Privacy Policy

Legacy Share, LLC Privacy Policy

Effective Date: May 1, 2023

This privacy policy (“Policy”) explains how all information, including information about you, is collected, used, and disclosed by Legacy Share, LLC, a Massachusetts limited liability company, and its subsidiaries (collectively, “LegacyShare,” “we,” “us,” or “our”). We own and operate our website https://legacyshares.com (the “Site”) to provide a secure estate planning file management and sharing platform (collectively, the “Services”). This Policy covers your use of the Site and Services, as well as all other interactions (e.g., customer service inquiries, user conferences, etc.) you may have with us. By accessing the Site or using the Services, you agree to our collection, use, and disclosure of your information as outlined in this Policy. If you access our Services because you were designated as a keyholder (“Keyholder”) by a friend or relative (our “Customer”), please note that this data and your information are controlled by the Customer and we process this data at their direction.

If you do not agree with the terms, do not access or use the Services, Site, or any other aspect of our business.

1. Information We Collect

When you access our Site or use the Services, we collect and store certain information about you, including Personal Information (defined below), your IP address, and standard web log information, such as your browser type and the pages you accessed on our website. We also may collect Geolocation Information (defined below). This information may be collected and stored by LegacyShare directly, or through one or more of our trusted third-party service providers who collect and process such information on our behalf. If you do not agree to our collection of this information, you may not be able to use our Services. Personal Information is information that, alone or in combination with other information in our possession, could be used to personally identify you. We collect the following categories of Personal Information and other information as described below.

a. Information You Provide

Information You Provide Directly. We may collect or receive the following categories of Personal Information when you or the Customer accesses the Site, requests to receive information about LegacyShare or its Services, creates an account, responds to an identity verification request, uses any of the Services, or otherwise communicates with us, including through customer support channels.

• Account Information, collected and stored through a trusted third-party provider and otherwise inaccessible by LegacyShare, such as:
  • Name, email address, phone number, birthdate, and other relevant contact information
  • Identity verification information, such as driver’s licenses and passports
  • A list of Keyholders, their relationship to the Customer, and their contact information
  • Estate planning and other relevant legal, health, and account documents of and relating to the Customer

• Payment Information, collected and stored through a trusted third-party provider and otherwise inaccessible by LegacyShare, such as:
  • Credit card information
  • ApplePay information
  • PayPal account information
  • Referral codes

• Hardcopy documents, including any other accompanying information and materials, you mail to us to upload to your account on your behalf, which we will securely destroy once such uploads are complete.

Other Information You Voluntarily Choose to Provide. We may collect your user content (“User Content”), including content that you post, upload, or otherwise share or integrate with the Services. You may choose to integrate your Services account with certain third-party services or by opting to upload certain of your information into the Services, but these integrations are not required to use LegacyShare. No such integrations happen by default; they must be initiated by you. If you choose to connect the Services with a third-party service, you give us permission to store your log-in credentials for that service and to access and use your information from that service as permitted by that service, and you can revoke authorization for such integrations through your account or by contacting us.

We may also collect information, including Personal Information, that you voluntarily provide to us when you:

• participate in surveys, referrals, or promotions;
• sign up for our newsletter;
• register for, attend, or participate in conferences, webinars, or events;
• provide us feedback or comment on our blogs or social media pages;
• submit information to us so that we can assess potential business opportunities;
• apply for a job position with us.

b. Information We Automatically Collect

We automatically collect certain information when you access the Site or use the Services.

• Electronic & Online Identifiers (IDs), such as:
  • If on a mobile device: mobile carrier, device IDs, and mobile advertising IDs;
  • If using a browser: operating system, browser type;
  • Internet Protocol (IP) address.
• Geolocation Information, such as approximate location derived from IP address (if using a browser). This includes information that identifies with reasonable specificity your location by using, for instance, longitude and latitude coordinates obtained through GPS, Wi-Fi, or cell site triangulation. We will collect this data for fraud and risk purposes. If you do not agree to our collection of Geolocation Information, our Services may not function properly when you try to use them. For information about your ability to restrict the collection and use of Geolocation Information to enhance our Services, please refer to the settings available in your device.
• Internet Activity Information, such as:
  • Your “log-in” and “log-out” information;
  • The pages that you visit before, after, and while using our Services;
  • Pages you visit, links you click, and the content you view on the Site;
  • Other log file information, which may include your web request, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information.

