Privacy policy

Privacy Policy

Last updated: February 19, 2026

EverSealed ("we", "us", “our”) operates this store and website, including all related information, content, features, tools, products, and services (the “Services”), to provide you with a curated shopping and subscription experience. Shopify powers EverSealed, allowing us to deliver the Services to you.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you visit, use, or make a purchase or other transaction through the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

By using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Personal Information We Collect

“Personal information” means data that identifies, relates to, describes, or can reasonably be linked to you or another individual. It excludes information that has been anonymised or de-identified so that it cannot reasonably be linked to an individual.

Depending on how you interact with the services, we may collect or process the following categories of personal information:

Customer contact details: name, email address, phone number, billing address, and shipping address.
Order and transaction details: products purchased, order history, subscription status, payment confirmations, refunds/returns/fees (where applicable).
Account and service records: reference number assigned to stored items, service notes related to storage, replacement requests, cancellation requests, and delivery instructions.
Verification contact information (1–5 individuals): names, email addresses, phone numbers, and relationship to the customer (provided by the customer).
Recipient information: recipient name, postal address, email address, phone number, and delivery instructions (provided by the customer).
Communications: information you provide when you contact us (e.g., customer support emails).
Device and usage data: IP address, browser type, device identifiers, cookie data, and information about how you interact with the Services.

Important: We do not open sealed letters. We do not review or process the contents of sealed letters. We treat any personal data you voluntarily include inside a letter as sealed content and do not access it unless legally required.

2. Sources of Personal Information

Directly from you: when you purchase, subscribe, complete forms, or contact support.
Automatically: through your use of the Services (cookies and similar technologies).
We receive information from service providers like Shopify, payment processors, shipping providers, and other vendors who support our operations.
We obtain this information from third parties, including verification contacts or recipients who communicate with us, such as to provide death verification documentation.

3. How We Use Personal Information

We use personal information for the following purposes:

To provide the Services: process purchases, manage subscriptions, send order updates, provide customer support, and administer storage services.
To operate the storage and release process: assign and manage reference numbers, maintain secure storage records, and manage requests for replacement or return of stored items.
To verify death prior to release: contact nominated verification contacts (1–5) and request/receive documentation to confirm death before releasing any stored item.
The team is also responsible for arranging secure delivery, dispatching kits, and, if necessary, sending stored items to their recipients using secure tracking methods.
To improve and protect the services: security monitoring, fraud prevention, troubleshooting, analytics, and service improvements.
Marketing (if allowed): send marketing communications if you opted in; you can opt out anytime.
Legal compliance: comply with applicable law, respond to lawful requests, and enforce our policies.
Order integrity and recipient protection:
To protect the accuracy, integrity, and confidentiality of recipient and verification contact information, EverSealed supports one product per order. This safeguard ensures that recipient and authorisation details remain correctly and securely associated with the intended EverSealed item, and it also prevents any risk of data misassignment or cross-association between multiple products. Customers may place additional orders separately without any shipping cost disadvantage.

4. Legal Bases for Processing (UK GDPR)

Where UK GDPR applies, we rely on the following legal bases:

Contract: to provide the services you request (kit purchase, subscription storage, return/replacement requests, delivery).
Legitimate interests: to secure our services, prevent fraud, maintain records, and operate the verification and release process responsibly.
Consent: where required (for example, certain marketing communications and cookie preferences).
Legal obligation: processing is necessary to comply with the law.

5. Death Verification Documentation

We will not release any stored letter(s) or memory box without reasonable verification of death. Nominated contacts or authorised parties may provide us with verification documentation via email.

Documents we may accept include (non-exhaustive list):

Death Certificate (UK or non-UK)
Medical Certificate of Cause of Death
Hospital confirmation letter
GP confirmation letter
Funeral director confirmation
Probate documentation / Letters of Administration
Other official government or court documentation confirming death

We may request additional documentation if needed to prevent fraudulent release and to protect customers and recipients.

6. How We Disclose Personal Information

We may share personal information with:

Shopify: to host the store and provide core e-commerce functionality.
Service providers: payment processors, IT/hosting tools, customer support tools, and shipping/courier providers.
Verification and delivery parties are involved only as necessary to confirm eligibility for release and to deliver stored items, such as when a courier requires recipient details.
Legal and compliance: if required by law, court order, or to protect rights and safety, we will take appropriate action.
Business transactions: in connection with a merger, acquisition, restructuring, or sale (with appropriate safeguards).

7. Shopify and International Transfers

The service is hosted on Shopify. Personal information submitted through the Services may be processed by Shopify and relevant vendors, which may involve transfers to countries outside the UK.

Where required, we rely on appropriate safeguards for international transfers, such as the UK International Data Transfer Addendum, standard contractual clauses, or other recognised transfer mechanisms.

8. Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve services, remember preferences, and support analytics. You can manage cookie preferences through your browser settings and, where available, our cookie banner/preferences tool.

9. Data Security

We implement organisational and technical measures designed to protect personal information. However, no method of transmission or storage is completely secure. Please do not send highly sensitive information through unsecured channels.

10. Data Retention

We retain personal information only for as long as necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

Active subscription: we retain customer/service records while the subscription remains active to provide ongoing storage and service administration.
If we cancel the subscription, we may keep relevant records for up to 24 months for administrative, legal, and security purposes.
Verification and delivery attempts: if a release cannot be completed and no authorised party can be reached, we may retain records for up to 24 months from the last meaningful contact attempt to support reasonable efforts and fraud prevention.

If reasonable attempts fail to deliver stored physical items, we may proceed with secure confidential destruction, as per our terms and service policies.

11. Your Rights

Depending on your location and applicable law (including UK GDPR), you may have rights such as

Access to your personal information
Correction of inaccurate information
Deletion (subject to legal and contractual limits)
Restriction or objection to certain processing
Data portability (where applicable)
Withdrawal of consent (where processing is based on consent)

To exercise your rights, contact us using the details below. We may need to verify your identity before responding.

12. Children's Data

The Services are not intended for children, and we do not knowingly collect personal information from children under the age of majority. If you believe a child has provided personal information, please contact us.