How we treat your data

EverAlive acts as the data controller for personal data collected through its website. To exercise any right, write to :email.

Account: name, email, hashed password, preferred language.

Content you publish: photos, texts, biographies, messages, memories, deceased person data (name, dates, etc.).

Technical data: IP address, browser and device type, pages visited. Used exclusively for diagnostics, security, and service improvement.

Cookies: we use essential cookies to maintain your session, remember your language preference and visual theme (light/dark). No advertising tracking cookies.

Operate and maintain the service (create memorials, display content, manage permissions).

Communicate with you when strictly necessary: email confirmation, password recovery, collaboration invitations, activity notifications for memorials you follow, and ownership transfers.

Security: detect and prevent abuse, fraud, or malicious use.

Improve the service based on aggregated and anonymous metrics.

We do not sell or rent your personal data to third parties.

We share strictly necessary data with providers that deliver technical services: Hostinger (web hosting), Resend (email delivery). These providers act as processors under our responsibility.

We may share data when required by a competent judicial or administrative authority.

Account data is kept while the account is active.

Published content (memorials, memories, photos) is kept indefinitely unless the owner requests deletion.

If you delete your account, associated personal data is removed within 30 days at most, unless a legal obligation requires retention.

Content marked as hidden (moderation) is kept for up to 12 months before final deletion, in case we need to restore it or clarify a dispute.

Access: request a copy of the personal data we hold about you.

Rectification: correct inaccurate or incomplete data.

Deletion: request the erasure of your data (unless a legal obligation requires retention).

Portability: receive your data in structured, machine-readable format.

Objection: object to certain processing on legitimate grounds.

Restriction: ask us to temporarily limit processing.

To exercise any right, write to :email clearly stating your request. We will respond within 30 days at most.

We apply reasonable technical and organisational measures to protect your data: encryption in transit (HTTPS), hashed passwords, two-factor authentication for administrators, regular backups, access auditing.

No system is 100% secure. In case of a security breach that may affect you, we will notify you without undue delay.

Memorials contain personal data of deceased persons. This data is not personal data within the meaning of the GDPR (which protects living persons), but we treat it with the same respect and confidentiality.

If you are a direct relative of a deceased person whose memorial exists on EverAlive and wish to modify or remove it, write to :email indicating the relationship and providing documentation. See takedown policy.

EverAlive is not directed to persons under 18. We do not knowingly collect data from minors. If you become aware that a minor has created an account without consent, write to :email to have it removed.

We may update this policy. If there are substantial changes affecting your rights, we will notify you by email. The last updated date appears at the top of this document.