How it worksSecurityPricing Questions Log in Start Free

Draft — pending legal review. This Privacy Policy is a working draft prepared for legal sign-off and is not yet a final, binding statement of our practices. We are publishing it openly while it is reviewed. Questions? hello@legacydash.co.

Legal

Privacy Policy

We built LegacyDash so that we cannot read the records you store. This policy explains what we do process, why, who helps us run the service, and the rights you have over your information.

Last updated: June 2026

The short version

  • Your record contents are encrypted on your device with a key only you hold. We store ciphertext we cannot read.
  • We process a small amount of data to run the service: your account email, authentication data, billing (via Stripe), and support messages.
  • We do not sell or mine your personal data, and we use no third-party ad or tracking scripts.
  • You can export your data and delete your account yourself, any time, from the app.

1. Who we are (data controllers)

LegacyDash is operated jointly by Studio 12 LLC (United States) and IP Software SRL (Romania, European Union). Together we are the "data controllers" responsible for the personal information described in this policy — that is, we decide why and how it is processed.

For any privacy question or to exercise a right, contact us at hello@legacydash.co. If you are in the EU/EEA, IP Software SRL acts as our point of contact for data-protection matters; if you are in the United States, Studio 12 LLC does.

2. Our zero-knowledge design (the most important part)

The whole point of LegacyDash is that your most sensitive records stay private — even from us. The contents you add (account details, documents, passwords, final wishes, and similar) are encrypted on your device, before they are sent to our servers, using a key derived from a master password that only you know.

We store the encrypted result. We do not hold your master password or your encryption key, and we are not able to decrypt your record contents. In plain terms: we can see that an account exists, but the contents are a locked box to us. This is sometimes called client-side, zero-knowledge encryption.

One honest consequence: because we never hold your key, we cannot recover your encrypted contents if you lose both your master password and your recovery phrase. We give you a recovery phrase at setup for exactly this reason — please keep it safe.

3. What information we process

We deliberately collect as little as possible. We process the following categories — none of which include the readable contents of your encrypted records:

  • Account & authentication data — your email address, a securely hashed login password, and security data such as multi-factor-authentication settings and session/refresh tokens. We use these to create and secure your account.
  • Encrypted record data — the ciphertext of your records and any uploaded document files. We store this so it is available to you and, when you choose, to your designated emergency contacts. We cannot read it.
  • Billing data — if you buy a paid plan, payment is handled by Stripe. We receive limited billing metadata (such as plan, status, and the last digits of a card) needed to manage your subscription; we never receive full card numbers.
  • Support correspondence — if you email us, we keep the message and our reply so we can help you and improve the service.
  • Product analyticswe do not currently use any third-party product analytics, and we use no third-party ad or tracking scripts. If we add privacy-respecting, first-party analytics in the future, we will update this policy before doing so — and it would never include the contents of your records.

We do not build advertising profiles about you.

4. Why we process it, and our legal bases (GDPR)

Where the GDPR applies, we rely on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)) — to create your account, store your encrypted records, generate your emergency kit, and provide the features you sign up for.
  • Legitimate interests (Art. 6(1)(f)) — to keep the service secure, prevent abuse, and improve the product, balanced against your rights.
  • Legal obligation (Art. 6(1)(c)) — to keep certain billing and tax records, and to respond to lawful requests.
  • Consent (Art. 6(1)(a)) — where we ask for it, such as optional communications. You can withdraw consent at any time.

5. Who we share data with (sub-processors)

We do not sell your personal data and we do not share it with advertisers. We do rely on a small set of trusted service providers ("sub-processors") to run LegacyDash. Each is bound by a data-processing agreement and may only use data on our instructions.

Sub-processor What it does Data involved Location
Amazon Web Services (AWS) Cloud hosting and encrypted file storage (Amazon S3) Encrypted record contents (ciphertext we cannot read), uploaded document files, account metadata United States
Amazon SES Transactional email only — sign-up verification, password reset, security and emergency-access notifications Account email address, message content of the notification United States
Stripe, Inc. Payment processing for paid plans Billing details and payment-card data (handled by Stripe; we never see full card numbers) United States

We use Amazon SES for transactional email only (account and security messages) — not marketing blasts. Because of our zero-knowledge design, sub-processors that store your records (such as AWS S3) only ever hold ciphertext they cannot read.

