Privacy Policy

Introduction

It's Handled (operated by SDG Services Pty Ltd, ABN 30 664 897 429) is committed to protecting your privacy and the privacy of the deceased persons whose digital estates we manage. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

We are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).

Information We Collect

Information You Provide

When you use our services, we collect:

• Your contact information: Name, email address, phone number, relationship to deceased
• Deceased person's information: Name, email addresses, phone numbers, date of birth, date of death
• Documentation: Death certificates, proof of relationship, letters of administration
• Payment information: Processed securely by Stripe; we do not store credit card numbers
• Vault users: Account lists, access instructions, executor nominations

Information We Discover

Through our account discovery process, we identify:

• Online accounts associated with the deceased's email addresses and phone numbers
• Platform names and account existence (not account contents or passwords)

Email Inbox Scanning (Optional)

With your explicit consent, and acting as an agent of the authorized executor, we may access the deceased person's email account to:

• Identify online accounts from signup confirmation emails
• Discover subscriptions from receipt emails
• Identify and unsubscribe from marketing mailing lists

What we access:

• Email headers (sender, subject line, date)
• List-Unsubscribe headers for automatic unsubscription
• We do not read or store the body content of personal emails

How we handle this data:

• Access is read-only and granted via secure OAuth authentication
• Access is revoked immediately after the scan is complete
• We extract only sender names and domains for account discovery
• No email content is stored on our servers
• Scan results (account names only) are retained with the case file

Legal basis:

The executor of an estate has legal authority to manage the deceased's digital assets, including email accounts. By authorizing this scan, you confirm that you have the legal right to access this account as the estate executor, administrator, or next-of-kin. This access is performed under your authority and direction.

Automatically Collected Information

• IP address and browser type
• Pages visited and time spent on our website
• Referring website

How We Use Your Information

We use the information we collect to:

• Provide our digital estate management services
• Discover online accounts held by the deceased
• Contact platforms on your behalf to close or memorialize accounts
• Process payments and send receipts
• Communicate with you about your case
• Send service updates and important notices
• Improve our services and website
• Comply with legal obligations

How We Share Your Information

We share personal information only in the following circumstances:

With Online Platforms

To close or memorialize accounts, we share necessary information with platforms (e.g., deceased's name, death certificate). This is required to perform the services you've engaged us for.

With Service Providers

• Stripe: Payment processing
• Cloud hosting: Secure data storage
• Email services: Transactional emails

These providers are contractually bound to protect your information.

Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, safety, or property.

We Never

• Sell your personal information to third parties
• Use your information for marketing purposes without consent
• Share information with advertisers

Data Security

We implement appropriate security measures including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Secure cloud infrastructure with access controls
• Regular security reviews
• Limited employee access on a need-to-know basis
• Secure deletion of data when no longer required

While we take reasonable steps to protect your information, no method of transmission over the internet is 100% secure.

Data Retention

We retain personal information for:

• Active cases: Until case completion plus 7 years (legal compliance)
• Vault accounts: Until account is closed or activated
• Completed cases: 7 years from completion (Australian legal requirements)
• Website analytics: 26 months

After the retention period, data is securely deleted or anonymized.

Your Rights

Under Australian privacy law, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal retention requirements)
• Complaint: Lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, contact us at privacy@itshandled.au.

Cookies

We use essential cookies to make our website function properly. We do not use tracking cookies or third-party advertising cookies.

Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Complaints

If you are not satisfied with our response to a privacy concern, you may lodge a complaint with the Office of the Australian Information Commissioner: