Privacy Statement

This Privacy Policy describes how Legado (Legado Technologies Limited). ("Legado", “Join Legado” “we,” “us,” or “our”) collects, uses, processes and discloses your information on (the “Website”) and the products, services, mobile websites, and native mobile applications (collectively and together with the Site, the “Services”).

Your privacy is important to us. This privacy statement describes what personal data Legado collects from you, through our interactions with you and through our Services and how we use that data. We are committed to protecting and respecting your privacy.

By using the Site and the Services you agree to the terms of this Privacy Policy and the collection, storage, use, processing and disclosure by Legado and its services providers of the Personal Information that you enter into the Services.  If you don’t agree with this Privacy Policy or the Terms of Service, please do not use the Services.

For the purpose of the Data Protection Act 1998 (the Act), the data controller is Legado Limited of Wsm Advisors Connect House, 133-137 Alexandra Road, Wimbledon, London, United Kingdom, SW19 7JY.

Who We Are

Legado is an all-in-one personal digital archive for your most important Life Documents, optimised to ensure your loved ones and trusted advisors have everything they need, in a structured and intuitive way, whilst putting you in full control of your data. Our digital Vault is the best place to store your personal documents: a digital filing system to help you organise your paperwork. Our unique guides are free and help people better plan and organise their affairs.

We also help professional advisors better connect with their clients; offering a turnkey solution for GDPR compliance and document storage, in addition to visibility into clients’ other professional advisors.

The Legado team have made online security one of the highest priorities and take the safety of your personal data extremely seriously. Legado has been built with GDPR in mind, created to certify you have all the information you need as it relates to your interactions with Legado.

It is important to us that you feel confident in the security and data protection we deploy at Legado, therefore before signing up to the Services, we want you to understand clearly how we process and use data. This includes, but is not limited to, the collection of data; storage of data; usage of data; sharing of data and time allocation for hosting the data.

Legado Technologies Limited is a company incorporated and registered in England and Wales with company number 11597076.

Information We May Collect on You

We may collect and process the following personal data that you provide to us when using our Website ( or and any of our Services:

  • Full Name
  • Address
  • Contact Number
  • Gender
  • Date of Birth
  • Email Address
  • Date of birth

In addition, we will collect and process the following information:

Information that is provided as it relates to the Services you request on our Website

  • Correspondence records between you and us
  • Details of transactions you carry out through our Website and of fulfilment of your orders
  • Information that you provide in surveys on our Website (these are optional) (if applicable)
  • Details of website visits including, but not limited to, traffic, location data, communication data and weblogs, whether this is necessary for our own billing reasons or otherwise and the resources that you access.

Note: Legado uses end-to-end encryption and cannot read, retrieve or otherwise see any user’s information using the Services pertaining to the digital Vault (herein, the “Vault”). i.e. Legado has no access to information that is stored in the digital Vault as part of the Services. 

Personal Information and Data

For the purpose of this Privacy Policy, “Personal Information” means any information that uniquely identifies you or any other individual or otherwise contains personally identifiable information provided by or obtained from you or any other user of the Services.  Personal Information may include certain types of Basic Information, Secure Information, Read or Write Access Nominee Information, Solicitor or Accountant information or other Professional Advisor information, Access Code Information and Public Information, each of which is described in further detail below. Legado does not share Personal Information with any third party other than as described in this Privacy Policy. Your data will not be shared with anyone other than your chosen executor or verifiable representative at the time of your death.

  1. “Basic Information” means the first and last name, email address, gender, post code, date of birth, and the date and time of associated with the Account creation and (if applicable) deletion of you, your Read Or Write Access Nominees (“Nominees”) on your Legado account. We may use your Basic Information to operate, provide, and improve the Website, the Services and our (and our successors’ and assigns’) businesses, to contact you and (if applicable) your Nominees to send information about the Services. If you or your Nominees don’t want to receive email communications from us, follow the “unsubscribe” instructions at the bottom of any email message received from us. That said, there are certain types of important email communications that we need to always be able to send to you and your Nominees (such as notifications about password changes, permissions changes, or changes to the Terms of Service or this Privacy Policy) for which you may not be given an “unsubscribe” option. You may also withdraw your consent to be contacted by Legado by contacting
  2. “Secure Information” means your private, sensitive, personal information that you privately submit through the Services, including your health and medical information, financial information and legal information. While we may know whether and when you submitted a particular type or category of Secure Information, we do not in the course of our standard daily business operations have access to the content or details of any Secure Information you privately submit through the Services because it is encrypted. We will share your Secure Information only with your designated Read Or Write Access Nominee (as defined below) and only pursuant to your, or (if applicable) your Nominees, explicit instruction, except when we are required to by law or in other rare circumstances, as described below. There may also be set, defined, roles for certain types of professional advisors. e.g. your Financial Adviser will have access to Basic Information, in addition to your Financial Advice library and subsequent folders unless otherwise specified.
  3. “Use Information” means certain high-level information about your use of and access to the Services that may be visible to a professional advisor or Partner Provider if you accepted an Invitation from that professional advisor or Partner Provider, as applicable, to sign up for and access the Services (as defined below) (if applicable), which may include the sign-up session length, the date and time of your last login to the Services, your total number of logins to the Services, and which sections and libraries of your Legado library you have completed. We may share your Use Information only with your professional advisor and potentially other Nominees when applicable. We may also send you emails, based on your Use Information, to better help your use of the service.  You can unsubscribe from such emails.
  4. “Public Information” means any personally identifying information you post in any public forum through the Services (e.g., in the comments section below articles). Please remember that any Public Information you post publicly on the Services is not private, and thus may be used or disclosed by any third party who reads such Public Information without our control and without your knowledge, and search engines may index that information. Accordingly, please think carefully before publicly posting any Public Information on the Services, or otherwise on the Website.

