Privacy Policy
Last updated: June 17, 2026
1. Data We Collect
We collect information you provide directly, including your name, email address, phone number, billing information, and any content you upload to the Service — videos, photos, written stories, biographies, family tree data, and messages. We also automatically collect technical data such as IP address, browser type, device information, operating system, and usage patterns through cookies and similar technologies.
2. How We Use Your Data
We use your data to provide and improve the Service, process payments, deliver messages and notifications, generate biographies from your content, personalize your experience, provide customer support, and comply with legal obligations. We do not sell your personal data, and we do not use it to serve third-party advertising. We may use anonymized, aggregated data for analytics and service improvement.
3. Where Your Data Is Stored
Your account data and structured records are stored in our managed database provider, Supabase. Uploaded media (videos and photos) is stored in Amazon Web Services (AWS) S3. Data is encrypted in transit using TLS and at rest using AES-256. Our infrastructure is hosted in the United States.
4. Third-Party Services We Share Data With
We share the minimum data necessary with trusted service providers who help us operate the Service. These providers are contractually bound to protect your data and may use it only to provide services to us:
- Stripe — payment processing and subscription billing (receives billing and payment information).
- Twilio — SMS and phone-based notifications and verification (receives phone numbers and message content needed to deliver SMS).
- Firebase Cloud Messaging (Google) — push notifications to your devices (receives device push tokens).
- HeyGen — generation of automated talking-memorial videos from content you explicitly submit for that feature (receives the photos/audio you choose to use).
- Amazon Web Services (AWS) — cloud storage and delivery of your media.
- Supabase — database, authentication, and realtime services.
We may also disclose data when required by law, to protect our rights or the safety of others, or in connection with a merger or acquisition. We will never share your User Content with third parties for their own marketing purposes.
5. Cookies
We use cookies and similar technologies to maintain your session, remember your preferences, analyze usage, and improve the Service. You can manage cookie preferences through your browser settings. For details, see our Cookie Policy. Essential cookies are required for the Service to function and cannot be disabled.
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure: Request deletion of your personal data (“right to be forgotten”).
- Right to Portability: Receive your data in a structured, machine-readable format.
- Right to Restrict Processing: Limit how we process your data.
- Right to Object: Object to processing based on legitimate interests or direct marketing.
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
California Residents (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise any of these rights, contact us at privacy@yourpersonalstories.com.
7. Children’s Privacy
The Service is not directed to children under 13. Accounts for users between 13 and 18 require verifiable parental or guardian consent through our Family Plan, and a parent or guardian controls the minor’s account settings and communication permissions. We do not knowingly collect personal data from children under 13 without such consent; if we learn we have, we will delete it.
8. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., billing records). User Content in memorial pages shared with others may be retained according to those recipients’ preferences and your executor instructions.
9. Security
We implement industry-standard security measures, including AES-256 encryption at rest, TLS encryption in transit, row-level access controls, regular security review, and monitoring. While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We encourage you to use a strong, unique password.
10. International Transfers
If you are located outside the United States, your data may be transferred to and processed in the United States. We rely on appropriate safeguards, including Standard Contractual Clauses where applicable, to protect your data during international transfers.
11. Contact
For privacy inquiries, data access requests, or to exercise your rights, contact our Data Protection Officer at privacy@yourpersonalstories.com or visit our Contact page. See also our Terms of Service.