Privacy Policy

1. Introduction

Logan ("we," "us," "our") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our digital estate planning platform (the "Services").

This policy complies with the General Data Protection Regulation (GDPR) for UK and EU users, the California Consumer Privacy Act (CCPA) for California users, and other applicable privacy laws.

2. Data Controller and Contact Information

3. Information We Collect

3.1 Personal Information You Provide

• Account Information: Name, email address, password, phone number, country of residence
• Identity Verification: Date of birth, government-issued ID, national insurance/social security number (when required for death registry integration)
• Financial Information: Asset details, account balances (via Open Banking), investment holdings, cryptocurrency wallets, property ownership
• Beneficiary Information: Names, contact details, relationships, addresses of designated beneficiaries
• Documents: Wills, title deeds, property documents, financial statements, identification documents
• Instructions and Messages: Distribution instructions, personal messages to beneficiaries, funeral preferences
• Executor Information: Details of appointed executors or professional representatives

3.2 Information Collected Automatically

• Device and Usage Data: IP address, browser type, device identifiers, pages visited, time spent
• Cookies and Tracking: Session cookies, analytics cookies, preference cookies
• Security Logs: Login attempts, authentication events, security incidents
• Performance Data: Error logs, system performance metrics

3.3 Information from Third Parties

• Open Banking APIs: Bank account balances, transactions, account details (with your consent)
• Death Registries: Death verification data from government registries (UK General Register Office, US Social Security Death Index)
• Market Data Providers: Asset valuations, stock prices, cryptocurrency values, property valuations
• Identity Verification Services: ID verification results, fraud detection scores

4. How We Use Your Information

4.1 Legal Bases for Processing (GDPR)

We process your data based on:

• Contract Performance: To provide estate planning services you've requested
• Consent: For Open Banking access, marketing communications, optional features
• Legal Obligation: To comply with tax reporting, anti-money laundering, and estate administration laws
• Legitimate Interests: For fraud prevention, security, system improvement, and analytics

4.2 Specific Uses

• Creating and maintaining your digital estate plan
• Storing and organizing asset and beneficiary information
• Calculating inheritance tax estimates
• Processing documents using AI/OCR technology
• Verifying document authenticity and detecting fraud
• Connecting to bank accounts via Open Banking (with consent)
• Monitoring death registries for automated execution triggers
• Notifying executors and beneficiaries upon death verification
• Transferring documents to beneficiaries per your instructions
• Providing customer support and troubleshooting
• Detecting and preventing fraud, unauthorized access, and security threats
• Complying with legal obligations and responding to legal requests
• Improving our Services through analytics and research
• Sending service updates, security alerts, and (with consent) marketing communications

5. AI and Automated Decision-Making

5.1 AI Document Processing

We use artificial intelligence to:

• Extract text from uploaded documents (OCR)
• Classify document types (title deeds, statements, etc.)
• Verify document authenticity and detect forgeries
• Extract asset information from documents
• Generate estate planning recommendations
• Calculate tax liabilities

Your Rights: You have the right to request human review of AI decisions that significantly affect you, object to automated processing, and receive explanations of AI-driven recommendations.

5.2 Automated Will Execution

Upon death verification, our systems automatically value assets and calculate taxes. While largely automated, human oversight is available through our optional Executor Service. You can specify in your account whether you want human review before execution.

6. How We Share Your Information

6.1 With Your Consent

• Beneficiaries: Upon verified death, information is shared per your instructions
• Executors: Designated executors receive access to necessary information
• Open Banking: We connect to banks you authorize

6.2 Service Providers

We share data with trusted service providers who assist with:

• Cloud hosting and data storage (AWS, Google Cloud)
• Payment processing (Stripe)
• Email communications (SendGrid)
• AI and machine learning processing (OpenAI, Anthropic)
• Identity verification and fraud detection
• Analytics (Google Analytics, Vercel Analytics)

All service providers are contractually required to protect your data and use it only for specified purposes.

6.3 Legal Requirements

We may disclose information when required by law:

• To comply with court orders, subpoenas, or legal processes
• To cooperate with law enforcement investigations
• To report suspected fraud or money laundering
• To protect our legal rights or defend against claims
• To prevent imminent harm or illegal activity

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you and ensure the acquiring entity honors this Privacy Policy.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States. We use appropriate safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for transfers to approved countries
• Binding Corporate Rules for intra-group transfers
• Your explicit consent for specific transfers

8. Data Security Measures

We implement industry-standard security measures:

• Encryption: AES-256 encryption at rest, TLS 1.3 in transit
• Authentication: Multi-factor authentication (MFA), passwordless options
• Access Controls: Role-based access, principle of least privilege
• Monitoring: 24/7 security monitoring, intrusion detection
• Audits: Regular security audits and penetration testing
• Incident Response: Documented breach response procedures
• Employee Training: Security awareness training for all staff
• Data Minimization: We collect only necessary information

Despite these measures, no system is completely secure. We cannot guarantee absolute security of your data.

9. Data Retention

9.1 Active Accounts

We retain your data while your account is active and for purposes of estate execution.

9.2 After Account Closure

• Voluntary Closure: Data deleted within 90 days, except where legal obligations require retention
• Post-Death: Data retained for estate administration (typically 7-10 years) then archived or deleted
• Legal Hold: Data subject to legal proceedings retained until resolution

9.3 Backup and Archives

Backup copies are retained for 30-90 days and then permanently deleted. Archived data for legal compliance is retained per regulatory requirements (typically 7 years).

10. Your Privacy Rights

10.1 GDPR Rights (UK/EU Users)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure ("Right to be Forgotten"): Request deletion (subject to legal obligations)
• Restriction: Limit processing in certain circumstances
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests or for marketing
• Automated Decisions: Not be subject to solely automated decisions with legal effects
• Withdraw Consent: Withdraw consent at any time (doesn't affect prior processing)
• Complain: Lodge a complaint with your supervisory authority (ICO in UK)

10.2 CCPA Rights (California Users)

• Know: Request disclosure of personal information collected
• Delete: Request deletion of personal information
• Opt-Out: Opt-out of sale of personal information (we do not sell data)
• Non-Discrimination: Equal service regardless of privacy choices

10.3 Exercising Your Rights

To exercise these rights, contact us at privacy@logan.com or use the privacy controls in your account settings. We will respond within 30 days (GDPR) or 45 days (CCPA).

We may require identity verification before processing requests to prevent unauthorized access.

11. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately for deletion.

Beneficiaries may be minors, but their information is provided by adult users creating estate plans.

12. Cookies and Tracking Technologies

12.1 Types of Cookies

• Essential Cookies: Required for login, security, and core functionality
• Analytics Cookies: Help us understand usage patterns and improve Services
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Used for targeted advertising (with consent)

12.2 Managing Cookies

You can control cookies through your browser settings or our cookie consent manager. Disabling essential cookies may prevent access to certain features.

13. Do Not Track Signals

We currently do not respond to Do Not Track (DNT) browser signals, as there is no industry standard for DNT compliance. We honor opt-out preferences expressed through our privacy controls.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or Services. Material changes will be notified via email at least 30 days before effectiveness.

Continued use after changes constitutes acceptance. If you disagree with changes, you may close your account before the effective date.

15. Contact Us and Complaints

Supervisory Authorities:

• UK: Information Commissioner's Office (ICO) - ico.org.uk
• EU: Your national data protection authority
• California: California Attorney General - oag.ca.gov