Non-Personal Information and Data

  1. As opposed to Personal Information, “Non-Personal Information” does not, on its own, uniquely identify you or anyone else as a specific individual, but rather offers and delivers technical data, such as information about your interaction with the Services or about your browser. Non-Personal Information may include Aggregate Information, and Cookie Information, each of which is described in further detail below.
  2. “Aggregate Information” means statistical information about how, how often, and when you use the Services and your demographic information. We may use Aggregate Information in order to understand how and how often people use the Services, which in turn allows us to improve them, but never in a way that is individually or directly identifiable.
  3. “Cookie Information” means information collected via cookies which enable our servers to recognize your web browser and tell us how and when you visit the Site and otherwise use the Services.  Cookies are small pieces of data that are stored on your computer through your web browser when you access a website.  Our cookies by themselves do not contain Personal Information, and we do not combine Cookie Information with your Personal Information to tell us who you are.

While many browsers have an option to turn off the cookie feature (which may prevent your browser from accepting any new cookie or may allow you to decide which cookie to accept from any website on a case-by-case basis), we strongly recommend that you leave cookies active because the Cookie Information we derive enables us to provide you with the most advantageous and attractive features of the Services.

Please note, however, that this Privacy Policy only covers our use of cookies and Cookie Information and does not cover the use of cookies by third parties. Certain third-party vendors use cookies in certain unrestricted publicly-available parts of our Site to provide analytical data and target and serve ads based on your prior visits to Site and use of the Services. We do not control when or how a third-party places a cookie on your computer.

How Legado Stores Your Data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers, likely Microsoft. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is processed to the same standards as if it were being processed within the EEA.

Sharing with Nominees

We will share your Secure Information (information which has been placed in your digital Vault) only with your designated Read Or Write Access Nominees and only pursuant to and in accordance with your opt-in authorisation (“Authorisation”) and explicit instruction, including the permissions you set that give any particular Read Or Write Access Nominee access to only certain designated portions of your Legado Vault. If you designate any of your Secure Information as only shareable with Read or Write Access Nominees after you are Declared Dead, then Legado will only share such Libraries or folders according to the instructions explicitly provided. If no instructions are left, we will act in accordance to UK law and grant access to information through a verification process of an acting representative. As part of your use of the Services, you may designate one of your Nominees or another individual.

Sharing with Professional Advisors

Signing up to the Services using an Invitation you received from your professional advisor or a Partner Provider, enables us to potentially share your Use Information with such professional advisor or Partner Provider, all of whom are contractually bound to protect the confidentiality of your Personal Information. For the avoidance of doubt, we don’t share any of your Secure Information with Professional Advisors or Partner Providers unless you have designated them as Access Nominees for the particular Secure Information you have chosen to share. If you have been introduced to SecureTheFile through a  Financial Adviser they will have visibility of your other Professional Advisors and Nominees, including whether they have increased access after a life event.  This is to support inter-professional communication and other nominees subsequent to such event.

Sharing with Proxys

We may share certain of your Basic Information with certain partners or service providers we use to perform, facilitate or improve the Services (collectively, “Proxys”), but only in order for Legado to be able to provide you the Services. All of our Proxys are contractually bound to protect the confidentiality of your Personal Information. We may also share non-personal Aggregate Information with our Proxys so that they understand how and how often people use our Services and their services, which in turn allows both us and them to improve. We do not share your Secure Information with Proxys.

IP Addresses

We may collect information about your computer or mobile device, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.

Third Party Advertising

Third party advertising and related links may be visible throughout the Legado website. By clicking on a third-party advertisement, you will be taken away from the Legado website. Any personal data you provide to a third party will not be covered by our privacy policy. Legado will not be held responsible for the privacy practices and content of third-party providers. It is important that you always read the privacy policies linked to any third-party advertising to ensure you are comfortable with how they will collect and manage your data.

Age of Consent

Individuals can only register an account with Legado if they are 18 years or over.

If you are under 18 years of age please do not use the Services provided by Legado, and do not provide us with any of your personal data.

If you are a parent and you are aware that your child has provided Legado with personal data, please contact us immediately at

Data Holding and Deletion

We keep your personal data only for as long as required to manage your account and provide you with our Services. All of your data will be retained by Legado for as long as you remain a user. All of your account details will be deleted 12 months after a Notice of Death has been successfully processed against your account (as supplied by your chosen account executors, Nominees or verifiable representative).

