MyWishes places the utmost importance on the security of our servers, our application and user data. We use a variety of different tools, services, protocols and procedures to ensure that the security is robust. If however you have any questions, feedback or concerns about the security of MyWishes please do Contact us directly.

We have listed non-sensitive information about how we protect MyWishes below.

SSL (Secure Sockets Layer) provides a secure channel between two machines or devices operating over the internet or an internal network. One common example is when SSL is used to secure communication between a web browser and a web server. This turns a website's address from HTTP to HTTPS, the ‘S’ standing for ‘secure’.


Every part of MyWishes is SSL encrypted and has HTTPS protection. You may want to visit Google’s
Check if a site's connection is secure resource for more information.

Amazon S3 is designed for 99.9% of durability, and stores data for millions of applications for companies all around the world.


MyWishes saves user data in Amazon Web Services (AWS). AWS is entrusted by the NHS with 40 million UK patient records. We do not store user / patient data on their own physical servers. Instead of MyWishes looking after user data on our own physical servers we instead entrust Amazon Web Services with this important task. AWS protect data held with them in a number of ways including Advanced Encryption Standard 256 (AES-256).

We back up data on a daily basis. Once backed up this is saved across multiple secure locations.

All data uploaded by MyWishes users is encrypted to a very high standard. We use a number of different methods and protocols to encrypt the data held.

We use a number of third party social media sites and marketing tools. These tools allow us to engage with members of our community and those with an interest in MyWishes. Each service (for example Facebook, Google etc) use Cookies and have their own Terms Of Service.

All MyWishes team members who have access to user data are trained in handling and managing personal data. They are aware that they are personally accountable for either deliberate or avoidable breeches of user data.


Team members at MyWishes who work in the community and do not have access to user data are aware that any information provided orally or via electronic methods is confidential. They are aware that they are also accountable and liable for either deliberate or avoidable breaches of user data.

We have a Personal Data Breach Register. We log any attempted attacks or data breaches on the register should they take place. If a severe attack takes place we will highlight the details to the regulator and take appropriate action no longer than 72 hours after identifying the issue.

The person in charge of the Personal Data Breach Register is the allocated Data Protection Officer. They are also responsible for overseeing and advising MyWishes about compliance with UK, EU and GDPR requirements.

We will not process or share any user data beyond the legitimate purpose for which that data was collected. MyWishes allows users to share their data with friends, family, professional organisations and the general public. If a user decides share their information away from MyWishes to a third party their data will be processed in accordance with their own Terms Of Service.

If a user wishes to revoke consent to MyWishes they can do so by signing in, going into the My Profile section and clicking on ‘Delete My Account’.


Once deleted MyWishes will not retain an ongoing record of their data. Within two months all records of the user and their account will not be held by MyWishes.

The minimum age for using MyWishes is 18. Certain documents created using MyWishes may not be legally binding for those under the age of 18

Data Protection Impact Assessments are a great way for organisations who process personal data to better understand any risks involved with handling and processing the data. We developed MyWishes with security and data protection as a core consideration.


MyWishes has an an ever evolving DPIA. This document reviews our internal processes, documents any relevant changes, evaluates risks and explains how security procedures and processes have been addressed and improved. We review our DPIA each time relevant updates and alterations are made to MyWishes.

If you have any questions, feedback or concerns about the security of MyWishes please Contact us directly.