Privacy Policy

Effective: March 25, 2026

1. Introduction

LegacyArk is a software-as-a-service (SaaS) application that helps individuals and families manage estate planning checklists, probate workflows, and legacy documentation. We understand that the information you entrust to us is deeply personal, and we take that responsibility seriously.

This Privacy Policy explains what information we collect, how we use and protect it, and what choices you have. It applies to all users of the LegacyArk website and application. By using LegacyArk, you agree to the practices described here. If you do not agree, please do not use our service.

2. Information We Collect

Account Information

When you create an account, we collect basic information needed to identify you and provide the service:

Your name and email address
Password (stored in hashed form — we never see or store your plain-text password)
Profile information you choose to provide

Estate and Checklist Data

The core of LegacyArk is the data you enter about your estate plans, probate tasks, and legacy documents. This may include:

Checklist items and task progress
Uploaded documents such as death certificates, wills, financial account details, and legal filings
Notes, contacts, and other information you add to your workspace

This data belongs to you. We access it only to provide and improve the service, as described below.

Payment Information

When you subscribe to a paid plan, payment is processed by Stripe. We do not store your full credit card number, bank account number, or other payment credentials on our servers. Stripe provides us with limited information such as the last four digits of your card, card brand, expiration date, and billing address so we can display your payment method and process invoices.

Usage and Analytics Data

We automatically collect certain technical information when you use LegacyArk:

Device type, browser type, and operating system
IP address and approximate geographic location
Pages visited, features used, and time spent in the application
Referring URLs and how you arrived at our site

We use this data in aggregate to understand how people use LegacyArk so we can make it better. We do not use analytics data to build individual profiles for advertising.

3. How We Use Your Information

We use the information we collect for the following purposes:

Providing the service: Storing your checklists, documents, and estate planning data so you can access and manage them
Account management: Authenticating your identity, managing your subscription, and communicating with you about your account
Processing payments: Handling subscription billing, refunds, and related financial transactions through Stripe
Improving LegacyArk: Analyzing usage patterns to fix bugs, improve features, and build new functionality
Security: Detecting and preventing fraud, abuse, and unauthorized access to your account
Legal compliance: Meeting our legal obligations, responding to lawful requests, and enforcing our terms
Communication: Sending you service-related emails such as account confirmations, billing receipts, security alerts, and important product updates

We will not use your estate planning data, uploaded documents, or checklist content for advertising, marketing to third parties, or any purpose unrelated to providing you the LegacyArk service.

4. Data Storage and Security

We know the data you store in LegacyArk is sensitive. Here is how we protect it:

Database: Your data is stored in a PostgreSQL database managed by Supabase, a trusted infrastructure provider. All data is encrypted at rest using AES-256 encryption.
Encryption in transit: All communication between your browser and our servers is encrypted using TLS (HTTPS). Data is never transmitted in plain text.
Row Level Security (RLS): We enforce Row Level Security at the database level, which means users can only access their own data. Even if a software bug were to occur, the database itself prevents one user from seeing another user's information.
Access controls: Only a limited number of authorized team members have access to production infrastructure, and that access is logged and audited.
Regular backups: Your data is backed up regularly to protect against data loss.

While we implement industry-standard security measures, no system is 100% secure. We encourage you to use a strong, unique password and enable any additional security features we offer.

5. Third-Party Services

We rely on a small number of trusted third-party services to operate LegacyArk. Each of these providers has their own privacy policy and security practices:

Supabase — Provides our database hosting, user authentication, and file storage. Your account credentials and application data are stored on Supabase infrastructure.
Stripe — Processes all payments and subscription billing. When you enter payment information, it goes directly to Stripe. We never handle or store your full payment credentials.
Vercel — Hosts our web application and serves the LegacyArk website. Vercel may process technical data such as IP addresses and request logs as part of delivering the service.

We only share the minimum data necessary with each provider for them to perform their function. We do not sell or provide your personal data to any other third parties for their own marketing or commercial purposes.

6. Sharing and Disclosure

We do not sell, rent, or trade your personal information. Period. We may disclose your information only in these limited circumstances:

With your consent: If you explicitly ask us to share information with a third party
Service providers: With the third-party services listed above, solely to operate LegacyArk
Legal requirements: If we are required by law, subpoena, court order, or government request to disclose your information. We will notify you if legally permitted to do so.
Safety and fraud prevention: If we believe disclosure is necessary to prevent harm, fraud, or illegal activity
Business transfers: If LegacyArk is acquired, merged, or sells assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

7. Your Rights

You have control over your data. Here are your rights:

Access: You can access all the data you have stored in LegacyArk at any time through your account
Export: You can request a complete export of your data in a standard, machine-readable format
Correction: You can update or correct your personal information through your account settings, or by contacting us
Deletion: You can delete individual items within the application, or request that we delete your entire account and all associated data. Account deletion requests are processed within 30 days.
Portability: You can request your data in a portable format to transfer to another service
Objection: You can object to certain types of data processing by contacting us

To exercise any of these rights, contact us at hello@legacyark.com. We will respond to all requests within 30 days. We will never charge you a fee for exercising your rights.

8. Data Retention

We retain your data for as long as your account is active and you continue to use LegacyArk. Specifically:

Active accounts: All your data is retained and accessible for the lifetime of your account
Cancelled subscriptions: If you cancel your paid subscription, we retain your data for a reasonable period so you can reactivate without losing your work. You can request deletion at any time.
Account deletion: When you request account deletion, we permanently remove your personal data and estate planning content within 30 days. Some data may persist in encrypted backups for up to 90 days before being fully purged.
Legal obligations: We may retain certain records (such as billing history) as required by law, even after account deletion

9. Cookies and Tracking

LegacyArk uses cookies and similar technologies in limited ways:

Essential cookies: Required for the application to function. These handle things like keeping you logged in and remembering your session. You cannot opt out of these without losing core functionality.
Analytics cookies: We may use analytics tools to understand how people use LegacyArk in aggregate. These cookies do not track you across other websites.

We do not use advertising cookies or tracking pixels. We do not participate in ad networks or allow third-party advertisers to place cookies on our site.

10. Children's Privacy

LegacyArk is not directed at children under the age of 13 and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@legacyark.com and we will promptly delete that information.

11. International Data Transfers

LegacyArk is operated from the United States. If you are accessing the service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

By using LegacyArk, you consent to the transfer of your information to these countries, which may have different data protection laws than your country of residence. We take steps to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes:

We will update the "Effective" date at the top of this page
For significant changes, we will notify you by email or through a prominent notice in the application
Your continued use of LegacyArk after changes take effect constitutes acceptance of the updated policy

We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@legacyark.com

We aim to respond to all inquiries within 30 days.