6. How long we keep data

We keep personal data only as long as needed for the purpose it was collected. While your account is active, we retain your account, encrypted records, and settings so the service works for you. When you delete your account, we delete your personal data and encrypted records from our active systems, and from backups on our regular backup-rotation cycle, except where we must retain limited records to meet a legal obligation (for example, billing and tax records).

7. International data transfers

LegacyDash is operated from both the United States and the European Union, and some of our sub-processors are based in the United States. This means your information may be transferred to and processed in the U.S. Where we transfer personal data out of the EU/EEA, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses — and we take additional measures, including our zero-knowledge encryption, to protect it in transit and at rest.

8. How we protect your data

Security is core to the product, not an afterthought:

  • Client-side, zero-knowledge encryption of your record contents — encrypted on your device using AES-256-GCM, with your key derived from your master password (PBKDF2-SHA256, 600,000 iterations) and protected via AES key-wrapping. We never receive your key, so we cannot decrypt your records.
  • Recovery built in — a BIP-39 recovery phrase lets you restore access if you forget your master password, and you can pre-set emergency access for the people you choose.
  • Strong account protection — login passwords are hashed with Argon2id (never stored in plain text), sessions use signed tokens, and multi-factor authentication is available.
  • Encryption in transit and at rest — traffic is served over HTTPS, and stored files are held with server-side encryption at the storage layer in addition to your own client-side encryption.
  • No third-party trackers — we don't sell, mine, or analyze the contents of what you store, and we use no third-party ad/tracking scripts.

9. Your rights (GDPR / EU & EEA)

If you are in the EU/EEA (or another region with comparable law), you have the right to:

  • Access — get a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data ("right to be forgotten").
  • Portability — receive your data in a structured, machine-readable format and move it elsewhere.
  • Restriction — ask us to limit how we process your data in certain cases.
  • Objection — object to processing based on our legitimate interests.
  • Withdraw consent — at any time, where processing is based on consent.
  • Complain — lodge a complaint with your local supervisory authority (in Romania, the ANSPDCP).

Many of these are self-serve: you can export your data and delete your account directly in the app. For anything else, email hello@legacydash.co and we will respond within the timeframe the law requires (generally one month).

10. Your rights (California — CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know — what personal information we collect about you, and how we use and disclose it.
  • Delete — request deletion of the personal information we collected from you.
  • Correct — request correction of inaccurate personal information.
  • Opt out of "sale" or "sharing"we do not sell or share your personal information for cross-context behavioral advertising, so there is nothing to opt out of, but you may confirm this with us at any time.
  • Limit use of sensitive personal information — we do not use sensitive personal information beyond what is necessary to provide the service.
  • Non-discrimination — we will never deny service, charge a different price, or provide a different quality of service because you exercised a privacy right.

To exercise a California right, use the in-app export/delete tools or email hello@legacydash.co. We will verify your request and respond within the time the CCPA/CPRA allows (generally 45 days, with one permitted extension). You may use an authorized agent to make a request on your behalf.

11. Children

LegacyDash is intended for adults and is not directed to anyone under 18. We do not knowingly collect personal information from children. If you believe a minor has provided us information, contact us and we will delete it.

12. Changes to this policy

As LegacyDash evolves — and once this draft completes legal review — we may update this policy. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Your continued use of the service after an update means you accept the revised policy.

13. How to contact us

For any privacy question, request, or concern, email us at hello@legacydash.co. We read every message and aim to respond promptly. You can also review our security practices and our terms of service.

Common questions

Privacy, answered plainly.

No. The contents of your records are encrypted on your device with a key only you hold, before anything is sent to us. We store the encrypted result and cannot decrypt it. We can't read your data — not because we promise, because the math won't let us.
No. We do not sell or share your personal information for cross-context behavioral advertising, and we do not embed third-party advertising or tracking scripts. We do not currently use any third-party product analytics. If we ever add privacy-respecting, first-party analytics, we will update this policy before doing so.
Both are self-serve from inside the app. You can export everything at any time — your records and your generated emergency kit — and you can permanently delete your account and its data from your account settings. You can also email us to make a request.
Because we never hold your key, we cannot recover the contents of your encrypted records for you. Keep your BIP-39 recovery phrase safe — it is the way back in. This is the trade-off of true zero-knowledge encryption: maximum privacy means we genuinely cannot open the box on your behalf.

Privacy you can verify, not just trust.

Start free and see for yourself — your records are locked on your device with a key only you hold.

Start Free — no card Read our security approach

No credit card · Free forever · We can't read your data