Single Sign-On Information (SSO) allows us to verify your authorized access to the Services from another service you use and with which we partner, such as your email.

We collect information using Tracking Technologies, such as:

• Cookies, which are small text files that websites send to your computer or mobile device. This includes session cookies (which are deleted once you close your browser) and persistent Cookies (which remain on your computer or device until you delete them or they expire). Read more about your choices when it comes to Cookies in Part 5 of this Policy.
• Pixel tags (also known as web beacons), which are pieces of code embedded in our Services that collect information about engagement on our Site or emails. To make it easier, we call cookies and pixel tags/web beacons “Tracking Technologies”.

We use the third-party analytics tools, including:

• Google Analytics. For more information, visit Google Analyticsʼ Privacy Policy;

We use Tracking Technologies for the following purposes:

• when it is operationally necessary for us to provide you access to our Site or Services. This also includes tracking behavior in order to protect against irregular, fraudulent, or possibly illegal behavior on our Site or Services;
• to assess the performance of how you and others use our Site and Services (for more information, read the Analytics section below);
• to enhance the functionality of our Site or Services. This includes identifying you when you sign into our Services and keeping track of your preferences, interests, or past items viewed;
• to target our advertising to you using Tracking Technologies that we or our third-party partners place on our Site or other websites.

Our Services may contain social media buttons and email integrations such as Facebook, Linkedin, Twitter, Instagram (that might include widgets such as the “share this” button or other interactive mini programs) and Gmail. These features may collect your IP address, which page you are visiting on our Services, and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policy of the company providing it.

c. Information from Third Parties

We may collect and receive information about you, including Personal Information, from third parties, such as your name, contact information, relationship to the Customer, and other information from sources such as the Customer, Keyholder(s), attorneys, accountants, financial advisors and our service providers authorized by the Customer, for the purposes described in this Policy. In addition, we may receive demographic and business industry information about you from third parties to help us better understand our users and to improve and market the Services. We may use Stripe as a third-party service provider to collect and process payment information with and from you and applicable financial institutions or payment methods. By connecting your account to Stripe, you acknowledge and agree that such information will be treated in accordance with Stripeʼs terms and policies.

2. How We Use Your Information

We use information that we collect about you for the following purposes:

• To develop and provide you with the Site and Services, including to:
  • operate the Site, manage accounts, and provide the Services;
  • determine your eligibility for our Services;
  • improve, personalize, and enable your use of the Site and Services;
  • create an account connection between your LegacyShare account and a third-party account or platform;
  • develop new products and features.

• To protect LegacyShare, our users, and the public, and comply with applicable law, regulation, or legal process, including to:
  • validate user information for fraud and risk detection purposes;
  • resolve disputes and protect the rights of users and third parties;
  • respond to claims and legal process (such as subpoenas and court orders);
  • monitor and enforce compliance with the applicable Terms;
  • prevent or stop any activity that may be illegal, unethical, or legally actionable.

• To operate our business, including to:
  • process payment transactions;
  • manage and enforce contracts with you or with third parties;
  • resolve disputes, collect fees, and troubleshoot problems;
  • prevent potentially fraudulent, prohibited, or illegal activities, and enforce our Terms;
  • manage our corporate governance, compliance, and auditing practices;
  • recruit new hires, if you submit an application for employment with LegacyShare;
  • generate anonymized or aggregated data.

• To communicate with you as part of your use of Services, including to:
  • respond to requests or questions you submit to our support staff;
  • send you surveys and get your feedback about the Services;
  • otherwise contact you with Services-related notices.
• To advertise and market to you, including to:
  • determine your eligibility for certain programs, events, and offers;
  • inform you of our or our partnersʼ products, services, features, or promotions;
  • provide you with newsletters, articles, reports, and announcements.
• To infer or generate information about you.
• For any other purpose for which you, the Customer, or the Keyholder expressly authorize us to use your information.

3. How We Share Your Information

We will only share your information with the categories of third parties listed below for the purposes described in Part 2 of this Policy, unless otherwise noted at the point of collection.

