit logs of changes to your records
Send you important notifications about your account
6. Data Storage and Security
We take the security of your data seriously:
All sensitive data is encrypted at rest using the ASP.NET Data Protection API
Data is stored on UK-based servers
Access is controlled through secure authentication with optional two-factor verification
All changes to records are tracked through comprehensive audit logging
Passwords are hashed and checked against known breach databases
7. Data Retention
We retain your data as follows:
Active accounts: your data is stored for as long as your account remains active.
Deleted accounts: personal data is deleted upon account closure. Audit logs are anonymised (not deleted) and retained for up to 7 years for financial regulatory compliance.
Server logs: retained for 30 days for security and debugging purposes.
8. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Right of access: you can request a copy of the personal data we hold about you (Subject Access Request).
Right to rectification: you can update or correct your data at any time through the Service.
Right to erasure: you can request deletion of your account and associated data. Audit logs will be anonymised rather than deleted where required for legal compliance.
Right to restrict processing: you can request that we limit how we use your data.
Right to data portability: you can request your data in a structured, machine-readable format.
Right to object: you can object to processing based on legitimate interests.
Rights related to automated decision-making: we do not use automated decision-making or profiling.
To exercise any of these rights, please contact us using the details in section 13 below.
9. Third-Party Sharing
We do not sell, rent, or share your personal data with third parties for marketing purposes. We may share data with service providers who assist us in operating the Service (such as email delivery for two-factor authentication), and they are contractually bound to process your data only as instructed by us.
10. International Transfers
Your data is stored and processed within the United Kingdom. We do not currently transfer personal data outside the UK. If this changes in the future, we will ensure appropriate safeguards are in place and update this policy accordingly.
11. Cookies
We use only essential cookies that are necessary for the Service to function. For full details, see our Cookie policy.
12. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.
13. Contact Us
If you have questions about this privacy policy or wish to exercise your data rights, please contact us at:
Illuminate UX Ltd
c/o Dafferns LLP
Coventry, UK
CV31 1UU
14. Complaints
If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk (opens in new window)