TributeLegacy

Privacy Policy

Last updated: 21 June 2026

TributeLegacy ("we", "us") is a UK-based community platform that helps families and friends remember people who have died. We take privacy seriously and this policy explains, in plain English, what personal data we collect, why, and what your rights are under the UK GDPR and the Data Protection Act 2018.

Who we are

TributeLegacy is operated from the United Kingdom. If you need to reach us about anything in this policy, please email support@tributelegacy.com.

Information about people who have died

UK data protection law applies to living individuals only. Information about a person who has died is not "personal data" under UK GDPR. We still treat it with great care because it is sensitive, often recent, and connected to grieving family members. Where a tribute page includes details about living people (custodians, family members in photos, people writing tributes) those people retain full data-protection rights.

The data we collect

  • Account data: name, email address, password (stored hashed), profile photo.
  • Content you create: legacy pages, tributes, photos, journal entries, gathering details, messages.
  • Relationship data: who you follow, who follows a page, custodian relationships.
  • Technical data: IP address, browser type, basic device information, error logs.
  • Cookies and similar: see "Cookies" below.

Why we use it, and our lawful basis

  • To run your account and the service - lawful basis: contract.
  • To keep the platform safe and prevent abuse - lawful basis: legitimate interest.
  • To send important service emails (verification, password reset, custodian invitations) - lawful basis: contract.
  • To improve the product with anonymous analytics - lawful basis: consent (you can decline in the cookie banner).
  • To meet legal obligations (for example, responding to lawful requests) - lawful basis: legal obligation.

Sharing

We do not sell your data. We share data only with trusted processors that help us run the service (hosting, database, email delivery, error reporting). All processors are bound by contract and appropriate safeguards. Tribute pages can be set to public or private by the custodian; public pages may be indexed by search engines.

International transfers

Some of our processors may store data outside the UK. Where that happens we rely on UK adequacy regulations or the UK International Data Transfer Addendum to the EU Standard Contractual Clauses.

Retention

We keep account data while your account is open. You can delete your account at any time from Settings. Tribute pages may be preserved by their custodian for as long as they wish - that is the point of a lasting legacy. Deleted content is removed from active systems and purged from backups on our regular backup rotation (typically within 30 days).

Cookies

We use a small set of cookies and local storage:

  • Essential - sign-in session, cookie preference. Always on.
  • Analytics - anonymous usage statistics. Off by default, on if you accept.

You can change your choice at any time by clearing site data in your browser.

Your rights

Under UK GDPR you can ask us to:

  • Confirm what data we hold about you and give you a copy (access).
  • Correct anything that is wrong (rectification).
  • Delete your account and personal data (erasure).
  • Restrict or object to certain processing.
  • Port your data to another service in a common format.

Email support@tributelegacy.com and we will respond within one month. If you are unhappy with our response you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

Children

TributeLegacy is not directed at children under 13. We do not knowingly create accounts for children under 13. If you believe a child has signed up, please contact us and we will remove the account.

Changes to this policy

We will post any material change here and update the "last updated" date. Significant changes will also be flagged in-app.

See also our Terms of Service.