You need a FREE demonstration about Legapass?

Personal data and security

You should read this privacy policy before using the LEGAPASS website and its dedicated application.
Families, save your loved ones from the administrative maze
Label Etik Blanc 2024 logo

Legapass is certified by the Conseil Supérieur du Notariat.

Last update: October 2023

This site and its application, accessible at URL https://legapass.com/is published by :

  • LEGAPASS, a simplified joint stock company with share capital of 1,000 euros, registered with the Nice Trade and Companies Register under number B 904 291 689, with registered office at 40 avenue Sainte Marguerite Ile de France B 06200 NICE, represented by CHEMIN Jean-Charles, duly authorized Chairman.
  • The individual VAT number of the Operator is FR31904291689.
  • The Site is hosted by the company Clever Cloud SAS, located 3 rue de l'Allier 44000 NANTES
    Contact : 02 85 52 07 69 - support@clever-cloud.com
  • The Director of the publication of the Site is CHEMIN Jean-Charles, President.
  • The Operator can be reached at the following email address contact@legapass.com Tel: +33 1 84 60 20 50
  • The Data Protection Officer (DPO) can be reached at the following address dpo@legapass.com.


This Privacy Policy tells you everything you need to know about how LEGAPASS protects the personal data we process and control about you, and what rights you may have with respect to that processing. You should therefore read this Privacy Policy before using the LEGAPASS website and its dedicated application.

We take care of your personal data and we are committed to ensuring its confidentiality and security in compliance with the regulations in force, in particular the French Data Protection Act and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (RGPD).

For any clarification of the definition of specific terms in this document, please refer to our T&Cs which we invite you to consult at : https://legapass.com/cgu/

Why is LEGAPASS privacy strengthened?

The service offered by LEGAPASS is specific in that it concerns sensitive personal data inserted by the Customer in the form of a highly secure end-to-end encrypted secret stored in an off-line safe without LEGAPASS having the possibility, at any time, to access it.

As a result, the only personal data we can process is that entered by the customer when registering and using the site or application. LEGAPASS never has access to its users' secrets, as these are encrypted from end to end between the user's terminal and the safe, with the decryption key kept by a bailiff in accordance with Legapass's security process.

LEGAPASS has no way of accessing its users' secrets.

Therefore, this Privacy Policy does not cover User/Customer secrets. The following clarification applies to all other personal data of our Users/Customers.

For any clarification of the definition of secrecy in this document, please refer to our TOS available at https://legapass.com/cgu/

I - How does LEGAPASS protect your personal data?

When you first visit the www.legapass.com website your consent is requested, collected and retained by Axeptio, our RGPD-compliant consent collection and cookie management service provider. It is on the basis of this consent to the processing of your data that the following processing operations are implemented.

1. The personal information we collect:

When you visit www.legapass.com or its dedicated application, we automatically collect certain information about your device, including information about your web browser, your IP address, your time zone and some of the cookies installed on your device.

In addition, as you browse the Site, we collect information about the individual web pages or products you view, the websites or search terms that referred you to the Site, and how you interact with the Site. We refer to this automatically collected information as "device information.

In addition, we collect the personal data you provide to us (including, but not limited to, name, address, payment information, etc.) when you register and sign up for a free, premium or pro membership in order to fulfill the contract.

In accordance with Article 13 et seq. of the GDPR, you will find below a table detailing the categories of personal data that we may collect, subject to the limits set by local laws:

Type of personal data

Type of personal data classified by category

Identity and identification data

Name, surname, date of birth, nationality, all types of identifiers and contact information (such as e-mail, phone numbers, address) and occasionally, when necessary and for specific purposes, gender, age, place of birth, social security number.

Commercial information

History and records of products and services you have obtained from LEGAPASS. Correspondence between you and us when addressed to a dedicated mailbox or other electronic means of communication, for the purposes of claims payment processing and business follow-up.

