NYLK
About Services Pricing Stories Resources FAQ Client login Start your Directive

Privacy policy

How we handle your personal information

NYLK exists to protect what matters. That starts with how we treat your information — in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Introduction

NYLK Pty Ltd (ABN 22 686 426 308) ("NYLK", "we", "us") is committed to protecting your privacy. This policy explains how we collect, use, disclose and manage personal information. If you do not agree with these practices, please do not use our services.

The map, not the keys. NYLK does not collect or store your account passwords, private keys or recovery phrases — for any of your accounts. Your Digital Directive records what exists and what you want done. You may choose to record your phone PIN; that choice is yours, and anything you record is encrypted.

What we collect

  • Account information — name, email, phone, postal address, date of birth (if provided), and your NYLK portal sign-in details (stored securely).
  • Payment information — card and bank details and transaction history, processed by secure third-party payment providers.
  • Digital estate information — your inventory of accounts and assets, documents and files you choose to store, your wishes and instructions. Not your passwords.
  • Nominee information — names, contact details and relationships of executors, legacy contacts and beneficiaries, collected with your consent.
  • Communications — correspondence, feedback and support interactions.
  • Technical information — IP address, browser and device data, pages visited, and cookie data (see our Cookie Policy); general location from IP only.

How we collect it

Directly from you (registration, building your Directive, uploads, contact); automatically via cookies and similar technologies on our website; from payment and identity-verification providers; and from representatives acting for you — your solicitor, adviser or nominated contacts.

Why we collect and use it

  • Providing services — delivering digital estate management, secure storage and account management.
  • Verification — confirming your identity, and the identity and authority of executors, before any release.
  • Billing — payments, invoicing, subscriptions and recovery of amounts owed.
  • Communication — service updates, support, and marketing with your consent.
  • Legal compliance, security and improvement — meeting legal obligations; preventing fraud and unauthorised access; improving services using de-identified data.

When we disclose it

  • Service providers — hosting, payments and email providers bound by confidentiality and privacy obligations (see our Data Processing Agreement standard).
  • Your nominees — your executor and legacy contacts, per your instructions, through verified executor release only.
  • Legal — where required by law, court order or regulator, or to enforce our agreements.
  • Business transfer — if NYLK merges or is acquired, with protections carried across.
  • With your consent — any other disclosure you expressly authorise.

We never sell, trade or rent your personal information.

Where your data lives (APP 8)

Your Digital Directive and estate data are hosted in Australia. Some supporting providers — such as email delivery, analytics and payment processing — may process limited personal information overseas (currently the United States, European Union and Singapore). Before any overseas disclosure we take reasonable steps to ensure the recipient protects your information to a standard consistent with the APPs, including encrypted transfer and signed data-processing agreements. Privacy laws overseas may differ from Australian law.

How we protect it

  • Encryption of data in transit and at rest.
  • Role-based, least-privilege access with multi-factor authentication.
  • Logged, reviewable access and release events.
  • Mandatory staff privacy and security training.
  • Documented incident-response procedures.

No internet system is absolutely secure; we work to a high standard but cannot guarantee security against every threat.

Notifiable data breaches

If an eligible data breach is likely to result in serious harm, we notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme (Part IIIC, Privacy Act 1988).

Access, correction and deletion

You may request access to the personal information we hold about you, correction of anything inaccurate or out of date, and deletion (subject to legal retention). Write to our Privacy Officer (details below). We acknowledge requests within 5 business days and respond within 30 days; if we refuse, we give written reasons and complaint options. You can also update your details anytime in your portal.

Retention

  • Account information — while your account is active, then 7 years for accounting and legal purposes.
  • Digital estate information — while your subscription is active. After termination it is retained for 90 days (export available on request), then permanently destroyed.
  • Payment records — 5 years (ATO requirements).
  • Support communications — 2 years after last interaction.
  • Technical data — de-identified or deleted after 12 months.

Cookies, links and children

Our website uses essential, analytics and marketing cookies — see the NYLK Cookie Policy for controls. Links to third-party sites are governed by their own policies. Our services are for adults: we do not knowingly collect information from anyone under 18, and will delete it if we become aware.

Australian Privacy Principles

In summary: we manage personal information openly (APP 1); collect only what we need, directly from you where practicable (APPs 3–5); use and disclose it only for the purposes collected or as you'd reasonably expect (APP 6); protect cross-border disclosures (APP 8); secure it against misuse and loss (APP 11); give you access and correction rights (APP 12); and handle complaints properly (APP 13).

Complaints

Contact our Privacy Officer first — we investigate and respond within 30 days. You may also complain to the OAIC: oaic.gov.au · 1300 363 992 · [email protected].

Changes and contact

We may update this policy; material changes are posted with a new effective date, and continued use is acceptance.

Privacy Officer, NYLK Pty Ltd · [email protected] (attention: Privacy Officer) · 1300 NYLKAU (1300 695 528) · nylk.com.au · Melbourne, Victoria.

NYLK · Based out of Melbourne · ABN 22 686 426 308
nylk.com.au · Privacy Policy v1.3
NYLK
Digital Estate Management
Your Legacy. Poured Forward.
Australia's dedicated digital-legacy service. The missing piece of a modern estate plan.

Explore

About NYLK Our services Pricing Client stories FAQ Contact us

Resources

The Legacy Library Lockout Calculator For professional partners The Handover bulletin

Get started

Start your Directive Book a discovery call Client login Executor access 1300 NYLKAU [email protected]
© NYLK · Melbourne, Victoria · ABN 22 686 426 308 Privacy · Terms · Refunds · Your Legacy. Poured Forward.