Privacy Policy

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: Email address, password (hashed and encrypted), name, and professional credentials
• Watch List Data: Names, locations, dates of birth, and other identifying information of individuals you wish to monitor
• Professional Information: Firm name, case numbers, client references, and matter numbers (for Professional tier users)
• Payment Information: Billing details processed securely by Stripe (we do not store full credit card numbers)
• Team Member Data: Email addresses and access permissions for team members you invite
• Communications: Messages you send through support tickets, chat, or email
• Phone Number: If you opt in to SMS notifications (used solely for match alerts)

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, timestamps, and interaction patterns
• Device Information: Browser type, operating system, and device identifiers
• Log Data: IP addresses, access times, and referring URLs
• Audit Logs: Actions taken within your account for compliance and security purposes

1.3 Obituary Data

We collect and process publicly available obituary information from 2,500+ sources. This data includes names, locations, dates, and funeral home information from published obituary notices. We do not collect private death records or access protected government databases.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our obituary monitoring services
• Match watch list entries against publicly available obituary notices
• Send you email and/or SMS alerts when we find potential matches
• Generate PDF audit logs, certificates, and compliance documentation
• Process transactions and manage your subscription
• Respond to your comments, questions, and support requests
• Send technical notices, security alerts, and service updates
• Analyze usage patterns to improve our algorithms and user experience
• Detect, prevent, and address technical issues and fraudulent activity
• Comply with legal obligations and enforce our terms

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and UK, we process personal data under the following legal bases:

• Contract Performance: Processing necessary to provide our services to you
• Legitimate Interests: Improving our services, fraud prevention, and security
• Consent: Where you have given explicit consent (e.g., marketing communications)
• Legal Obligations: Compliance with applicable laws and regulations

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

• With Your Consent: When you explicitly authorize us to share information
• Service Providers: With vendors who assist in our operations (payment processing, email delivery, cloud hosting) under strict confidentiality agreements
• Team Members: With team members you authorize within your organization (Professional tier)
• Legal Compliance: When required by law, subpoena, or court order
• Protection of Rights: To protect our rights, property, or safety, or that of our users
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)

4.1 Third-Party Services

We use the following third-party services that may process your data:

• Stripe: Payment processing (Stripe Privacy Policy)
• Twilio: SMS notifications (Twilio Privacy Policy)
• Postmark: Email delivery
• Netlify: Hosting infrastructure
• Neon: Database hosting (encrypted at rest and in transit)

5. Data Security

We implement industry-standard security measures to protect your personal information:

• TLS/SSL encryption for all data in transit
• AES-256 encryption for data at rest
• Secure password hashing using bcrypt
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements
• Automatic session timeouts and secure cookie handling

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will notify you of any breach affecting your data as required by law.

6. Data Retention

• Account Data: Retained while your account is active and for 30 days after deletion request
• Watch List Data: Retained while watches are active; archived data retained for 1 year for compliance purposes
• Match History: Retained for the duration of your subscription plus 2 years for audit trail purposes
• Audit Logs: Retained for 7 years to support legal and compliance requirements
• Payment Records: Retained as required by financial regulations (typically 7 years)

7. Your Rights and Choices

7.1 All Users

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Export: Download your data in a portable format (CSV/JSON)
• Opt-Out: Unsubscribe from marketing communications at any time
• SMS Opt-Out: Reply STOP to any SMS message to unsubscribe

7.2 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected and how it's used
• Right to delete personal information (subject to certain exceptions)
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@obituarymonitor.com.

7.3 EEA/UK Residents (GDPR)

In addition to the rights above, you may also:

• Object to processing based on legitimate interests
• Request restriction of processing
• Withdraw consent at any time (where processing is based on consent)
• Lodge a complaint with a supervisory authority

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Maintain your session and authentication state
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Understand how you use our service (anonymized)

We do not use third-party advertising or tracking cookies. You can control cookies through your browser settings, though disabling essential cookies may affect service functionality.

9. Children's Privacy

Our service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete such information from our systems.

10. International Data Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required, to protect your data in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page, updating the "Last updated" date, and sending an email notification to active account holders. Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: