Privacy notice
Last updated 01 Jun 2025
EstateHQ Tech Ltd, trading as EstateHQ (“we”, “us”, “our”), is committed to protecting the privacy of the people who use our service — most of whom are families managing the affairs of someone who has died. This notice explains how we collect, use, and protect your personal data.
1. Who we are
EstateHQ Tech Ltd, a company registered in England and Wales, company number 17239216, trading as EstateHQ. We are registered with the Information Commissioner’s Office — ICO registration number ZC155686. We are the controller of your personal data for the purposes of UK GDPR. Our registered office address is available on request — please email privacy@estatehq.io.
2. Personal data we collect
- Account data — name, email, password (hashed), phone (optional), role.
- Estate data — details of the deceased (name, dates, address, National Insurance number where provided), the will, executors, beneficiaries, and any assets, debts and gifts you record.
- Documents — files you upload, such as death certificates, wills, statements, identification.
- Communications — emails and messages you send us, support tickets, in-app messages.
- Technical data — IP address, browser type, device identifiers, and basic analytics about how the service is used.
- Payment data — we never store full card details; payments are processed by Stripe.
3. Special category data
Some information relating to the deceased (for example, cause of death or medical context relevant to an insurance claim) may be considered special category data. Where you choose to provide this, you explicitly consent to us processing it for the sole purpose of administering the estate on your behalf. You can withdraw this consent at any time by deleting that data from your dashboard or by contacting us.
4. Legal basis for processing
- Contract — to provide you with the EstateHQ service.
- Legal obligation — to comply with anti-money-laundering, tax and accounting requirements.
- Legitimate interests — to keep the service secure, prevent fraud, and improve EstateHQ. We balance these interests against your rights.
- Consent — for non-essential analytics cookies, marketing emails, and any special category data.
5. How we use your data
To create and manage your account; to administer the estate(s) you authorise us to handle; to notify institutions on your behalf; to draft probate and inheritance tax forms; to send service emails (such as security alerts and confirmations); to provide customer support; to comply with our legal duties; and to improve our service.
6. How long we keep your data
We retain estate records for seven years following the closure of an estate, in line with HMRC and probate record-keeping expectations. Account data is held for as long as your account is active. Audit logs are retained for seven years for compliance.
7. Sub-processors
We use the following sub-processors. Each has been chosen for their security posture and contractual commitments to UK GDPR.
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | EU (Frankfurt) |
| Stripe | Payment processing | UK / EU / USA |
| Resend | Transactional email | EU / USA |
| OpenAI | Document understanding (used to read uploaded statements and letters) | USA |
| PostHog | Anonymous product analytics (opt-in) | EU |
| Sentry | Error monitoring | EU |
| Twilio | SMS notifications (optional) | UK / EU / USA |
| Arcjet | Bot and abuse protection | EU |
8. International transfers
Some sub-processors are based outside the UK. Where they are, we rely on the UK’s International Data Transfer Agreement or the EU Standard Contractual Clauses (with the UK Addendum) as appropriate, plus supplementary measures such as encryption in transit and at rest.
9. Security
Documents are stored in a private bucket and accessed only via short-lived signed URLs. All data is encrypted at rest and in transit. Access is governed by row-level security at the database layer, so no user can ever see another estate’s data. Every significant action is recorded in an immutable audit log.
10. Your rights
Under UK GDPR you have the right to: be informed; access your data; rectify inaccurate data; erase data (“right to be forgotten”); restrict processing; data portability; object to processing; and not be subject to automated decision-making. To exercise any of these rights, email privacy@estatehq.io. You may also complain to the ICO at ico.org.uk.
11. Cookies
Please see our cookie policy for full detail. Essential cookies (sign-in, CSRF) are always on; non-essential cookies require your consent.
12. Children
EstateHQ is intended for users aged 18 or over. We do not knowingly collect personal data from children.
13. Changes to this notice
We may update this notice from time to time. Material changes will be highlighted in the app and emailed to active users.
14. Contact us
EstateHQ Tech Ltd, a company registered in England and Wales, company number 17239216, trading as EstateHQ. ICO registration number ZC155686.
Email: privacy@estatehq.io. We’ll reply within five working days. If you would prefer to write to us by post, request our registered office address at the same email.