Privacy policy.

This Privacy Policy explains how Rest Easier Limited ("Rest Easier", "we", "us", or "our") collects, uses, and protects your personal data when you use our platform and services.

This policy applies to all users of the Rest Easier platform, including employees whose employers provide access as a benefit, and their invited family members or partners.

Rest Easier Limited is a financial wellbeing platform registered in England and Wales. We are the data controller responsible for your personal data.

Company details
Rest Easier Limited
Company Number: 14460952
Registered Office: 1619 London Road, Leigh-On-Sea, England, SS9 2SQ
ICO Registration: ZB536472
VAT Number: 434 7182 92

If you have questions about how we handle your data, please contact us at help@resteasier.co.uk.

We use your personal data to:

• Provide access to the Rest Easier platform and its features
• Calculate and display your Peace of Mind Score
• Deliver personalised financial education content
• Help you create and store wills, LPAs, and other protection documents
• Provide guidance and recommendations based on your life stage and goals
• Securely store your documents in encrypted form
• Communicate important updates about your account or our services
• Provide customer support when you contact us
• Improve our platform through anonymised usage analytics
• Meet legal and regulatory obligations

We collect personal data in the following ways:

• Directly from you: When you create an account, complete your profile, input information about your financial situation, or create documents through our platform.
• From your employer: Basic information such as your work email address when they provide you with access to Rest Easier as an employee benefit.
• Automatically: Technical data such as IP address, browser type, and usage patterns when you interact with our platform.
• From third parties: Authentication services (if you choose to sign in via Google or other providers) and payment processors for billing purposes.

We process your personal data under the following legal bases:

• Contractual necessity: To provide the services you or your employer have contracted with us for.
• Legitimate interests: To improve our platform, prevent fraud, and ensure security.
• Consent: For certain communications and optional features where we ask for your explicit permission.
• Legal obligation: To comply with applicable laws and regulations.

The types of personal data we collect include:

• Identity data: Name, date of birth, title.
• Contact data: Email address, postal address, phone number.
• Account data: Username, password (encrypted), account preferences.
• Financial and life circumstances: Information about your pension, savings, family situation, housing status, and other details you provide to receive personalised guidance.
• Documents: Wills, LPAs, trust documents, and other legal documents you create or upload.
• Usage data: Information about how you use our platform, including pages visited, features used, and time spent.
• Technical data: IP address, browser type and version, device information, operating system.
• Communications: Records of your correspondence with our support team.

We only keep your personal data for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, or reporting requirements.

Typical retention periods:

• Active accounts: We retain your data for as long as your account remains active.
• Closed accounts: After you close your account, we retain certain data for up to 7 years to meet legal and regulatory obligations.
• Documents: Documents you create are retained until you delete them or close your account.
• Marketing data: Until you unsubscribe or request deletion.

We may share your personal data with:

• Your employer: We provide anonymised, aggregated statistics about platform usage and engagement to employers who provide Rest Easier as a benefit. We do not share individual user data or details about your personal circumstances.
• Service providers: Third parties who help us deliver our services, including:
  • Hosting Providers: Amazon Web Services
  • Website and Learn Portal: Lovable
  • Communication Services: SendGrid (Twilio)
  • Transactional Email: Resend
  • Customer Support Tools: Zendesk
  • Payment Processing: Stripe
  • Phone Number Validation: Neutrino API
  • Address Lookup: Ideal Postcodes
• Legal authorities: If required by law or to protect our legal rights.
• Business transfers: In the event of a merger, acquisition, or sale of assets.

We never sell your personal data to third parties for their marketing purposes.

Your personal data is stored and processed within the United Kingdom and the European Union.

Our core application database infrastructure is hosted in Amazon Web Services (AWS) availability zones in London, UK. Certain services are hosted within AWS data centres in the European Union, including Ireland (eu-west-1). In addition, some application infrastructure and supporting services are hosted within EU data centres, including Frankfurt, Germany.

This means your data is primarily processed within the UK and EU and is subject to UK GDPR and EU GDPR protections.

In limited cases, certain service providers (such as customer support tools or payment processors) may process personal data in the United States or other jurisdictions. Where we transfer personal data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner
• Adequacy decisions recognising equivalent data protection standards
• Certifications such as the EU-U.S. Data Privacy Framework (where applicable)

We use cookies and similar technologies to improve your experience on our platform. Cookies are small text files stored on your device that help us:

• Keep you signed in
• Remember your preferences
• Understand how you use our platform
• Improve performance and security

You can control cookie settings through your browser preferences. Note that disabling certain cookies may affect platform functionality.

Our platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete it.

We take data security seriously and implement appropriate technical and organisational measures to protect your personal data, including:

• 256-bit encryption for data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and penetration testing
• SOC 2 compliance
• Staff training on data protection and security practices
• Incident response procedures

While we implement robust security measures, no system is completely secure. If you suspect unauthorised access to your account, please contact us immediately at help@resteasier.co.uk.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. When we make significant changes, we will notify you via email or through a prominent notice on our platform.

The "Last updated" date at the top of this policy indicates when it was most recently revised. We encourage you to review this policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us: