EternaFlow (“we”, “us”) provides software for funeral homes, families and end-of-life service coordination. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and the choices you have. It is written to comply with applicable laws including the EU GDPR, the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and to meet the disclosure requirements of advertising platforms including Meta (Facebook & Instagram), Google and TikTok.
1. Who we are & how to contact us
EternaFlow is the data controller of the information described here. Contact: privacy@eternaflow.app.
2. Information we collect
- Account data — name, email, phone, password hash, profile photo, language preference, role (staff or family).
- Authentication data — when you sign in with Google we receive your name, email, Google account ID and profile picture so we can create your account.
- Case data you enter — decedent name, dates, services selected, documents uploaded, family contacts.
- Billing data — handled by our payments processor; we store only plan, status and the last four digits of the card.
- Usage data — pages viewed, features used, device, browser, IP address, approximate location, referrer.
- Marketing data — clicks on ads we run on Meta, Google or other ad networks, and conversion events sent back to those platforms.
3. How we use information
- To deliver and operate the service (contractual necessity).
- To create and secure your account, including Google single sign-on.
- To process payments and prevent fraud.
- To send transactional email (receipts, password resets, case notifications).
- To measure and improve features, including with privacy-respecting analytics.
- To advertise EternaFlow, including with Meta Pixel / Conversions API, Google Ads tags and similar tools. We never use sensitive end-of-life details for ad targeting.
4. Legal bases (GDPR)
We rely on: contract (delivering the service you signed up for), legitimate interests (security, product improvement, basic analytics), consent (advertising cookies and similar trackers — see our Cookie Policy), and legal obligation (tax, accounting, responding to lawful requests).
5. Sharing
We share data with vetted processors only:
- Cloud hosting and database (Lovable Cloud / Supabase).
- Payments (Stripe).
- Email delivery (transactional providers).
- Analytics and advertising platforms (Meta, Google) — only the data needed for measurement and ad delivery, and only where you have consented to such cookies.
We do not sell personal information. We do not share health, religion or grief-related details with advertisers.
6. Advertising & Meta Platforms disclosure
If we send conversion events to Meta (e.g. account signup, subscription) we use Meta's Conversions API with hashed identifiers. You can opt out of personalized advertising in your Meta account settings, and via the cookie banner on this site. We honor the Limited Data Use flag for residents of jurisdictions where it is required.
7. International transfers
Personal data may be processed in the United States and the European Union. Where required, we rely on EU Standard Contractual Clauses (and the UK Addendum) for transfers outside the EEA/UK.
8. Retention
Account data: kept for as long as your account is active, then deleted within 30 days of deletion request. Case and billing records may be retained longer where law requires (typically up to 7 years for financial records).
9. Your rights
Depending on where you live you may have the right to access, correct, delete, port, or object to processing of your personal data; to restrict processing; to withdraw consent; and to lodge a complaint with a supervisory authority. Submit requests at privacy@eternaflow.app, or delete your account immediately from Dashboard → Settings → Delete account. See also our Data Deletion Instructions.
10. Security
Encryption in transit (TLS), encryption at rest, row-level security on all user data, scoped access tokens, and least-privilege server roles. No system is perfectly secure; if we learn of a breach affecting your data we will notify you and regulators as required by law.
11. Children
EternaFlow is not directed to children under 16. We do not knowingly collect data from children.
12. Changes
We will post material changes here and, where required, notify you by email.