Last updated: 23 April 2026
Privacy Policy
Your words are deeply personal. This policy explains what we collect, how we use it, and the rights you have. In short: we hold as little data as possible, and your messages are unreadable even to us.
1. Who is responsible
BrightLeft Ltd is the data controller for information you provide through the service. Registered in England & Wales. Our Data Protection Officer can be reached at privacy@brightleft.com.
2. What we collect
Account information
- Your name and email address.
- A hashed version of your password (never the password itself).
- Your plan and billing status (but not your card details — Stripe handles those).
Message metadata
- Title, kind (letter / video / etc.), delivery schedule, and trustee email addresses.
- We do not see the contents of your messages — they are encrypted on your device.
Usage data
- When you last signed in and last checked in.
- Basic technical data (IP address, browser, device type) retained for security.
3. What we do not collect
- The decrypted contents of your messages, videos, or uploads.
- Behavioural tracking for advertising purposes.
- Your card details or payment credentials.
4. Why we process your data (legal basis)
- Contract: to provide the service you pay for — hosting, scheduling, delivering your messages.
- Legitimate interests: to keep the service secure, detect abuse, and make product improvements.
- Consent: for optional communications — we only email you about your account and delivery unless you opt in.
- Legal obligation: to comply with tax, accounting and law-enforcement requirements.
5. How we protect your data
- Zero-knowledge encryption: every message is encrypted on your device using AES-256-GCM. Encryption keys never leave your browser unprotected.
- Encryption at rest and in transit: TLS 1.3 everywhere. Encrypted storage on Supabase.
- Access control: only a limited number of BrightLeft engineers can access infrastructure, and none can read your content.
6. Who we share data with
We work with a small number of trusted processors:
- Supabase — database & storage (EU region).
- Stripe — payment processing.
- Resend — transactional email delivery.
- Vercel — hosting & CDN.
Each processor is bound by a data-processing agreement and processes data only on our instructions. We never sell your data.
7. International transfers
Your data is hosted in the EU/UK by default. Where a processor transfers data outside this area (for example, a US sub-processor), the transfer is covered by Standard Contractual Clauses and additional safeguards.
8. How long we keep data
- Your account and content: retained while your account is active.
- On account closure: encrypted content deleted within 90 days.
- Billing records: retained for 6 years as required by tax law.
- Security logs: retained for up to 12 months.
9. Your rights
Under UK GDPR and equivalent laws, you have the right to:
- Access a copy of the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your account and data.
- Restrict or object to certain processing.
- Receive your data in a portable format.
- Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
To exercise any of these rights, email privacy@brightleft.com. We aim to respond within 30 days.
10. Trustees
When you designate a trustee, we store their name and email so we can deliver your messages when the time comes. Trustees are informed at the point of delivery, not at the point of designation (unless you tell them yourself). If you believe you have been designated as a trustee and wish to be removed, please contact privacy@brightleft.com.
11. Cookies
We use a minimal set of strictly-necessary cookies for authentication. We do not use advertising or analytics cookies without consent. See our Cookie Notice for details.
12. Changes to this policy
Material changes will be communicated by email at least 30 days in advance. Minor editorial changes will be reflected in the “Last updated” date above.