Privacy

Privacy policy

How we process your personal data. GDPR-aligned. Operated from Spain.

Important — informational translation. Leggado is operated from Spain under EU law (GDPR, LSSI, LOPDGDD). This English version is provided for understanding only; the Spanish version is the legally binding one. In case of any inconsistency, the Spanish text prevails. For Spanish version, visit the corresponding page (link at the end of this document).

1. Data controller

Controller: Ángel Seisdedos Gavira (ICAS 15891), Seville, Spain. Contact: legal@leggado.digital.

2. What we process and why

We process the personal data you provide when registering and using Leggado: identifying data, contact data, encrypted credentials and digital-asset information, custodian information, billing data. The purpose is to operate the service as you've contracted it.

  • Service delivery — legal basis: contract (Art. 6.1.b GDPR).
  • Billing and tax compliance — legal basis: legal obligation (Art. 6.1.c GDPR).
  • Service improvement and security — legal basis: legitimate interest (Art. 6.1.f GDPR).
  • Commercial communications — legal basis: consent (Art. 6.1.a GDPR), revocable at any time.

3. Special categories of data

If you enter health data, religious beliefs, or other Art. 9 GDPR categories (e.g., in messages or instructions), the legal basis is your explicit consent (Art. 9.2.a GDPR). You may withdraw it at any time.

4. Retention

We keep data for the duration of the contract and the legal periods after termination (tax: 4–6 years; consumer claims: up to 5 years in Spain). Death-related records are retained as long as needed to fulfill the verification obligation.

5. Recipients

We don't sell or rent data. Processors we use (sub-processors): EU hosting provider, payment processor (Stripe), transactional email provider (Mailgun). A current list is available on request.

6. International transfers

Servers are in the European Union. Where a US-based subprocessor is unavoidable (e.g., Stripe), we rely on Standard Contractual Clauses (SCCs) under Art. 46 GDPR.

7. Your rights

Access, rectification, erasure, restriction, objection, portability, and not to be subject to fully automated decisions producing legal effects. Exercise them at legal@leggado.digital. You may also lodge a complaint with the Spanish Data Protection Agency (AEPD).

8. Post-mortem rights

After your death, rights are exercised by people you've designated or by your heirs, subject to verification and the limits of Art. 3 LOPDGDD. See post-mortem verification.

9. Security

We apply technical and organizational measures: encryption at rest (AES-GCM), access controls, audit logging, EU-only hosting, regular backups. See security policy.

📜 Binding Spanish version: Roadmap/privacidad