1. Data controller
Evermissed acts as data controller for account and platform data. For privacy requests, contact privacy@evermissed.com.
2. Data we collect
- Account data: email, display name, auth identifiers, and account role.
- Memorial data: names, dates, story content, media, tags, visibility settings, moderation metadata.
- Transaction data: order references, plan purchases, billing metadata provided by payment processors.
- Technical/security data: IP address, request logs, device/browser information, abuse-prevention signals.
3. Legal bases (GDPR)
- Contract: to provide account, memorial, and paid service functionality.
- Legitimate interests: service security, abuse prevention, moderation, and product reliability.
- Legal obligation: tax/accounting compliance and lawful authority requests.
- Consent: where required by law (for example, optional communications or cookie categories where applicable).
4. How we use personal data
We use personal data to operate memorial pages, process payments, provide support, enforce safety rules, investigate abuse, and maintain platform performance. We do not sell personal data.
5. Sharing and processors
We share data only with trusted processors needed to run the service (for example hosting, database/auth, email delivery, analytics, and payment providers), under contractual confidentiality and data protection obligations.
6. International transfers
When data is transferred outside your jurisdiction, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms required by applicable law.
7. Retention
We retain data only as long as necessary for service delivery, dispute resolution, legal compliance, fraud prevention, and legitimate business records. You may request deletion, subject to legal retention requirements.
8. Your rights
- Access, correct, or delete your personal data.
- Object to or restrict specific processing activities.
- Data portability where legally applicable.
- Withdraw consent at any time where processing is consent-based.
- File a complaint with your local data protection authority.
8a. Account deletion requests
You can submit a deletion request directly from your account at /account/delete. We review and process requests according to legal obligations and retention requirements.
8b. California residents (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), may provide additional rights regarding personal information we collect.
- Right to know: You may request the categories and specific pieces of personal information we have collected, the categories of sources, and the business or commercial purposes for collection.
- Right to delete: You may request deletion of personal information we hold, subject to legal exceptions (for example records we must retain for security, legal compliance, or transaction completion).
- Right to correct: You may request correction of inaccurate personal information, where applicable.
- Right to opt out of sale or sharing: We do not sell personal information. We do not use or disclose sensitive personal information for purposes that require an opt-out under applicable California law beyond what is necessary to provide the service.
- Non-discrimination: We will not discriminate against you for exercising these rights.
To submit a request, contact us at privacy@evermissed.com or use account deletion where applicable. We may verify your identity before fulfilling a request. You may designate an authorized agent to make a request on your behalf where permitted by law; we may require proof of authorization.
9. Memorial content and moderation
Memorial content may include sensitive personal information. We provide reporting/moderation flows to reduce abuse, remove unlawful content, and protect families and visitors.
10. Contact
For privacy requests or data rights inquiries, contact privacy@evermissed.com.
Last updated: March 2026.