Marketing and research information

a. Identifiers - a person's IP address, social network ID or other online identifiers, email/mobile phone number if used for direct marketing, as well as name and address.

b. Demographics - (e.g., income, marital status, age range, gender, interests, pets, home ownership, health, current service providers)

c. Data relating to browsing history and preferences expressed when selecting, displaying and purchasing goods, services and content, information about your mobile device, including (where applicable) device type, device identification number and mobile operating system.

d. Social network content - blogs, posts and anything published by an individual online or that mentions/references an individual.

e. Written or voice chat services (speech-to-text engines for search requests) without being recorded or stored by the mobile device.

Access data

LEGAPASS may also collect certain types of sensitive information where permitted by local law or with your consent, such as passwords, cryptocurrency wallet seed phrases, digital asset access...

Information about the position and the profession or job

Professional or job-related information, such as current job description, job title, employer, work location, and LEGAPASS contact(s).

System and application access data and information on Internet and electronic network activity

We may collect data to enable you to access LEGAPASS systems and applications, such as system ID, LAN ID, email account, instant messaging account, mainframe ID, system passwords, and information about activity on the Internet or other electronic networks, including access logs, activity logs, and electronic content generated using LEGAPASS systems.

Cookies and geolocation data

We may also collect geolocation data in certain circumstances. Please see our cookie policy for details of our use of cookies.

Documents required for formal identification

LEGAPASS may collect data relating to citizenship, nationality, civil status (passport, residence permit) (in physical and/or electronic form).

Documents required for estate management

LEGAPASS can collect documents relating to a deceased person or their next of kin, more specifically their heirs or beneficiaries (authenticated death certificate or copy, will, act of inheritance, certificate of heirship, etc.).

2 Why do we process your personal data?

Our top priority is the security of Customer data and, as such, we may only process minimal user data, only to the extent absolutely necessary to maintain the LEGAPASS website and application in accordance with the principle of data minimization. Information may be collected automatically during use of the site or its dedicated application. This statistical information is not otherwise aggregated to identify a particular user of the system when this is not necessary.

You can visit the website without telling us who you are, or revealing any information by which anyone could identify you as a specific, identifiable individual. However, if you wish to use certain features of the website or the application, or if you subscribe to a membership, you must provide us with personal data, such as your e-mail address, first name, last name, place of birth, telephone number and possibly your nationality, country of birth.

You can choose not to provide us with your personal data, but you will not be able to take advantage of the website and app features.

3 For what purposes and on what legal basis do we process your personal data?

LEGAPASS uses your personal data for the sole purpose of fulfilling specific objectives. The table below lists the purposes for which LEGAPASS uses your personal data and the legal basis for each purpose.



To manage the contractual relationship between LEGAPASS and the user.

The contract that you have with LEGAPASS materialized by the GTC/CGV.

Ensure the execution of the services offered.

The contract you have with LEGAPASS.

To facilitate communication with the user (including in case of emergency, and to provide you with requested information).

Justified on the basis of our legitimate interests in ensuring proper communication and handling of emergency situations within the organization.

The contract.

To operate and manage our business operations as part of the service offering to our customers, their employees/service providers and their customers, for example by collecting their data for surveys, data analysis, marketing research or other purposes.

Justified on the basis of our legitimate interests to ensure the proper functioning of our business activities.

Ensure compliance with legal requirements.

Necessary to ensure compliance with a legal obligation to which we are subject.

Monitor the use of our systems (this includes monitoring the use of our website and the applications and tools you use).

Justified on the basis of our legitimate interests, to avoid non-compliance and to protect our reputation.

Social media monitoring (identifying and evaluating what's being said about LEGAPASS and our customers on social media (only publicly accessible content) to understand the feelings, intent, mood and market trends and needs of our stakeholders and thus improve our services. To do this, we conduct keyword searches. Our aim is to obtain information on conversation trends over a given period, not to identify a specific person. To this end, we analyze and monitor conversation flows and monitor opinions, statements or other interactions publicly available on social networks).

