Estate Link Privacy Policy

Last Updated: September 5, 2025

Welcome to Estate Link, an estate planning practice management platform. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit or use our services.

Contact us at privacy@estatelink.com or write to:

Estate Link – Privacy Team
3415 39th St S
Fargo, ND 58104

1. Scope

This Privacy Policy applies to visitors, customer administrators, and end‑users who access Estate Link. It does not apply to third‑party websites or services that integrate with Estate Link (for example Practice Panther or Dropbox).

2. Information We Collect

Account Data

We collect the following account data that you provide when you sign up for Estate Link:

  • First and last name
  • Business email address
  • Company name
  • Password (stored only as a hash)

Practice Management Data

We collect data from the following objects when you use Estate Link:

  • Client and contact information
  • Matter details and case information
  • Time entries and billing data
  • Tasks and workflow information
  • Documents and file attachments
  • Team member assignments
  • Communication logs

Automatically Generated Data

We collect the following data that is generated automatically:

  • IP address
  • Browser information
  • Device information
  • Approximate location (if your browser shares it)
  • Pages viewed and actions taken inside Estate Link (activity logs)

Files and Documents

We collect the following data related to files and uploads:

  • Documents exchanged through Estate Link, stored securely in cloud storage
  • File metadata and access logs

Billing Information

We collect the following billing data:

  • Billing contact details
  • Payment tokens
  • Invoices
  • Last four digits of a card (handled by Stripe)

We do not knowingly collect children's data, health data, or full payment‑card numbers.

3. Cookies & Tracking

Estate Link uses essential session cookies for functionality. Analytics cookies may be used to improve our service. Where required, a cookie banner lets users opt‑in to analytics cookies and lets California users opt‑out of any "sale" or "sharing" of personal information. A valid Global Privacy Control (GPC) signal is honored as a do‑not‑sell/share request.

4. How We Use Information

  • Provide, secure, and maintain the Service
  • Process and manage your practice data
  • Send transactional messages (invitations, password resets, billing alerts)
  • Process payments
  • Improve and debug the Service
  • Send newsletters or product updates (with consent)
  • Comply with law, enforce terms, and prevent fraud

5. How We Share Information

We do not sell personal information for money. We disclose data only to:

  • Amazon Web Services (USA) – application hosting and file storage
  • Email service providers – transactional email delivery
  • Stripe (USA) – payment processing
  • Error monitoring services – service reliability
  • Security providers – threat detection and response

Sub‑processors are bound by written agreements that satisfy GDPR Article 28 and the California Privacy Rights Act. We may also disclose information to comply with legal requests, to enforce our agreements, or during a business transfer such as a merger.

6. Data Retention

  • Active account data is retained while your subscription is active
  • If you cancel your Estate Link subscription, we delete or anonymize all data within 30 days
  • Billing and invoicing records are retained for 7 years to meet tax and accounting obligations
  • Encrypted database backups are taken regularly and retained for security purposes
  • Document files benefit from cloud storage redundancy and backup systems

7. International Data Transfers

Estate Link is hosted in the United States. When personal data of EEA or UK residents is transferred to the U.S., we rely on appropriate safeguards including Standard Contractual Clauses.

8. Security Measures

  • TLS encryption in transit and AES‑256 encryption at rest
  • Role‑based access control with least‑privilege principles
  • Multi‑factor authentication for administrative accounts
  • Continuous monitoring and threat detection
  • Regular encrypted backups
  • Logical data separation per tenant and detailed audit logs

No security method is perfect; if we discover a breach, we will notify affected customers and regulators as required by law.

9. Your Privacy Rights

United States (CA, CO, CT, UT, VA) – you may request access, deletion, correction, or portability of your personal information and may opt‑out of any sale or sharing. We will not discriminate against you for exercising these rights.

European Economic Area and United Kingdom – you may request access, rectification, erasure, restriction, portability, object to processing, or withdraw consent at any time. You may also lodge a complaint with a supervisory authority.

How to exercise your rights – email privacy@estatelink.com. We will verify your identity and respond within the timelines required by applicable law (30 days for GDPR; 45 days for CPRA).

10. Children

Estate Link is a business‑to‑business service and is not directed at children under 13. If you believe a child has provided personal information, please contact us so we can delete it.

11. Changes to This Policy

We may update this Policy from time to time. For material changes, we will email customer administrators and post a notice in the Service at least 30 days before the new terms take effect. The "Last updated" date at the top tells you when we last revised the Policy.

12. Contact Us

If you have any questions, concerns, or complaints, please email privacy@estatelink.com or write to:

Estate Link – Privacy Team
3415 39th St S
Fargo, ND 58104 USA