Privacy Policy
Last updated: 25 February 2026 | Version 2.0
This Privacy Policy explains how Techify Solutions Ltd (Company No. 16515642), trading as Milestone Vault ("we", "us", "our"), collects, uses, stores, and protects your personal data when you use our website and Service. Please read this policy carefully.
By using Milestone Vault you also agree to our Terms & Conditions.
1. Data Controller
Techify Solutions Ltd is the data controller for all personal data processed through the Milestone Vault Service, as defined under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Registered Office: 234a Upper Richmond Road, London, SW15 6TG, United Kingdom
Contact: themilestonevault@gmail.com
2. What Personal Data We Collect
We collect and process the following categories of personal data:
2.1 Account & Registration Data
- Full name
- Email address
- Encrypted password hash (we never store your plain-text password)
- Email verification status and timestamp
- Account creation date and last activity timestamp
- Agreed terms and privacy acceptance timestamps
2.2 Message & Recipient Data
- Recipient email addresses and full names
- Recipient date of birth (where provided, used solely for milestone date calculation)
- Encrypted message content and attachments
- Delivery type, scheduled delivery dates, and milestone metadata
- Recipient consent status and timestamps
- Delivery status, failure logs, and sent timestamps
2.3 Billing & Payment Data
- Payment transaction identifiers and reference numbers (from Stripe)
- Payment status, amount, and currency
- Stripe customer ID (where generated)
- We do not store full card numbers, CVV, or bank account details — these are handled exclusively by Stripe.
2.4 Technical & Usage Data
- IP address
- Browser type and version
- Session data (cookies)
- Server access logs (request timestamps, paths, response codes)
- Error logs
2.5 Mailing List Subscriber Data
- Email address of subscribers who voluntarily sign up via the website footer
- Subscription date and source
3. How We Use Your Data
| Purpose | Lawful Basis (UK GDPR) |
|---|---|
| Registering and managing your account | Contract performance (Art. 6(1)(b)) |
| Scheduling and delivering your messages | Contract performance (Art. 6(1)(b)) |
| Processing payments | Contract performance (Art. 6(1)(b)) |
| Sending verification and transactional emails | Contract performance (Art. 6(1)(b)) |
| Security, fraud prevention, and abuse detection | Legitimate interests (Art. 6(1)(f)) |
| Inactivity monitoring (for "After I'm Gone" delivery) | Contract performance (Art. 6(1)(b)) |
| Service improvement and debugging | Legitimate interests (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Marketing emails (mailing list subscribers only) | Consent (Art. 6(1)(a)) |
4. Data We Do Not Collect or Use
- We do not sell your personal data to any third party.
- We do not use your message content for advertising, profiling, or machine-learning training.
- We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you.
- We do not use third-party advertising trackers or social media pixels on the Service.
5. Third-Party Data Processors
We share personal data only with the following categories of trusted third-party processors, who are contractually bound to process data only on our instructions and in accordance with applicable data protection law:
- Stripe, Inc. — payment processing (subject to Stripe's own privacy policy and PCI DSS compliance)
- Email delivery providers — for sending transactional, system, and delivery emails
- Cloud hosting & infrastructure providers — for storing and running the Service
We do not disclose personal data to any other third parties unless required to do so by law (e.g., a court order or regulatory request), in which case we will notify you to the extent permitted by law.
6. Message Content Encryption
All message content and attachments you store in Milestone Vault are encrypted at rest using AES-256 encryption before being written to our database. Passwords are stored as one-way bcrypt hashes. All data is transmitted over TLS-encrypted connections (HTTPS).
Whilst we take all reasonable technical and organisational measures to protect your data, no system is entirely immune to security risks. We accept no liability for breaches beyond our reasonable control.
7. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Until account deletion, then deleted within 30 days |
| Undelivered messages | Until delivery or account deletion |
| Delivered messages | Deleted within 30 days of delivery confirmation |
| Payment records | 7 years (UK legal requirement for financial records) |
| Server access logs | Up to 90 days |
| Mailing list subscriptions | Until unsubscribe request is received and processed |
8. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, where required under UK GDPR Art. 33.
- Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms, in accordance with UK GDPR Art. 34.
9. Your Rights Under UK GDPR
You have the following rights in relation to your personal data:
- Right of access (Art. 15) — request a copy of your personal data
- Right to rectification (Art. 16) — request correction of inaccurate or incomplete data
- Right to erasure (Art. 17) — request deletion of your data (subject to legal retention obligations)
- Right to restriction of processing (Art. 18) — request that we limit how we use your data
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
- Right to object (Art. 21) — object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent (e.g., mailing list), you may withdraw at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at themilestonevault@gmail.com. We will respond within 30 days in accordance with UK GDPR requirements. We may ask you to verify your identity before acting on your request.
You also have the right to lodge a complaint with the supervisory authority:
Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
10. International Data Transfers
Some of our third-party service providers (such as Stripe and cloud hosting providers) may process personal data outside the UK or European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as:
- The UK's International Data Transfer Agreements (IDTAs)
- Standard Contractual Clauses approved by the ICO
- The UK adequacy regulations or equivalent protections
11. Cookies & Session Data
We use the following cookies and session technologies:
- Session cookie — required for login and CSRF protection. Expires when your browser session ends (or after 7 days if "Remember me" is selected).
- We do not use third-party advertising, tracking, or analytics cookies at this time.
You can block or delete cookies via your browser settings. Disabling session cookies will prevent you from logging in.
12. Children's Privacy
The Service is not directed at or intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that personal data of a child under 18 has been collected, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email at least 14 days before the changes take effect. The current version will always be available at this URL with the "Last updated" date shown at the top.
14. Contact Us
For all data protection queries, requests to exercise your rights, or concerns about this policy, please contact:
Techify Solutions Ltd
Company No. 16515642
Registered Office: 234a Upper Richmond Road, London, SW15 6TG, United Kingdom
Email: themilestonevault@gmail.com
We aim to respond to all data protection queries within 5 business days.