Privacy Policy
Last updated: April 2026
This Privacy Policy forms part of our Terms and Conditions. It explains how we collect, use, store, and protect your personal data when you use MakeMyLPA.
1. Who We Are
MakeMyLPA.co.uk is owned and operated by Destiny Wills & Legal Services Ltd (the "data controller").
- Company Number: 16351311
- Registered Address: 21 Chapel Lane, Hale Barns, Cheshire, WA15 0AB
- Contact: info@makemylpa.co.uk
2. Categories of Personal Data We Collect
We collect the following categories of personal data:
Account Data
Your full name, email address, and an encrypted (hashed) password.
LPA Data
The personal information you provide when building your Lasting Power of Attorney, including names, dates of birth, and addresses of the donor, attorneys, replacement attorneys, certificate provider, and people to notify. This may also include preferences relating to health and welfare decisions.
Payment Data
If you use our optional paid services, we store the transaction reference, payment status, service type, and the last four digits of the card used. Full credit or debit card numbers are never stored by us — all card details are handled directly by our payment processor, Stripe.
Technical Data
Your IP address and browser type, collected automatically through essential cookies. We do not use analytics, advertising, or third-party tracking cookies.
3. How We Collect Your Data
We collect personal data directly from you when you:
- Create an account on MakeMyLPA
- Build a Lasting Power of Attorney using our wizard
- Use our optional paid services (professional review, print and post)
- Contact us by email
We do not collect personal data from third parties or public sources.
4. Lawful Basis for Processing
Under the UK GDPR, we rely on the following lawful bases for processing your personal data:
| Lawful Basis | Processing Purpose |
|---|---|
| Contract performance | Creating your account, generating your LPA documents, providing paid services you have purchased |
| Legitimate interests | Maintaining the security of our service, preventing fraud, improving the service |
| Legal obligation | Retaining financial records as required by HMRC |
We do not currently rely on consent as a lawful basis for processing. We do not send marketing communications.
5. How We Use Your Data
We use your personal data to:
- Create and manage your account
- Generate your Lasting Power of Attorney documents
- Provide paid services you have purchased (professional review, print and post)
- Communicate with you about your account or services
- Maintain the security of our service
We do not use your data for marketing, profiling, or automated decision-making. We do not sell, rent, or share your personal data with third parties for their own purposes.
6. Third-Party Disclosures
We share your personal data only with the following third parties, and only to the extent necessary to provide our service:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email address, payment amount, card details (entered directly on Stripe's checkout page) |
| Microsoft Azure | Hosting and data storage | All account and LPA data (stored on Azure servers in the UK) |
We do not use analytics providers, advertising networks, or any other third-party data processors.
7. International Transfers
Your account and LPA data is stored on Microsoft Azure servers in the UK and does not leave the United Kingdom.
When you use our paid services, your payment is processed by Stripe, which is headquartered in the United States. Stripe complies with UK GDPR requirements through Standard Contractual Clauses (SCCs) and equivalent data protection safeguards. You can read Stripe's privacy policy at stripe.com/gb/privacy.
8. Data Retention
- Account and LPA data: Retained for as long as your account is active. When you delete your account, all associated personal data and LPA records are permanently removed within 30 days.
- Payment records: Retained for 7 years after the transaction date, as required by HMRC for financial record-keeping.
- Email correspondence: Retained for as long as reasonably necessary to resolve your enquiry and for our records.
9. Your Rights Under UK GDPR
You have the following rights in relation to your personal data:
- Right of access — You can request a copy of the personal data we hold about you (a Subject Access Request).
- Right to rectification — You can ask us to correct any inaccurate or incomplete personal data.
- Right to erasure — You can ask us to delete your personal data (the "right to be forgotten"). You can also delete your account directly from your dashboard.
- Right to restrict processing — You can ask us to restrict how we process your data in certain circumstances.
- Right to data portability — You can request your personal data in a structured, commonly used, machine-readable format.
- Right to object — You can object to our processing of your personal data where we rely on legitimate interests as the lawful basis.
To exercise any of these rights, email us at info@makemylpa.co.uk. We will respond within one calendar month.
10. Automated Decision-Making
We do not carry out any automated decision-making or profiling using your personal data.
11. Payment Data Handling
We never see, store, or have access to your full credit or debit card number. When you use a paid service, you are redirected to Stripe's secure checkout page where you enter your card details directly. We receive only a confirmation of payment, a transaction reference, and the last four digits of the card used.
12. Data Security
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures, including:
- All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
- Data at rest is encrypted on Microsoft Azure's UK-based servers
- Passwords are stored using industry-standard one-way hashing and are never stored in plain text
- Access to production systems is restricted by role-based access controls
While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. If you believe your account has been compromised, please contact us immediately at info@makemylpa.co.uk.
13. Right to Complain
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Information Commissioner's Office
- Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Website: ico.org.uk
- Telephone: 0303 123 1113
We would appreciate the opportunity to address your concerns before you contact the ICO. Please email us at info@makemylpa.co.uk in the first instance.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be reflected by updating the "Last updated" date at the top of this page. Where changes are significant, we will make reasonable efforts to notify you by email. Your continued use of MakeMyLPA after any changes constitutes acceptance of the updated Privacy Policy.
15. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:
Destiny Wills & Legal Services Ltd
21 Chapel Lane, Hale Barns, Cheshire, WA15 0AB
Email: info@makemylpa.co.uk