Who we are
CheapWills is a product of Nesbitt Web Ltd, company number 09417982, registered in England and Wales at 27 Old Gloucester Street, London, WC1N 3AX.
For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), Nesbitt Web Ltd is the Data Controller for personal data collected through cheapwills.co.uk.
Questions about this policy: [email protected]
Data we collect and why
| Category | Data | Source |
|---|---|---|
| Account | Email address, password (hashed), account creation date | You provide this on registration |
| Will details | Your full name, address, marital status, names of beneficiaries, executors, guardians, and details of assets and wishes | You provide this via the questionnaire |
| Payment data | Subscription status, payment date. We do not store card numbers — these go directly to our payment processor | Payment processor (e.g. Stripe) |
| Waitlist | Email address | You provide this when joining the waitlist |
| Usage data | Pages visited, time on page, errors encountered | Collected automatically via our hosting infrastructure |
We understand that will-related data is highly sensitive. It includes names, family relationships, financial details, and personal wishes. We treat all of it with the care it deserves.
How we use your data
We use your data only to:
- Generate your will document based on the information you provide
- Process your payment
- Send transactional emails — account confirmation, purchase receipts, and service updates
- Diagnose bugs and improve the Service
- Meet our legal and regulatory obligations
We do not sell your data. We do not use your data for advertising or behavioural tracking. We do not share your will details with any third party.
Legal basis for processing
| Purpose | Legal basis |
|---|---|
| Running your account and generating your will | Contract (Article 6(1)(b)) — necessary to perform the service you purchased |
| Processing payment | Contract (Article 6(1)(b)) |
| Transactional emails | Contract (Article 6(1)(b)) |
| Waitlist emails | Consent (Article 6(1)(a)) — you can unsubscribe at any time |
| Retaining records for legal compliance | Legal obligation (Article 6(1)(c)) |
| Improving the Service and diagnosing errors | Legitimate interests (Article 6(1)(f)) |
Who we share data with
We use a small number of sub-processors to operate the Service. All are bound by data processing agreements and comply with UK GDPR.
| Provider | Purpose |
|---|---|
| Vercel | Hosting and infrastructure |
| Supabase | Database and authentication |
| Stripe | Payment processing — we never see or store your card details |
| Kit (ConvertKit) | Waitlist email collection |
We do not use Google Analytics, advertising cookies, tracking pixels, or remarketing services.
We may also disclose data where required by law — for example, in response to a valid court order.
How long we keep your data
| Data | Retention period |
|---|---|
| Account and will data | Duration of your account, plus 90 days after deletion |
| Payment records | 7 years (HMRC record-keeping requirements) |
| Waitlist email | Until you unsubscribe or we no longer need it |
| Usage/diagnostic data | Up to 90 days |
If you delete your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it for legal compliance.
Your rights under UK GDPR
You have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — request deletion of your data (subject to legal retention obligations)
- Restriction — ask us to restrict processing in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, email [email protected]. We will respond within one month.
If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) or by calling 0303 123 1113.
Cookies
We use only the cookies necessary to operate the Service:
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Keeps you logged in during your session | Session (deleted when you close your browser) |
| Auth token | Remembers your login if you choose "stay signed in" | Up to 30 days |
We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
Children's privacy
The Service is intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you become aware that a child has provided us with personal data, contact us at [email protected] and we will delete it promptly.
Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified by email at least 14 days before they take effect. The "last updated" date at the top of this page will always reflect the current version.
Contact
Nesbitt Web Ltd
27 Old Gloucester Street, London, WC1N 3AX
Company number: 09417982
[email protected]
For complaints: Information Commissioner's Office (ICO) · 0303 123 1113