1. Introduction and Commitment to Privacy

Obitley ("we," "us," "our," or "Company") is deeply committed to protecting your privacy and ensuring transparency about how we collect, use, disclose, and safeguard your personal information. This Privacy Policy explains our data practices regarding the Obitley platform, including our website, mobile applications, and services.

Please read this Privacy Policy carefully. By accessing or using Obitley, you acknowledge that you have read and understood this policy. If you do not agree with our data practices, please do not use our services.

This Privacy Policy applies to all users, including individual memorial creators and business users (funeral homes and service providers).

2. Information We Collect

Information You Provide Directly

Account Registration Data

  • Name, email address, phone number
  • Physical mailing address
  • Password and account credentials
  • Account type (individual or business)
  • For business users: company name, business type, service offerings

Memorial Content

  • Obituaries and biographical information
  • Photos, videos, and audio tributes
  • Written tributes, memories, and stories
  • Service information and event details
  • Metadata associated with uploaded files (dates, locations, etc.)

Payment Information

  • Payment card details and billing address
  • Transaction history
  • Subscription and purchase records

Note: Payment processing is handled by third-party payment providers. Obitley does not directly store full credit card numbers.

Communication Data

  • Support requests and inquiries
  • Feedback, comments, and suggestions
  • Email and message content
  • Correspondence with our support team

Information Automatically Collected

Usage and Log Data

  • IP address and device identifiers
  • Browser type and version
  • Operating system and device information
  • Pages visited and time spent on each page
  • Referring website URLs
  • Search queries and interaction patterns
  • Error messages and system activity

Cookies and Tracking Technologies

  • Session cookies (temporary, deleted when browser closes)
  • Persistent cookies (remain until expiration or deletion)
  • Web beacons and similar tracking technologies
  • Analytics data (via Google Analytics or similar services)

Information from Third Parties

  • Data from payment processors
  • Information from business partners and service providers
  • Public records (for business user verification)
  • Social media data (if you choose to link your account)

3. How We Use Your Information

Obitley uses collected information for the following lawful purposes:

Service Provision and Improvement

  • Create and manage your account
  • Provide, maintain, and improve Obitley services
  • Personalize your experience
  • Process memorial creation and sharing
  • Handle technical support and troubleshooting

Communication

  • Send transactional emails (account confirmations, password resets)
  • Respond to your inquiries and support requests
  • Notify you of account activity and changes
  • Send marketing communications (with your consent)
  • Provide service announcements and updates

Payment Processing

  • Process premium feature purchases and subscriptions
  • Manage billing and account statements
  • Prevent fraud and ensure compliance

Security and Compliance

  • Detect and prevent fraud, abuse, and unauthorized access
  • Enforce Terms of Service and other agreements
  • Comply with legal obligations and court orders
  • Protect the rights, property, and safety of Obitley, users, and the public

Analytics and Improvement

  • Analyze usage patterns and user behavior
  • Generate aggregate statistics
  • Improve platform functionality and user experience
  • Conduct research and development

Marketing and Business Development

  • Send promotional materials and marketing communications (with opt-out available)
  • Conduct surveys and gather feedback
  • Develop new features and services

Legal Basis: Our use of your information is based on: (a) performance of contracts with you, (b) your consent, (c) our legitimate interests, and (d) compliance with legal obligations.

4. Information Sharing and Disclosure

When We Share Your Information

Service Providers

We share personal data with trusted third-party service providers who assist us in operating our platform, including:

  • Payment processors and financial institutions
  • Cloud hosting and storage providers
  • Analytics services
  • Email and communication platforms
  • Customer support and helpdesk software
  • Legal and accounting professionals

Business Partners

With your consent, we may share information with business partners for enhanced service delivery or promotional purposes.

Legal Requirements

We may disclose information when required by law or in response to:

  • Court orders and legal process
  • Government requests and investigations
  • Regulatory inquiries
  • Protection of legal rights or public safety

Business Transactions

In the event of merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice of any such changes.

Your Consent

We may share information with third parties with your explicit consent or at your direction.

What We Do NOT Share

  • We do not sell your personal information to third parties for marketing purposes
  • We do not share information with advertisers or data brokers
  • We do not use memorial content for commercial purposes without consent

5. Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights:

Rights Under GDPR (EU/EEA Residents)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal obligations
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Opt-out of certain data processing
  • Right to Withdraw Consent: Withdraw consent at any time

Rights Under CCPA (California Residents)

  • Right to Know: Request what personal information is collected and used
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of "sale" of personal information
  • Right to Non-Discrimination: Protection from discriminatory treatment
  • Right to Correct: Request correction of inaccurate data

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to verified requests within 30-45 days (or as required by applicable law). We may require verification of your identity before processing requests.