Justified on the basis of our legitimate interest in protecting our assets and brand on social networks but also justified by the need for accurate information for better decision making.

To improve the security and operation of our website, networks and information.

Justified on the basis of our legitimate interests to ensure the best service to our users.

Conduct data analysis, i.e., apply analytical processing on business operations and data to describe, predict and improve business performance.

Justified on the basis of our legitimate interests in ensuring the proper functioning of our business operations and the optimal management of our resources.

Promote our products and services.

Justified on the basis of our legitimate interests in conducting and developing our business.

II - What are your rights regarding the processing of your personal data?

If you are a European resident, you have the following rights related to your personal data:

  • The right to be informed.
  • The right of access.
  • The right of rectification.
  • The right to erasure.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object.
  • Rights related to automated decision making and profiling.


If you wish to exercise any of these rights, please contact us at dpo@legapass.com.

With regard to the personal data registered as LEGAPASS secret, all rights are reserved to the user, so their exercise is subject to the conditions of service freely consented by the latter.

In addition, if you are a European resident, please note that we process your information in order to perform the contracts we have with you (for example, if you place an order through the Site), or otherwise to pursue our legitimate business interests listed above.

1.do we include links to third party websites and programs?

Our website may contain links to other websites that are not owned or controlled by us. We are not responsible for these other websites or the privacy practices of third parties.

We encourage you to be aware when you leave our website or app and to read the privacy statements of each website that may collect personal information.

2 - What are our information security practices?

We secure the information you provide on computer servers in a controlled and secure environment, protected from unauthorized access, use or disclosure. We maintain reasonable administrative, technical and physical safeguards to protect against unauthorized access, use, modification and disclosure of personal data in its control and custody.

However, no data transmission over the Internet or a wireless network can be perpetually guaranteed. We therefore invite you to be vigilant in your use of computer tools and networks and to be aware of the risks inherent in their operation and use.

3 - May we disclose your data? :

We will disclose any information we collect, use or receive only if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we have a good faith belief that disclosure is necessary to protect our rights, your safety or the safety of others, investigate fraud or respond to a government request.

However, the data recorded as part of LEGAPASS Secrets may not be transferred in any form whatsoever to third parties, and only the user, the legatees, heirs, assigns or beneficiaries designated by the user may, after authentication, have access to the secrets at the end of the restitution procedure under bailiff's supervision.

Only in the extreme case of a government request will LEGAPASS be able to transfer the secrets in encrypted form to the authorities. Since we do not have the means to decrypt them, your data will remain secure.

4 Where will your personal data be processed?

All personal data that LEGAPASS collects and processes are kept on French territory. In the event that LEGAPASS' activities are extended to the European Union or beyond, you will be informed and your consent will be sought again in accordance with the European legislation in force.

5 - How long will we keep your personal data?

We will only retain your personal data for as long as is strictly necessary. We have specific policies and procedures for managing and retaining records, so that personal data will be deleted after a reasonable period of time according to the following retention criteria:

We will retain your data for as long as we have an ongoing relationship with you (in particular, if you have an account with us).

We will only retain your data for as long as your account is active or as long as necessary to provide services to you.

We will retain your data for as long as is necessary to comply with all our legal and contractual obligations.

III - What other uses are there for your personal data?

1 How do we use cookies and other tracking technologies?

Please see our Cookie Usage Policy for more details including information about your choices regarding advertising cookies, social media cookies and access to our cookie consent manager.

2.changes and contact information :

This data protection policy may be modified at any time in accordance with the evolution of the regulations in force or in accordance with the evolution of our services. If this is the case, updates will be made and we invite you to consult this section regularly. You may receive an email to inform you of any changes.

If you would like to contact us to understand more about this policy or if you would like to contact us with any questions about your individual rights and your personal information, you can contact us via the email address : dpo@legapass.com.

The value of your digital assets is inestimable. 💎