Skip to main content

Privacy Policy

How we collect, use and protect your data.

Introduction

This Company (Digital) Limited (“we”, “us”, “our”), trading as Tidy Affairs, is committed to protecting your privacy. This policy explains how we collect, use and protect your personal data when you use our service. We are registered in England and Wales (Company No: 11365195) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

This Company (Digital) Limited is the data controller for your personal data. Our registered address is in England and Wales. For data protection queries, please contact us.

What data we collect

We collect:

  • Your email address (encrypted at rest)
  • Your display name
  • Information about your key holders (their names and email addresses, encrypted at rest)
  • Your encrypted documents (end-to-end encrypted — we cannot read them)
  • Security questions and answers (answers are hashed, not stored in plaintext)
  • Payment and membership information (processed via Stripe — we store a customer reference and transaction records, but never your card details)
  • Device and session information for security purposes
  • IP addresses for security monitoring
  • Account preferences (such as notification settings and timezone)
  • Activity logs for audit purposes

How we use your data

We use your data to:

  • Provide and operate the Tidy Affairs service
  • Send you login links and security notifications
  • Send check-in reminders at your chosen frequency
  • Facilitate the collection process for your key holders
  • Monitor and protect the security of your account
  • Send essential service communications

Legal basis for processing

We process your data on the following bases:

  • Contract — to provide the service you’ve paid for
  • Legitimate interests — security monitoring, fraud prevention
  • Consent — for optional communications
  • Legal obligation — where required by law

Data storage

All data is stored on UK-based infrastructure, managed by a UK hosting company, under UK jurisdiction. We do not use big-tech cloud platforms or overseas data centres. For details of how we protect your data, see our Security page.

Data sharing

We do not sell, share, trade or rent your personal data to any third party. We do not use advertising networks, analytics platforms or marketing services that process your data.

We may disclose personal data where required to do so by law or in response to a valid legal request from a law enforcement authority or regulatory body. Where possible and legally permitted, we will notify you before such disclosure. Due to the end-to-end encryption of your documents, any such disclosure would not include the contents of your encrypted vaults, as we do not hold the keys to decrypt them.

Data retention

Your account data is retained for as long as your account is active. If you delete your account, all data is permanently removed.

Inactive account retention

Inactive accounts are retained for a period that depends on account type:

  • Free accounts: 1–2 years
  • Individual accounts: 3–5 years
  • Business accounts: retained while the subscription remains active

Accounts with vaults and accepted key holders are retained longer within these ranges.

For accounts that have had documents collected, the account is guaranteed to remain active for at least 3 years from the date of the first collection.

After the retention period, inactive accounts and all associated data are permanently deleted.

A warning email is sent to the account holder and all accepted key holders 30 days before deletion would be due.

The account holder logging in confirms an account as being active and prevents account deletion.

Your rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Restrict processing of your data
  • Data portability
  • Object to processing
  • Withdraw consent

To exercise any of these rights, please contact us or use the account settings in your dashboard.

Changes to this policy

We may update this policy from time to time. We will notify registered users of any significant changes by email.

Contact us

If you have questions about this privacy policy or how we handle your data, please contact us.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk (opens in new tab) if you believe your data has been handled incorrectly.

Last updated 7 February 2026.