Privacy Policy

1. Introduction

Legacy Guardian ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at legacyguardian.co.za (the "Service").

We comply with the Protection of Personal Information Act 4 of 2013 ("POPIA") and other applicable South African data protection laws. By using our Service, you consent to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide when registering for an account or using our services. This includes:

• Identity Information: Full name, date of birth, South African ID number, gender, and marital status
• Contact Information: Email address, telephone number, and physical address
• Account Information: Username, password (encrypted), and account preferences

2.2 Will and Estate Information

As an estate planning service, we collect sensitive information necessary to create your will and manage your estate:

• Beneficiary Information: Names, relationships, and identification details of beneficiaries
• Asset Information: Details of property, financial accounts, and other assets
• Executor Information: Details of appointed executors
• Bequests: Instructions for distribution of your estate

2.3 Medical and Emergency Information

For premium subscribers using our emergency features, we may collect:

• Medical Information: Blood type, allergies, chronic conditions, and current medications
• Medical Aid Details: Provider name, member number, and plan type
• Emergency Contacts: Names, relationships, and contact details of people to notify in emergencies
• Physician Information: Primary doctor's name and contact details

2.4 Guardian Information

When you invite guardians or accept guardian invitations:

• Guardian names and email addresses
• Access levels and permissions granted
• Guardian contact numbers (for emergency SMS notifications)

2.5 Payment Information

For subscription payments, we use PayFast as our payment processor. We do not store your credit card or banking details on our servers. PayFast handles all payment information in accordance with PCI DSS standards.

2.6 Automatically Collected Information

We automatically collect certain information when you visit our website:

• Log Data: IP address, browser type, device information, pages visited, and timestamps
• Device Information: Operating system, browser type, and user agent string (for security logging)
• Analytics Data: Website usage patterns (for non-authenticated visitors only)

3. How We Use Your Information

We use your personal information for the following purposes:

• Service Delivery: To create and manage your will, store your documents, and provide estate planning features
• Guardian Services: To facilitate guardian invitations, manage access permissions, and enable guardians to assist with your estate
• Emergency Features: To display medical information via Emergency QR codes and notify guardians in emergencies
• Account Management: To create and maintain your account, verify your identity, and manage subscriptions
• Communication: To send you important notifications about your account, guardians, and service updates
• Payment Processing: To process subscription payments and send invoices
• Security: To detect and prevent fraud, unauthorised access, and security threats
• Compliance: To comply with legal obligations and respond to lawful requests from authorities
• Improvement: To analyse usage patterns (anonymised) and improve our services

4. Information Sharing and Disclosure

We are committed to keeping your information confidential. We only share your information in the following circumstances:

4.1 With Your Guardians

When you appoint guardians, they may access information based on the access level you grant them:

• Read-Only Access: Guardians can view your will and estate information but cannot make changes
• Full Access: Guardians can view and manage your estate information on your behalf

You control guardian access at all times and can revoke access immediately.

4.2 Emergency QR Code Access

Your Emergency QR code provides limited access to emergency medical information without authentication. Anyone who scans this code can view:

• Your name and basic identification
• Medical information (blood type, allergies, conditions, medications)
• Emergency contact information
• Guardian contact details

This feature is designed to assist in medical emergencies. You have full control over whether to use this feature and can disable it at any time.

4.3 Service Providers

We may share information with trusted third-party service providers who assist us in operating our service:

• PayFast: Payment processing (they only receive payment-related information)
• Twilio: SMS notifications to guardians (they receive phone numbers only)
• Email Service Provider: Sending transactional emails
• Cloud Hosting: Secure data storage infrastructure

All service providers are contractually obligated to protect your information and use it only for the services they provide to us.

4.4 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests from government authorities, including:

• Court orders or subpoenas
• Requests from law enforcement agencies
• Regulatory requirements

5. Data Security

We implement robust security measures to protect your personal information:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Strict access controls limit who can access your data within our organisation
• Authentication: Password hashing using bcrypt and optional two-factor authentication (2FA)
• Monitoring: Continuous security monitoring and intrusion detection
• Regular Audits: Security assessments and vulnerability testing
• Audit Logging: All access to sensitive data is logged for security purposes

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but commit to maintaining industry-standard protections.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Given the nature of estate planning:

• Active Accounts: Data is retained while your account remains active
• Cancelled Subscriptions: If you cancel your subscription, your data is retained for 90 days to allow reactivation, then securely deleted unless you request earlier deletion
• Account Deletion: Upon request, we will delete your account and associated data within 30 days, except where retention is required by law
• Backup Data: Data in backups is automatically deleted according to our backup rotation policy

7. Your Rights Under POPIA

Under the Protection of Personal Information Act (POPIA), you have the following rights:

• Right to Access: You may request confirmation of whether we hold your personal information and request a copy of it
• Right to Correction: You may request correction of any inaccurate or incomplete personal information
• Right to Deletion: You may request deletion of your personal information, subject to legal retention requirements
• Right to Object: You may object to the processing of your personal information in certain circumstances
• Right to Data Portability: You may request your data in a commonly used, machine-readable format
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
• Right to Lodge a Complaint: You may lodge a complaint with the Information Regulator if you believe your rights have been violated

To exercise any of these rights, please contact us using the details provided below.

8. Cookies and Analytics

8.1 Essential Cookies

We use essential cookies that are necessary for the website to function properly:

• Session Cookies: To maintain your login session and security tokens
• CSRF Tokens: To protect against cross-site request forgery attacks

8.2 Analytics (Public Pages Only)

We use Google Analytics 4 to understand how visitors interact with our public pages (homepage, pricing, blog, contact). Important privacy considerations:

• Not Used for Logged-In Users: Analytics tracking is disabled once you log in to your account
• IP Anonymisation: IP addresses are anonymised before being stored
• No Personal Data: Analytics does not collect personal information like your name or email

9. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and stored on servers located outside South Africa. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information in compliance with POPIA.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Effective Date" at the top
• Sending you an email notification for significant changes

We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal information, please contact us:

You may also lodge a complaint with the Information Regulator at: