What does ‘bank-grade’ security / encryption mean?

We understand trust is the foundation of our relationship with our customers. We value the confidence you have put in us and take the responsibility of protecting your information seriously. Respect for security and privacy has been built with our business since the beginning. We have ensured the very best security measures and practices have been implemented to protect sensitive information. ‘Bank-level’ security means Legado adheres to the same or better security encryption standards as your bank. We routinely conduct security audits to ensure we meet these standards at all times. In additional to routine internal audits, we pay third parties to conduct additional security testing and external assessments to ensure the highest possible standards of security. 

Securing your Data at Rest We encrypt your data at rest, meaning when the data is in your Legado vault, only you can access it.

Securing Your Data in Transit Legado employs several security measures to help safeguard the authenticity, integrity and privacy of data in transit. Data in transit is when your data is moving over the internet from the user to Legado. When it is moving, it is encrypted and no one is able to read that information. 

Contact and Adviser Access Your Nominees and Advisers will have only have access to what you choose to share with them. You can revoke access to this at any time.

Legado Access (End-to-end encryption) Our team will have no access to view your files. Your files and documents are secured with locks, and only you have the special keys required to unlock and view your files and documents. For additional protection and security, every file has a unique lock and key.

Who will have access to my sensitive personal information?

Your security and privacy are our highest priority at Legado. Our team at Legado, our developers and engineers and anyone we work with has no access to your sensitive personal information. Our team has access only to data which is necessary to help you access your Legado account (by activating confirmation emails, for example) and to help you restrict access to your account (such as removing and limiting a Contact’s access). Legado maintains a comprehensive audit trail (also called an audit log). This is a chronological record which is frequently assessed to monitor account access, this could be advisers or contacts.

What happens to my information/data if I want to delete my Legado account?

If you decide you would like to delete your Legado account you can do so by logging into your account and clicking the ‘Account’ icon on the top right, then click on ‘Delete my data’. You will be required to re-enter your password to confirm you would like to Delete your data and close your account.  By clicking the ‘Delete my data’ button, all of your personal and vault information will be completely deleted from the live website immediately. Your information will be fully deleted from our backups during the next operational purge, which normally takes place within 48 hours. Note: We may retain your name, email address and the date/time your account was deleted on record, so we have the ability to answer any future queries about what happened to your account.

What happens to my personal information if I die?

Your personal information will be held for up to twelve months following the death of a user. After this, all data and information we hold will be removed. If you have set up After-Death sharing then these users will have read-only access to your data for this twelve-months, providing the process to inform us of your passing has taken place.