Your GDPR rights
Plain-language summary. Under UK GDPR (and the EU equivalent) you have a defined set of rights over the personal data we hold about you. This page lists those rights, what each one means in the context of LGCYBox, and how to exercise it.
Last updated: 22 April 2026.
1. Who is the data controller?
The LGCYBox project is the data controller for the personal data you enter while using the service. Contact: [email protected].
2. What we hold and why
See the Privacy Policy for a complete list of what we collect, where we keep it, and what we use it for. The short version: account data, your memos (financial, personal, funeral wishes), your trustees, your optional medical profile, operational logs, and any death notifications submitted about you.
3. Your rights, point by point
3.1 Right to be informed
You have the right to know what we do with your data. The Privacy Policy is the formal answer; this page is the rights-focused one.
3.2 Right of access
You can download an export of everything we hold for your account at any time:
- Sign in and visit Download my data.
- The export is a ZIP containing one JSON per memo type, plus your trustees, plus the non-encrypted profile metadata. Memo titles and bodies are decrypted in the export.
- Uploaded files (video / image memos) are not bundled into the ZIP; the export lists their S3 URLs.
If the self-service export is not enough for your purposes, email [email protected] and we will provide a Subject Access Response within one calendar month.
3.3 Right to rectification
You can edit any of your data inline:
- Edit profile for name, date of birth, country and phone number.
- Open any memo's detail page and click "Update memo" to fix its title or details.
- Open any trustee's detail page and click "Update trustee" to fix their contact details.
Free-tier limitations: deleting always works, but creating and updating require an active subscription. See Pricing.
3.4 Right to erasure ("right to be forgotten")
You can delete your entire account at Delete my account. We require you to re-enter your password and type a confirmation phrase. On submission:
- Your User row, Profile, all memos (encrypted bodies and metadata), all trustees, your medical profile (and its access-log entries), and your notification preferences are deleted in a single transaction.
- Any uploaded video / image files in our private S3 bucket are deleted as part of the cascade.
- Audit-log entries naming you may be retained for up to 12 months for fraud-prevention purposes, then deleted. We do this under our legitimate-interests basis.
You can also delete individual memos and trustees from their respective detail pages without closing your account, regardless of subscription status.
3.5 Right to restrict processing
If you would like us to stop processing your data while you contest something we hold, email [email protected]. We will freeze the affected data until the issue is resolved.
3.6 Right to data portability
The Download my data export described in ยง3.2 above produces JSON files designed to be machine-readable. You can take that ZIP to any other service that accepts the same shape, or transform it programmatically.
3.7 Right to object
You can object to specific processing activities:
- Outbound notification emails โ turn each category off in Notification preferences.
- Other processing โ email [email protected] with the specific objection.
3.8 Rights related to automated decision-making
We do not perform automated profiling or solely-automated decision-making against you. Death notifications are reviewed by a human before any release, and you have a contest window before any memos go out.
4. How long we keep things
While your account is open, we keep everything you have entered. After your account is closed (whether by you or by us), we delete account-scoped data within 30 days. Audit log entries naming you may be retained for up to 12 months.
5. Lawful basis
- Performance of contract: running your account and delivering memos to your trustees on the conditions you agreed to at signup.
- Legal obligation: compliance with tax, accounting and law-enforcement requests where applicable.
- Legitimate interests: abuse prevention (rate limiting, brute-force lockouts) and the audit log.
- Consent: any non-essential processing we add later will ask for your consent first.
6. Where your data lives
Your data is processed and stored on Amazon Web Services infrastructure. Live storage of your account, memos and trustee details is in the eu-west-2 (London) region. Backup snapshots may briefly transit other AWS regions for redundancy purposes; they remain encrypted in transit and at rest at all times.
Outbound email is sent through Amazon SES in a United States region (us-west-2). This means the contents of any email we send — including trustee invitations and the release emails containing the memos (and, if you opted in, the medical profile) you addressed to a trustee — are transmitted to and processed in the United States. Where this involves a transfer of personal data outside the UK/EEA, it is carried out under the data-transfer mechanism in our AWS data processing agreement (including Standard Contractual Clauses where applicable). If you would prefer your data not to leave the UK/EEA, do not use email-dependent features.
7. Complaints
If you are not happy with how we have handled your data, you can complain to the UK Information Commissioner's Office at ico.org.uk, or your local supervisory authority within the EU. We would prefer you contact us first — [email protected] — so we have a chance to resolve the issue.