Privacy Policy

1. Who we are

Memory in Grace is operated by Fabian Lindner, Saturnweg 26, 22391 Hamburg, Germany. Contact: info@memoryingrace.com.

2. What we collect and why

2.1 Information you provide directly

When you order or contact us, we collect what you give us:

• Name and email address — to deliver your purchase and answer your questions.
• Done-for-you briefing data (photo, names, dates, biography) — to design your custom funeral program. This data is treated with strict confidentiality and never shared.

Legal basis: contract performance (Art. 6(1)(b) GDPR) and your consent (Art. 6(1)(a) GDPR).

2.2 Information collected automatically

• Server logs — IP address, browser type, page accessed, timestamp. Stored by Vercel (our hosting provider) for security and abuse prevention. Logs are auto-deleted after a few weeks.
• Vercel Web Analytics — aggregated, cookie-less, privacy-first analytics. No personal identifiers, no tracking across sites. See Vercel's privacy details.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR) — operating and securing our service.

2.3 Payment information

When you purchase a template or our done-for-you service, payment is processed by Paddle.com Market Limited (Merchant of Record). Paddle handles your card, billing address, and tax information. We never see or store your full card number.

Paddle's privacy policy: paddle.com/legal/privacy.

2.4 Email delivery

Transactional emails (order confirmations, briefing receipts) are sent via Resend. Resend processes your email address to deliver our messages.

Resend's privacy policy: resend.com/legal/privacy-policy.

3. Cookies

We use only strictly-necessary cookies set by Paddle during checkout (session and fraud-prevention). No advertising cookies, no tracking cookies, no analytics cookies. Our cookie notice on first visit reflects this.

4. How long we keep your data

• Order data: 10 years (legal retention requirement under German tax law / HGB §257)
• Done-for-you briefing data: 6 months after order completion, then deleted on request
• Email correspondence: as long as necessary to handle your inquiry, then archived for 3 years

5. Your rights (GDPR)

If you are in the EU, you have the right to:

• Access the personal data we hold about you (Art. 15)
• Correct inaccurate data (Art. 16)
• Have your data deleted (Art. 17), subject to legal retention requirements
• Restrict processing (Art. 18)
• Receive your data in a portable format (Art. 20)
• Object to processing based on legitimate interest (Art. 21)
• Withdraw consent at any time (Art. 7(3))
• Lodge a complaint with a supervisory authority (Art. 77) — for us, the Hamburgischer Beauftragte für Datenschutz und Informationsfreiheit

To exercise any right, email info@memoryingrace.com. We respond within 30 days.

6. Your rights (CCPA — California residents)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, disclose, and sell (we do not sell your data)
• Request deletion of your personal information
• Opt-out of the sale of personal information (not applicable — we never sell data)
• Non-discrimination for exercising these rights

To exercise any right, email info@memoryingrace.com.

7. Data transfers

Your data may be processed by service providers located in the EU and the United States (specifically Vercel, Paddle, Resend). Where data is transferred to the US, this is done under the EU-US Data Privacy Framework and/or the standard contractual clauses adopted by the European Commission, ensuring an adequate level of protection.

8. Children

Our service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has submitted information to us, please contact us so we can delete it.

9. Changes to this policy

We may update this policy from time to time. The current version is always at this URL with the date below.

Last updated: 2026-05-09