You have the right to delete your Legado account at any time. Please contact us at

Privacy Policy Changes

Any alterations we may make to our privacy policy in the future will be posted on this page and, where appropriate, communicated to you by e-mail, within reasonable timelines.


All information you provide to us is either stored on our secure servers or hosted on Microsoft Azure’s web hosting services. Any payment transactions are encrypted using SSL technology and security is provided by GoCardless on their website. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. We also ask you enable and utilise two-factor authentication for the best possible security protection.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. These procedures and processes go above what is expected and compliance to both UK and EU law.

Your Rights

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such reasons or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can exercise your right at any time by contacting us at

In addition, under the GDPR legislation, you have specific rights in regard to your personal data. These rights are as follows: 

Right to access – You have the right to be informed of or request access to the personal data we hold on you.

Right to Erasure – You have the right to request that we delete your personal data.

Right to Rectification – You have the right to request that we amend or update your personal data where it is inaccurate or incomplete.

Right to Restrict – You have the right to request that we stop processing some or all of your data, either temporarily or permanently.

Right to Data Portability – You have the right to ask for a copy of your personal data and the right to transfer this personal data for use by another provider.

Right to Object – You have the right to object to us processing your personal data and you have the right to object to your personal data being used for direct marketing activities.

Right not to be subjected to automated decision making – You have a right not to be subjected to decisions being made solely by automation. You have a right to object to profiling of your data.

Right to lodge a complaint – You have the right to lodge a complaint if you are not happy with what we do with your data. This can be sent to Information Commissioners Office, Wycliffe House Water Lane, Wilmslow, Cheshire, SK9 5AF.

The Requirements of Data Protection Laws

We regard the lawful and acceptable management of your personal information by us as very important to our successful operation, and to maintaining confidence between us and our users. We ensure that Legado handles personal information lawfully and correctly. To this end we fully endorse and adhere to the ‘Data Protection Principles’ set out in the Act. In particular, without your consent or first amending this Privacy Policy to reflect any change in our usage of personal information:

  • We will only collect sufficient personal information for the uses set out above.
  • We will not use personal information for any purpose that is incompatible with this Privacy Policy.
  • We will endeavour to keep personal information up-to-date.
  • We will not retain personal information longer than necessary unless required to do so by law.
  • We will operate appropriate technical and organisational processes to protect your personal information against unauthorised or unlawful access or processing and against accidental loss or destruction. The detailed measures we take are described elsewhere in this Privacy Policy.

To find out more about data protection, you may visit the following sites:

Disclosure of Your Information  

We may disclose your personal information to any member of our group, which means our subsidiaries or third-parties, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

Furthermore, to the purposes stated above in relation to third party goods and/or services you have consented to, we may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If Legado or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use and other agreements; or to protect the rights, property, or safety of Legado, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Disclosure pursuant to applicable law

  1. Other than sharing with Nominees, Proxys or to sellers or buyers as described above, we can only share Personal Information, including your Secure Information, in the limited circumstances described below relating to your abuse or misuse of the Services or legal process.
  2. If we deem that you have mistreated or abused the Services or the Personal Information of any other user, or have attempted to interfere with or harm the Services, we will investigate and cooperate with appropriate law enforcement officials, which may include sharing your Basic Information with them in order to protect our rights or property or that of other users, Nominees, Proxys, and others. We will give our full cooperation in any legal process or criminal investigation into any misuse or abuse of the Services.
  3. We may also share your Personal Information solely to the extent required by law to comply with a subpoena or analogous legal process or governmental request; while this may include certain of your Secure Information, rest assured that we will never willingly share any of your Secure Information unless required by law. We also do not have the ability to decrypt information which is held in your Vault. We may also share your Personal Information as otherwise necessary to protect our rights or property or that of other users, Nominees, Proxys and others.
  4. We will promptly notify you if we receive any request for your Personal Information or Secure Information from any governmental entity or other third party pursuant to a subpoena or analogous legal process before sharing any such requested information, unless we are legally prohibited from so notifying you or we have a good faith reason to believe that such sharing is or may be necessary to protect someone’s life, avoid serious physical injury or property loss or damage, or to prevent or investigate any ongoing crime.
  5. As discussed in the Terms and Conditions at, no fiduciary duty is or will ever be created between you and Legado by virtue of you using the Services. Accordingly, while communications between you and us are protected in accordance with this Privacy Policy, they are not protected by the physician-patient privilege, doctor-patient confidentiality, lawyer-client privilege, work product doctrine, or any other fiduciary duty.

Access to Information

The Access to Information Act (1985) (The “Act”) gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.

Legado Technologies Contact Information

For additional information as it relates to this privacy policy or should you have any questions or queries related to our data protection and privacy, please contact us at

Our corporate details and address and other contact details are Legado Technologies Limited of Wsm Advisors Connect House, 133-137 Alexandra Road, Wimbledon, London, United Kingdom, SW19 7JY.