Privacy Policy

This Privacy Policy explains how Peculiar Dynamics Ltd (Company No. 14575056), trading as Lastli ("we", "us", "our"), collects and uses personal data when you use the Lastli website and application (the "Service").

We process personal data in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

Peculiar Dynamics Ltd is the Data Controller for personal data collected through the Service.

Registered address: 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom.
Email: help@lastli.co.uk

We have not appointed a Data Protection Officer. Data protection enquiries may be sent to the email address above.

We may collect and process the following categories of personal data:

• Account and identity data: name (if provided), email address, encrypted password or authentication tokens (including when you sign in with Google OAuth), account tier, and sign-in timestamps;
• Estate administration data: estate names, task lists, notes, asset and debt ledger entries, valuations, categories, and related metadata you enter into the Service;
• File uploads: documents and files you upload or download via features such as the Document Vault, stored using our cloud storage infrastructure;
• Payment data: billing status, Stripe customer identifiers, and transaction references. Card details are collected and processed directly by Stripe; we do not store full payment card numbers;
• Communications and support data: messages you send to us and feedback you submit;
• Technical and usage data: IP address, browser type, device information, log files, and security/event data necessary to operate and protect the Service.

Special category data: you should not enter sensitive personal data about deceased persons or third parties unless you have a lawful basis to do so. If you choose to enter such data, you are responsible for compliance with applicable data protection law.

We use personal data to:

• Provide, maintain, and secure the Service, including authentication, estate management, and file storage;
• Process Premium payments and manage your subscription status;
• Send service-related emails (for example, account confirmation, password reset, and security notices);
• Respond to support requests and improve the Service;
• Detect fraud, abuse, and technical issues;
• Comply with legal obligations.

Marketing and CRM synchronisation: where permitted by law, we synchronise limited account properties (such as your email address and account tier) with our customer relationship and email platform, Loops.so, via secure API connections. This helps us send product updates and service communications. You may opt out of marketing emails using the unsubscribe link in those messages or by contacting us.

Our lawful bases under UK GDPR may include:

• Contract - to perform our agreement with you and provide the Service;
• Legitimate interests - to secure, improve, and promote the Service in a way you would reasonably expect;
• Consent - where required for certain marketing communications;
• Legal obligation - where we must retain or disclose data to comply with law.

Under the UK Privacy and Electronic Communications Regulations (PECR), we are required to tell you how we use cookies and similar storage on your device. Lastli uses strictly necessary cookies and session storage solely to maintain your authenticated login, protect sign-in with Google, and support secure payment processing. We do not use analytics, advertising, or other non-essential tracking cookies.

Because these technologies are essential for the Service to function, they do not require your consent under PECR. Our cookie notice records that you have been informed of this limited use. You can control optional browser settings, but disabling strictly necessary cookies may prevent you from signing in or completing checkout.

Third-party payment and sign-in providers may update cookie names or retention periods; we will keep this table reasonably current. For Stripe's own privacy practices, see stripe.com/gb/privacy.

We use trusted third-party service providers who process personal data on our behalf under written terms consistent with UK GDPR. These include:

• Render - application hosting and infrastructure;
• Google Cloud - cloud storage and Google OAuth sign-in;
• Stripe - payment processing;
• Resend - transactional email delivery;
• Loops.so - marketing communications and contact property synchronisation.

Some providers may process data outside the UK. Where they do, we rely on appropriate safeguards such as UK adequacy regulations, the UK International Data Transfer Agreement, or equivalent mechanisms approved under UK data protection law.

We retain personal data for as long as your account is active and for a reasonable period afterwards to resolve disputes, enforce our terms, and meet legal obligations.

You may request deletion of your account by contacting us. Some data may be retained in backups or logs for a limited period before automatic deletion.

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and secure hosting. No method of transmission or storage is completely secure; you use the Service at your own risk.

Under UK GDPR, you have the right to:

• Access - request a copy of personal data we hold about you;
• Rectification - request correction of inaccurate or incomplete data;
• Erasure - request deletion in certain circumstances (the "right to be forgotten");
• Restrict processing - request restriction in certain circumstances;
• Data portability - receive certain data in a structured, commonly used, machine-readable format;
• Object - object to processing based on legitimate interests or for direct marketing;
• Withdraw consent - where processing is based on consent, without affecting prior lawful processing.

To exercise these rights, email help@lastli.co.uk. We may need to verify your identity before responding. We aim to respond within one month, as required by law.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.

The Service is not directed at children under 18. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will change when we do. Material changes may be communicated by email or in-product notice where appropriate.

For privacy enquiries or to exercise your data protection rights, contact: help@lastli.co.uk.