Privacy Policy
UK GDPR, Data Protection Act 2018, and Data (Use and Access) Act 2025 Compliant
Table of Contents
Brianni Ltd. ("Brianni", "we", "us", or "our"), registered in the United Kingdom, provides a digital legacy management service. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our services.
Legal Framework
This policy complies with UK GDPR, Data Protection Act 2018, and Data (Use and Access) Act 2025
1. Data Controller
Brianni Ltd. is the data controller of your personal information.
For questions, contact us at: privacy@brianni.co
2. Information We Collect
We collect and process the following categories of information:
Account Information
Name, email address, login credentials.
Authentication Data
Passkey credentials and authentication tokens (biometric authentication occurs locally on your device and is never transmitted to our servers).
Vault Content
Your digital legacy files, documents, and personal data stored using end-to-end encryption with zero-knowledge architecture - we cannot access, decrypt, or read this content.
Metadata
Basic file information such as titles, descriptions, and tags (stored unencrypted to enable search, organization, and service functionality).
Executor and Recipient Information
Contact details provided by you to enable legacy package delivery.
Subscription & Payment Information
Billing details processed securely by our payment provider.
Device & Technical Data
Basic device and connection data needed for service functionality and security.
Communications
Support requests, feedback, or other messages you send us.
Children's Data
We do not knowingly collect information from children under 16. Under the Data (Use and Access) Act 2025, we take particular care to consider children's needs and rights when designing our services, even though our platform is intended for adults only.
3. How We Use Your Information
We process your information for the following purposes:
- To provide and maintain your account.
- To enable secure authentication through passkeys and device-based security features.
- To store your vault content using end-to-end encryption (we cannot access this encrypted data).
- To process metadata for search, organization, and service functionality.
- To enable executor verification and recipient access.
- To deliver communications related to your account and service.
- To process payments and manage subscriptions.
- To detect and prevent fraud, security breaches, or misuse.
- To comply with legal obligations.
- With your consent, to send you optional service updates or marketing.
4. Legal Bases for Processing (UK GDPR / EU GDPR)
We rely on the following legal bases:
Contract
To provide the services you request.
Legal Obligation
To comply with law (e.g., tax, accounting).
Legitimate Interests
Specifically:
- Account security and fraud prevention
- Service improvement and system maintenance
- Processing metadata for search and organizational functionality
- Prevention of unauthorized access
- Secure authentication and access control
Consent
For optional marketing communications (where applicable).
6. International Transfers
Your information may be processed outside the UK/EEA. Where transfers occur, we ensure appropriate safeguards (such as Standard Contractual Clauses or adequacy decisions) are in place to protect your data.
7. Data Retention
We keep your information only as long as necessary:
- Account data: For as long as your account is active.
- Authentication credentials: Stored securely until you remove them or delete your account.
- Vault content: End-to-end encrypted data retained until account deletion (we cannot access this content).
- Metadata: Retained to enable search and organization functionality until account deletion.
- Executor/recipient contact details: Until legacy package delivery is complete or account is deleted.
- Payment data: As required by law (typically 7 years for financial records).
- Communications: As long as needed to respond to support or inquiries (typically 2 years maximum).
When data is no longer required, it is securely deleted.
8. Your Rights
Under UK and EU data protection law, you have the right to:
- Access your personal data.
- Request correction of inaccurate data.
- Request deletion ("right to be forgotten").
- Request restriction of processing.
- Object to processing in certain circumstances.
- Request data portability.
- Withdraw consent where processing is based on consent.
Making a Complaint
If you have concerns about how we handle your personal data, you can:
- • Contact us directly using our electronic complaint form at complaints@brianni.co
- • We will acknowledge your complaint within 30 days and respond without undue delay
- • You may also lodge a complaint with the Information Commissioner's Office (ICO) in the UK, or with your local data protection authority.
9. Security
We use technical and organizational measures to protect your information against unauthorized access, disclosure, alteration, or destruction. Your vault content is protected using end-to-end encryption with zero-knowledge architecture, meaning we cannot access, decrypt, or read your stored files and personal data. Authentication is secured through industry-standard protocols, with sensitive authentication processes handled by your device's secure hardware.
10. Updates to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated to you by email or through the service at least 30 days in advance.
11. Contact
If you have questions about this Privacy Policy or how your information is handled, please contact us at:
Brianni Ltd.
Email: privacy@brianni.co
For data protection matters specifically, you may also contact our Data Protection Officer at: dpo@brianni.co