6. Data Retention

Retention Periods

Obitley retains personal data for the duration necessary to:

  • Provide and maintain services
  • Comply with legal, tax, and accounting obligations
  • Resolve disputes and enforce agreements
  • Preserve memorials for future generations

Specific Retention Timelines

Data Type Retention Period Reason
Account Information Duration of account + 12 months Account administration and compliance
Memorial Content Indefinitely (or until deletion requested) Preservation and memorialization
Payment Records 7 years Tax and accounting requirements
Log Data 12 months Security and analytics
Cookie Data As per cookie settings User experience and analytics

Deletion After Account Termination

Upon account deletion request, non-blockchain content is retained for 90 days before permanent deletion. Blockchain-archived content will remain permanent and immutable.

7. Data Security

Security Measures

Obitley implements comprehensive technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction, including:

  • SSL/TLS encryption for data in transit
  • AES-256 encryption for data at rest
  • Secure authentication protocols (passwords, multi-factor authentication)
  • Regular security audits and penetration testing
  • Firewalls and intrusion detection systems
  • Access controls and role-based permissions
  • Regular software updates and security patches
  • Employee training and security awareness programs
  • Data backup and disaster recovery procedures

Security Limitations

No system is 100% secure. While we use industry-standard protections, we cannot guarantee absolute security. Transmission of data over the internet carries inherent risks. You use our services at your own risk.

Data Breach Notification

In the event of a confirmed data breach, we will notify affected users as quickly as possible, in accordance with applicable legal requirements (typically within 30-72 hours). Notification will include information about the breach, affected data, and recommended protective measures.

8. Children's Privacy

Obitley is not intended for children under 13 years of age (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13.

If we become aware that a child under 13 has provided personal information, we will:

  • Immediately remove such information from our systems
  • Notify the parent or guardian
  • Comply with applicable laws regarding children's privacy

If you believe we have collected information from a child under 13, please contact us immediately at privacy@obitley.com.

9. International Data Transfers

Global Operations

Obitley operates as a global platform. Your personal information may be transferred to, stored in, and processed in countries other than your country of residence, including countries outside the European Economic Area or other regions with strict data protection laws.

Data Transfer Safeguards

When transferring data internationally, we implement appropriate protections:

  • Transfers to countries recognized by your local authority as having adequate data protection
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules (BCRs) where applicable
  • Data Processing Agreements with service providers
  • Your explicit consent for transfer to less protected jurisdictions

Consent for International Transfer

By using Obitley, you consent to the transfer of your information to countries outside your country of residence and acknowledge that data protection laws may vary.

Residents of the EEA, UK, or other jurisdictions with specific data protection rights should refer to Section 5 for your applicable rights.

10. Cookies and Tracking Technologies

Types of Cookies Used

  • Essential Cookies: Required for platform functionality, login, security
  • Performance Cookies: Analytics and usage monitoring (Google Analytics)
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Track interactions for advertising purposes (optional)

Your Cookie Choices

  • Accept or decline cookies through our cookie consent banner
  • Configure cookie preferences in your browser settings
  • Opt-out of analytics and marketing cookies
  • Delete cookies at any time through your browser

Note: Disabling essential cookies may limit platform functionality.

Third-Party Cookies

We use third-party services (Google Analytics, payment processors) that set their own cookies. These third parties have their own privacy policies independent of Obitley.

11. Third-Party Links and Services

Obitley may contain links to external websites, social media platforms, and third-party services. We are not responsible for the privacy practices of external sites.

Before providing personal information to third-party sites, review their privacy policies. This Privacy Policy applies only to information collected by Obitley.

12. Marketing Communications and Opt-Out

Marketing Emails

If you opt-in to marketing communications, we may send you:

  • Product updates and new features
  • Promotional offers and discounts
  • Newsletters and tips
  • Surveys and feedback requests

How to Opt-Out

  • Click "Unsubscribe" in the footer of any marketing email
  • Update your communication preferences in your account settings
  • Contact us at privacy@obitley.com

Note: You will continue to receive transactional emails (account confirmations, password resets) even if you opt out of marketing communications.

13. Changes to This Privacy Policy

Obitley may update this Privacy Policy periodically to reflect changes in our practices, technology, laws, or other factors. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending email notification for significant changes

Your continued use of Obitley after policy changes constitutes your acceptance of the updated terms. We encourage you to review this policy regularly.

14. Data Protection Officer and Compliance

GDPR Compliance

For users in the European Economic Area, Obitley appoints a Data Protection Officer (DPO) to oversee GDPR compliance. [If applicable: DPO contact information]

Data Protection Impact Assessment

Obitley conducts Data Protection Impact Assessments (DPIAs) for high-risk processing activities.

15. Contact Us Regarding Privacy

If you have questions about this Privacy Policy or our data practices, please contact us:

Obitley Privacy Team

Email: privacy@obitley.com

Mailing Address: PO Box 25094, Farmington, NY 14425

Contact Form: https://obitley.com/contact

Data Protection Authority

EU/EEA residents have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

16. Additional Resources