Security

Important — informational translation. Leggado is operated from Spain under EU law (GDPR, LSSI, LOPDGDD). This English version is provided for understanding only; the Spanish version is the legally binding one. In case of any inconsistency, the Spanish text prevails. For Spanish version, visit the corresponding page (link at the end of this document).

How we care for what you trust us with

Leggado stores delicate information — family data, account references, instructions for when you are no longer around. Security is not a separate chapter: it is the backbone of the whole platform.

🔐

Encryption at rest

Sensitive data (references, stored credentials, final messages) is encrypted with AES-256-GCM and a random IV per record. Keys are managed outside the source code.

🔒

Encryption in transit

All traffic uses TLS 1.2+ with modern ciphers. HTTPS is enforced on all subdomains and HSTS is applied.

🛡️

Strong passwords

Minimum 10 characters and a check against known breach databases (HIBP) at signup and on password change. We block compromised passwords.

📲

Two-factor authentication

Mandatory for administrators and people with production access. Optional for end users but enforced on critical actions (changing beneficiaries, data export). Standard TOTP codes (Google Authenticator, Authy, 1Password) and backup recovery codes.

🔑

Revocable sessions

Access tokens can be revoked instantly from the user panel. Refresh tokens rotate on every use. Changing your password closes every session.

🚦

Rate limiting

We limit attempts on login, password recovery, OTP and 2FA verification to slow down brute-force attacks and account enumeration.

📜

Immutable audit log

Every administrative access to sensitive data, every post-mortem release and every consent change is recorded in a hash-chained log: tampering is visible.

👥

Custodian portal with 2FA

The custodian portal (the door a designated person walks through after a death) requires a 6-digit email OTP on top of a single-use temporary link.

💾

Backups

Daily automated database backups, encrypted and verified. Restore drills run periodically — an untested backup is no backup.

🔭

Observability

Sentry monitors frontend and backend errors in real time. Synthetic tests every 15 minutes check that critical pages respond. Daily KPI alerts catch anomalies.

🧬

PII anonymisation before AI

When we use language models to help you classify documents, a prior layer anonymises names, emails, national IDs, IBANs and account numbers before any external call. AI providers never see direct personal data.

🇪🇺

EU-only hosting

Physical servers within the European Union. No data leaves the EU outside the cases explicitly disclosed in the privacy policy.

Least privilege

Every person with access to the platform has exactly the permissions they need and nothing more. Roles are reviewed periodically and revoked as soon as the person no longer needs them.

When something goes wrong: incident response

We have a written breach-response protocol. If we detect an incident affecting your data, we will notify the Spanish DPA (AEPD) within 72 hours and affected people without delay if the risk is high, per GDPR Article 33. We run an internal drill yearly.

What you can do

Use a strong unique password (we don't allow reused passwords found in known breaches).
Activate 2FA on your account.
Designate custodians carefully and keep contact info up to date.

📜 Binding Spanish version: /seguridad