Last updated: 16 April 2026
YourEstateVault (“we”, “us”, “our”) operates the YourEstateVault web application, a personal estate planning and digital vault tool. We are committed to protecting your privacy and handling your data in a transparent, lawful manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
For any privacy-related enquiries, please contact us at [email protected].
All vault data — including personal identity details, financial records, final wishes, personal messages, and all other vault contents — is encrypted using AES-256-GCM encryption directly in your browser before being transmitted to our servers. Encryption keys are derived from your account identity using PBKDF2 (310,000 iterations); our servers only ever store ciphertext and we cannot read the plaintext contents of your vaults.
Account metadata (your email address, subscription status, and Dead Man’s Switch settings) is stored on our servers and is protected in accordance with this policy. We do not access, read, or share the contents of your vaults.
We collect a minimal set of data necessary to operate the service:
| Data | Purpose | Legal basis |
|---|---|---|
| Account email address and name | Authentication via Manus OAuth; account identification | Contract performance |
| Subscription status and Stripe customer ID | Determining which features you have access to | Contract performance |
| Dead Man’s Switch settings (check-in interval, executor email) | Sending automated executor notification emails on your behalf | Contract performance / your explicit consent |
| Session cookies | Maintaining your authenticated session | Legitimate interest (service operation) |
| Anonymised usage analytics (page views, feature interactions) | Improving the product | Legitimate interest (product improvement) |
Subscription payments are processed by Stripe, Inc. We do not store your card number, CVV, or any other payment card data on our servers. Stripe acts as an independent data controller for payment data and processes it under their own Privacy Policy. We store only your Stripe Customer ID and Subscription ID to manage your access level.
If you activate the Dead Man’s Switch feature, we will send an automated email to the executor email address you specify if you fail to check in within your chosen interval. This email will contain only the notification message you have configured. We do not include vault contents in this email. You can disable this feature at any time from the Dead Man’s Switch settings page.
We retain your account data (email, subscription status, Dead Man’s Switch settings, and encrypted vault contents) for as long as your account is active.
Self-serve deletion: You can permanently delete your account at any time by navigating to Settings → Account Settings and selecting “Delete account” in the Danger Zone section. You will be asked to confirm by typing your email address. Once confirmed, your account and all associated data are deleted immediately from our servers. A confirmation email is sent to your registered address as a GDPR-compliant record of the deletion.
The following data is deleted when you close your account:
We recommend downloading an Offline Archive from the Offline Archive page before deleting your account if you wish to retain a local copy of your vault data. The deletion dialog will warn you if your most recent archive is out of date or has never been created.
If you are unable to access your account and wish to request deletion by email, please contact [email protected]. We will action the request and confirm deletion within 30 days.
You have the following rights regarding your personal data:
Right to erasure (account deletion) can be exercised directly within the app at Settings → Account Settings → Danger Zone. All data is deleted immediately and a confirmation email is sent to you automatically. For all other rights, or if you cannot access your account, please email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
We use a small number of cookies that are strictly necessary to operate the service (session authentication). We also use anonymised analytics cookies to understand how the product is used. You can manage your cookie preferences using the cookie notice shown when you first visit the site.
We use the following third-party services:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with our obligations under the UK General Data Protection Regulation (UK GDPR, Articles 33 and 34). We will also notify the Information Commissioner’s Office (ICO) where required. Notification will be sent to your registered email address and will include the nature of the breach, the likely consequences, and the measures we have taken or propose to take to address it.
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last updated” date at the top of this page and, where appropriate, by sending an email to your registered address. Continued use of the service after changes take effect constitutes acceptance of the updated policy.