• LegacyShare service providers that have signed an agreement with us that limits how they use your information and promises to keep your information confidential. Examples include companies or organizations that provide services such as website hosting, customer management, and customer service;
• Other Users for the purpose of operating, improving, and providing the Services, including to manage the Keyholder relationships and account transitions, such as contacting the Keyholder(s) with information about how to access documents and account information;
• Other parties under the circumstances described below:
  • for legal reasons, including:
    • with companies that verify your identity for us and detect fraud;
    • with legal and financial advisors, auditors, examiners, and certain (including potential) investors;
    • with companies that may acquire us, if we are involved in a merger, acquisition, or sale of assets.
  • to comply with applicable law, regulation, or legal process, including to:
    • comply with law enforcement or national security requests;
    • comply with legal process, such as a court order or subpoena (including in a country other than your home country);
    • protect your, our, or othersʼ rights, property, or safety;
    • enforce our policies or contracts and collect amounts owed to us;
    • assist with an investigation or prosecution of suspected or actual illegal activity.
  • to further public policy goals, including:
    • publishing reports that incorporate aggregated, non-personally identifiable information about customer attributes, transactions, and behavior;
    • sharing data containing aggregated and/or non-personally identifiable customer information with nonprofit or non-partisan organizations, academic institutions, think tanks, trade associations, consultancies, or similar organizations, only if they have signed an agreement with us that restricts how they can store, access, share, and use the information.
  • for any other purpose and to any other person with whom you, the Customer, the Keyholder(s), or the Customer’s agent expressly authorize us to share such information.

4. Your Privacy Choices & Rights

If you have an account with LegacyShare, you can review and update your Personal Information in the account settings at any time by logging in to your account. Keyholders may have additional requirements, restrictions, or policies, and should contact the Customer or Customer’s agent for additional information and guidance.

a. Notice to Keyholders

If you are designated as a Keyholder by a Customer and want to change or restrict the information we store about you on our Site or Services, you may opt out or decline the designation by contacting us at support@legacyshare.com. We may retain your information after you have opted out for recordkeeping, processing your request to opt out, and/or if retention is necessary to comply with legal obligations, regulatory requirements, or to prevent fraud or abuse.

b. Notice to Non-U.S. Users

We are a U.S.-based company and only intend to provide our Services to Customers in the U.S. However, you may have additional rights based on your home country or location. LegacyShare is committed to complying with all laws and regulations that may apply to LegacyShare’s collection, use, and disclosure of Personal Information. For example, data located in the EU may be subject to the General Data Protection Regulation (“GDPR”), which allows for eligible data subjects to withdraw their consent to the collection and processing of Personal Information, as well as to exercise the following rights:

• Right to be Informed.
• Right to Access.
• Right to Rectify.
• Right to Erasure.
• Right to Restrict Processing.
• Right to Data Portability.
• Right to Object.
• Rights related to Automated Individual Decision-Making and Profiling.

Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. If you believe you are entitled to certain rights based on your home country or location, please contact us by email at support@legacyshare.com. You may also have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority.

Our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it. However, we will normally collect or process Personal Information from you only where we have your consent to do so, where we need the Personal Information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Information from you or may otherwise need the Personal Information to protect your vital interests or those of another person.

c. Notice to California Consumers

California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information’ (if any, and as defined under applicable California law) for such third parties’ direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request to support@legacyshare.com.

This Supplemental California Privacy Notice only applies to our processing of Personal Information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA specifies that natural persons who are California residents have the right to know what categories of Personal Information LegacyShare has collected about them and whether LegacyShare has disclosed or sold that Personal Information for a business purpose (e.g., to a service provider) in the preceding twelve (12) months. For purposes of the CCPA, LegacyShare does not “sell” Personal Information, nor do we have actual knowledge of any “sale” of Personal Information of minors under 16 years of age. As of the Effective Date of this Policy, LegacyShare does not qualify as a “business” for purposes of the CCPA.

Categories of Personal Information we may collect about you:

• Identifiers (ex: name, email address, mailing address, phone number, signature, birthdate);
• Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (ex: Social Security number, passport number, driverʼs license or state identification card number, insurance policy number, financial information, medical information, or health insurance information);
• Protected classification characteristics under California or federal law (ex: age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, gender, sex, sexual orientation, veteran or military status, genetic information (including familial genetic information);
• Commercial information (ex: sales engagement history);
• Internet or other electronic network activity information (ex: IP address, unique personal identifier, web history, advertising history);
• Geolocation Information (ex: the location from which you log in);

Categories of third parties with whom we may share that information:

• LegacyShare service providers as described in Part 3 of this Policy;
• Keyholders as described in Part 3 of this Policy.

