Last updated: 13 February 2026
This Privacy Policy explains how Plan My Estate ("we", "us", or "our") collects, uses, stores, and protects your personal data when you use our online Will and Lasting Power of Attorney generation service. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Plan My Estate is a UK-based online service that provides professional legal document preparation tools, including Islamic and Standard Wills, and Lasting Powers of Attorney (LPAs) for Property & Financial Affairs and Health & Welfare.
For the purposes of data protection law, we are the data controller of the personal data you provide to us through our service.
Contact details:
We collect and process the following categories of personal data in order to provide our document generation services:
Some of the data we collect falls within "special categories" of personal data as defined by Article 9 of the UK GDPR. This includes:
We process special category data on the basis of your explicit consent under Article 9(2)(a) of the UK GDPR. You provide this consent when you voluntarily enter this information into our forms. You may withdraw your consent at any time by contacting us or deleting your data from the platform.
We collect and process your personal data for the following purposes:
| Purpose | Description |
|---|---|
| Document generation | To generate legally compliant Wills and Lasting Powers of Attorney based on the information you provide |
| Account management | To create and manage your user account, authenticate your identity, and provide access to the service |
| Service delivery | To save your progress, allow you to return to incomplete documents, and store completed documents for your future reference |
| Solicitor collaboration | To enable solicitors to manage client records and prepare documents on behalf of their clients, where applicable |
| Service improvement | To understand how our service is used and to improve its functionality and user experience |
| Legal compliance | To comply with our legal and regulatory obligations, including record-keeping requirements |
We rely on the following legal bases under Article 6(1) of the UK GDPR to process your personal data:
| Legal Basis | When It Applies |
|---|---|
| Consent — Art. 6(1)(a) | When you voluntarily provide personal data through our forms, and for the processing of special category data (religious beliefs, health data) under Art. 9(2)(a) |
| Contract performance — Art. 6(1)(b) | To provide the document generation service you have requested, including account creation, document storage, and service access |
| Legitimate interest — Art. 6(1)(f) | For service improvement, security monitoring, and fraud prevention, where our interests do not override your rights and freedoms |
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it.
We use minimal cookies. Our service does not use third-party analytics cookies or advertising trackers.
We do not currently use any third-party analytics services. Should this change in the future, we will update this policy and obtain your consent where required.
For more information, please see our Cookie Policy.
We retain your personal data in accordance with the following retention schedule:
| Data Category | Retention Period |
|---|---|
| Account information | Retained while your account is active, plus 7 years after account closure or inactivity |
| Will and LPA document data | Retained while your account is active, plus 7 years after account closure (in line with legal document retention best practice) |
| Authentication logs | Retained for up to 12 months |
The 7-year post-closure retention period reflects standard practice for legal document records in the UK. After this period, your data will be securely deleted.
You may request deletion of your data at any time by contacting us at [email protected]. We will comply with erasure requests in accordance with your rights under the UK GDPR, unless we have a lawful obligation to retain certain data.
We do not sell your personal data to any third party.
We may share your data with the following parties, only to the extent necessary to deliver our service:
| Recipient | Role | Purpose |
|---|---|---|
| Supabase Inc. | Data processor | Provides the database infrastructure and authentication service that stores and processes your data on our behalf. Supabase operates under a Data Processing Agreement (DPA) with appropriate safeguards. |
| Solicitors / Legal professionals | Authorised by you | If you choose to work with a solicitor through our platform, your document data may be shared with them to facilitate the preparation and review of your legal documents. This sharing only occurs with your explicit authorisation. |
We may also disclose your data if required to do so by law, regulation, legal process, or enforceable governmental request.
Under the UK GDPR, you have the following rights in relation to your personal data:
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, as required by law.
Our service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you are under 18, please do not use our service or provide any personal data to us.
If we become aware that we have collected personal data from a child under 18 without appropriate parental consent, we will take steps to delete that data as soon as reasonably possible.
Your data is primarily stored in Supabase's EU-region data centres. However, in certain circumstances, your data may be processed outside the United Kingdom or the European Economic Area (EEA).
Where international transfers occur, we ensure that appropriate safeguards are in place to protect your data in compliance with UK GDPR requirements. These safeguards may include:
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service functionality. When we make material changes, we will:
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
If you have any questions about this Privacy Policy, your personal data, or wish to exercise your data protection rights, please contact us:
We aim to respond to all enquiries within 5 working days, and to formal data protection requests within one calendar month.
If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the UK's supervisory authority:
We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.