How we comply with data protection laws
How we protect your data
ObituaryMonitor has not undergone a SOC 2 audit. The security certifications listed in the Infrastructure Partners section below are held by our vendors, not by ObituaryMonitor directly. We implement security controls aligned with industry best practices.
AES-256 encryption for all stored data
TLS 1.3 for all connections
bcrypt hashing with high work factor
Role-based permissions (RBAC)
Comprehensive activity tracking
HTTP-only cookies, auto-timeout
Third-party certifications (held by vendors)
| Vendor | Service | Certification | Notes |
|---|---|---|---|
| Netlify | Application Hosting | SOC 2 Type II | Edge hosting with automatic DDoS protection |
| Neon | Database | SOC 2 Type II | PostgreSQL with encryption at rest |
| Stripe | Payment Processing | PCI DSS Level 1 | We never store credit card data |
| Twilio | SMS Notifications | SOC 2 Type II | Secure message delivery |
| Postmark | Email Delivery | SOC 2 Type II | DKIM/SPF authenticated email |
* These certifications are held by the respective vendors, not by ObituaryMonitor.
How long we keep your data
| Data Type | Retention Period |
|---|---|
| Account Data | Active account + 30 days after deletion |
| Watch List Data | Active + 1 year archived |
| Match History | Subscription + 2 years |
| Audit Logs | 7 years (legal compliance) |
| Payment Records | 7 years (financial regulations) |
| Security Logs | 90 days |
Request compliance documents for your review
Standard contractual clauses for data processing. Required for GDPR compliance.
Request Document →For HIPAA-covered entities handling protected health information.
Request Document →Comprehensive overview of our security architecture and practices.
Download PDF →Complete list of third-party vendors who process customer data.
Request Document →We can complete CAIQ, SIG, or custom security questionnaires.
Request Document →Our team is ready to help with DPAs, BAAs, security questionnaires, and any other compliance documentation your organization requires.