Right to Non-Discrimination for the Exercise of a Consumerʼs Privacy Rights:

You have the right not to receive discriminatory treatment from us for exercising the privacy rights granted by the CCPA.

d. Notice to Nevada Residents

If you are a resident of Nevada, you have the right to opt out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth below.

e. Verifiable Consumer Requests

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. In order to verify your request, we will ask you to provide your name, email address, and certain other pieces of identifying information. Once you or your authorized agent has submitted the requested information and any necessary supporting documentation, we will confirm the information by reviewing it against our records. The only purpose for which we will use such submitted information is to verify your identity and once the submitted information has been used for that purpose, it will be deleted from our records in accordance with this Policy. To designate an authorized agent, please contact us as set forth below.

5. How We Protect & Store Your Information

We store and process your Personal Information using third-party servers located in data centers in the United States. We employ administrative, physical, and technical safeguards, including firewalls, data encryption, and two-factor authentication, which are designed to protect your information from unauthorized access and to comply with applicable privacy laws where we operate. Your Personal Information will be kept on our servers or on those of our service providers and only those employees that require it for the purposes of their duties will have access to your Personal Information. We have also implemented controls that require our third-party service providers and partners to have appropriate procedures to protect your Personal Information.

However, despite these efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed to prevent any unauthorized interception, access, disclosure, alteration, destruction, or other type of misuse. We also depend on you to protect your information. Therefore, we urge you to take adequate precautions to protect your personal data as well, including never sharing your account password or other sensitive or confidential information with anyone. If you become aware of any breach of security or privacy, please notify us immediately. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.

If LegacyShare learns of a systems security breach, we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Services, you agree that we may communicate with you electronically. We may post a notice on the Site or through the Services if a security breach occurs. We may also send an email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice of a security breach), please contact us.

a. International Data Transfers

All information processed by LegacyShare or our service providers may be transferred, processed, or stored anywhere in the world, including in countries that may have data protection laws that are different from the laws where you live. Your information may be accessible to the courts, law enforcement, and national security authorities of the United States. We endeavor to safeguard your information consistent with the requirements of applicable laws. If your Personal Information is transferred to a country other than your home country, we will take measures to protect your Personal Information with appropriate contract clauses. To obtain more information about our policies and practices with respect to service providers outside your country, please contact us as set forth below.

b. Data Retention

We retain Personal Information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements). When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

c. Links to Third-Party Sites

The Services may contain links to (or allow you to link to) other third-party services or websites. LegacyShare does not control the information collection of third-party services or websites that can be reached through such links. This Policy only covers the privacy practices of LegacyShare. It does not apply to the practices of third-party websites, services, or applications, even those who we have partnered or integrated with. We encourage you to be aware when you are linking to a third-party service or website and to read the privacy statements of any third-party service or website that collects personally identifiable information. Third-party services handle your information in accordance with their own practices and privacy policies. We are not responsible for their policies, practices, or handling of your information.

6. Cookies & Do-Not-Track Signals

When you visit or use our Site, Services, or visit a third-party website for which we provide online services, we and certain business partners and vendors may use cookies and other tracking technologies (collectively, “Cookies”). We use Cookies to recognize you as a customer; customize the Services and other content; measure the effectiveness of promotions; perform a wide range of analytics; mitigate risk and prevent potential fraud; and to promote trust and safety across our Services. Certain Services are only available through the use of Cookies, so if you choose to disable or decline Cookies, your use of certain Services may be limited or not possible.

Do-Not-Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. We do not respond to DNT signals.

7. Information About Children

The Services are not directed to children under the age of 18. If we obtain actual knowledge that we have collected Personal Information from a child under the age of 18, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of 18.

8. Changes to this Policy

LegacyShare is always improving, and we may occasionally modify or update this Policy accordingly. Any information that we collect is subject to the policy in effect at the time such information is collected. We may, however, modify and revise this Policy from time to time. If we make any material changes to this Policy, we may use the email address or other Personal Information you’ve provided to us to notify you of such changes, post a notification on the Site, or provide a notification through the Services, and we will indicate when such changes will become effective in any such notice. It is your responsibility to periodically monitor and review this Policy and any changes we make. By continuing to access or use the Site or the Services after those changes become effective, you agree to be bound by the revised policy.

9. Contact Information

If you have questions or concerns regarding this Policy, or any feedback pertaining to your privacy and the Services that you would like us to consider, please email us at support@legacyshare.com or reach out to us at:

LegacyShare, LLC
Attention: Customer Service
P.O. Box 2693
Providence, RI 02906