Your privacy and data security are essential at Willful. This article explains how we safeguard your personal information, how it is stored, our privacy practices, and what you can expect when using our platform.
Overview of Willful's data protection practices
At Willful, we follow strict industry standards to protect your data. From encryption to controlled access, we take multiple steps to keep your personal and legal information safe.
We handle a variety of sensitive data, including:
Personal details: such as names, addresses, and birthdates
Legal decisions: including executor appointments, guardianship choices, and asset distribution
Payment information: for processing orders and subscriptions
Willful's privacy approach
Willful is committed to transparency and responsible data use:
Consent-based use: We only collect and use data necessary to provide our services.
No sharing without permission: We do not sell or share your personal information with third parties without your consent.
Data ownership: You retain ownership of your data. You can update or delete your information at any time.
Compliance and legal standards
Willful complies with Canadian privacy laws, including:
PIPEDA (Personal Information Protection and Electronic Documents Act): This law governs how we collect, use, and store personal information.
Provincial regulations: We follow specific requirements for digital wills and estate planning tools in each province where applicable.
How data is kept secure
Willful uses modern security practices to ensure your data is protected:
Encryption: All data is encrypted in transit (SSL) and at rest using AES-256 encryption.
Secure storage: Our web application and databases are hosted on Heroku, a secure platform using production-tier database services.
Third-party audits: We engage an external third party to conduct regular security audits.
Access controls: Only authorized Willful staff can access user data, and only when needed for support or compliance.
Activity logging: We log access and changes to ensure accountability.
Secure payments: We use Stripe, a PCI Level certified provider, to process payments. Credit card data is never stored on our servers.
SSO support: Users can sign in using Google-accounts, although two-factor authentication is not currently supported.
How data is stored and retained
Data hosting: All user data is stored in Heroku's secure environment.
Retention policy: We store your data as long as your account is active to enable document updates. You may delete your account and data at any time.
Access restrictions: PII is accessible only on a need-to-know basis by authorized team members.
Marketing and analytics data: Stored and managed across platforms like Mailchimp, Amplitude, Stripe, and Qlik, with data minimization and secure sharing practices in place.
What happens if Willful closes?
Your legal documents remain valid:
Printed and signed documents: Are still legally binding even if Willful ceases operations.
Legal independence: Your documents are valid expressions of your intentions, independent of our business status.
Advance notice: If Willful were to shut down, we would give at least 30 days' notice so you could update, save, and print your documents.
Other considerations
Some situations may require additional clarification:
User support access: If you contact our support team, they may request permission to view your account to help resolve issues.
Legal requests: If required by law (e.g., a court order), we may be obligated to share specific data.
Account deletion: When you delete your account, your data is removed from our systems unless retention is legally required.