Privacy Policy

• Organizer information. The email address and honoree/occasion details an organizer provides to create a collection.
• Contributor submissions. The name, optional relationship, memory text, and email address each contributor voluntarily submits to a collection. We collect the contributor’s email address to enforce one memory per person and to support removal requests; it is not used for marketing. A memory may itself contain personal data about the honoree and other people; contributors should submit only what they are comfortable sharing for the tribute.
• Payment information. Processed securely by Paddle, our merchant of record. We do not receive or store your full payment credentials.
• Consent records. When a contributor confirms the consent notice, we record proof of consent — a timestamp and the version of the consent text shown. Where an organizer waives the EU/UK 14-day withdrawal right at checkout, we similarly record that acknowledgement.
• Technical information. Standard server logs (browser type, timestamps) collected by our hosting provider, and your IP address, which we process transiently to apply rate limiting and to prevent abuse of the Service.

The table below summarizes the personal data we process for the collaborative-collection service, the basis on which we process it, and how long we keep it.

• Paddle — merchant of record; handles all payment processing.
• Anthropic — provides the Claude AI model used to generate the tribute. When a tribute is generated, the included memories (which may contain personal data about the honoree and others) are transmitted to Anthropic’s API to produce the combined tribute. We do not use this content, and do not permit it to be used, to train or improve AI models.
• ElevenLabs — provides the text-to-speech model used to produce the optional spoken (audio) version of your finished piece. When you request the audio, the generated text is transmitted to ElevenLabs’ API to synthesize the narration. We do not use this content, and do not permit it to be used, to train or improve AI models. The audio is stored with your collection and deleted on the same schedule.
• Neon — managed Postgres database where collection submissions are stored, encrypted at rest.
• Upstash — Redis cache used for rate limiting and abuse prevention.
• Resend — transactional email delivery (magic links, reminders, deliverables).
• Vercel — web application hosting.
• Google LLC — Google Analytics (to understand how the Service is used) and Google Ads (to measure the effectiveness of our advertising). These set analytics and advertising cookies, which load only after you accept them via our consent banner (see “Cookies & Analytics” below).
• Microsoft Corporation — Microsoft Clarity, a product-analytics tool that records aggregate usage and interaction data to help us improve the Service. Clarity loads only after you accept analytics cookies via our consent banner.

We use a small number of analytics and advertising cookies to understand how the Service is used and to measure our advertising. We do not load these cookies, and Google Analytics, Google Ads, and Microsoft Clarity do not run, until you accept them. When you first visit, a consent banner lets you accept or decline; your choice is remembered on your device and you can change it by clearing your browser storage.

For visitors in the EU, EEA, and UK, we implement Google Consent Mode v2: analytics and advertising storage, ad user-data, and ad personalization all default to denied until you grant consent, so no analytics or advertising cookies are set unless you accept. Strictly necessary functionality (such as processing your payment and operating your collection) does not depend on these cookies.

This “Cookies & Analytics” section is provisional interim copy added to reflect our current analytics and advertising tooling and is PENDING formal review by a licensed attorney (LC-03).

Unlike a single-session tool, a collaborative collection necessarily stores submissions for a period of time so that multiple contributors can add memories before the tribute is created. Contributor names, memories, and email addresses are stored encrypted at rest (AES-256-GCM) in a managed Postgres database. Each contributor’s email address is additionally stored as a keyed (HMAC) hash so we can enforce one memory per person and locate a submission if removal is requested, without exposing the address.

Retention is enforced automatically by a daily process:

• After a tribute is generated, the collection and all of its data — including contributor names, memories, and email addresses — are automatically deleted approximately thirty (30) days later.
• Abandoned collections (created but never finalized) are automatically deleted when their time-to-live expires.
• Unpaid collections with a deadline are deleted at the deadline if no payment has been made.

Deletion is carried out by an automated process, cascades to all contributions in the collection, and is irreversible — deleted content cannot be recovered. If a collection has a deadline and has been paid for, the tribute may be generated automatically at the deadline from the memories then collected, and the collection’s data then follows the ~30-day post-generation retention above. Payment records held by Paddle are retained by Paddle under its own schedules; consent and withdrawal-waiver records are kept for a limited period to document consent.

We do not sell or share your personal information. Subject to applicable law, you may request access to, correction of, or deletion of your personal information.

Organizers can delete an entire collection, which removes all contributions within it.

Contributors. There is not yet a self-serve option for an individual contributor to delete only their own memory. If you are a contributor and want your memory removed, email us at [email protected] and we will locate your submission (using the keyed hash of your email) and remove it. Note that once a tribute has been generated, your memory may already be woven into the combined text.

Please also be aware that, for a collection with a deadline, your memory may be automatically included in the generated tribute at the deadline, or, if the collection is not paid for, the entire collection and your memory may be automatically deleted at the deadline, as described in Section 5.

For any privacy inquiry, including a request to delete a collection or remove a contribution, contact us at [email protected].

If you are located in the EU, EEA, or UK, our legal bases for processing are: performance of a contract (Article 6(1)(b)) for organizer data needed to provide the Service; consent (Article 6(1)(a)) for contributor submissions, which a contributor records by confirming the consent notice and may withdraw at any time by contacting us; and our legitimate interests (Article 6(1)(f)) in securing the Service and preventing abuse, for transient processing of IP addresses. Withdrawing consent does not affect processing carried out before withdrawal.

You have the rights of access, rectification, erasure, restriction, objection, and data portability. To exercise any of these, contact us at the address above; we will respond within 30 days. The keyed-hash of a contributor’s email lets us locate and erase a specific contribution on request.