Privacy Policy

Last Updated: January 14, 2025

1. Introduction

Welcome to Treeof.me ("we," "our," or "us"). We are committed to protecting your privacy and the sensitive personal memories you entrust to our digital legacy platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

Treeof.me is a digital memory preservation service that allows users to create comprehensive digital legacies by uploading text, images, audio, video, and other personal content to be shared with trusted loved ones after death.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you register and use our services:

  • Account Information: Email address, password, full name, phone number
  • Identity Verification: Information used to verify your identity during registration
  • Contact Details: Emergency contacts and key holder information
  • Payment Information: Billing details for premium account upgrades (processed securely through third-party payment providers)

2.2 Digital Legacy Content

The core purpose of our service is to store your personal memories and life stories, including:

  • Text Content: Life stories, eulogies, personal messages, responses to questionnaires
  • Images: Photographs, documents, scanned materials
  • Audio Files: Voice recordings, music, audio messages
  • Video Files: Personal videos, recorded messages, family moments
  • Timeline Messages: WhatsApp-style messages and media shared through our platform
  • Relationship Information: Details about family members, friends, and trusted key holders

2.3 Technical Information

  • Usage Data: How you interact with our platform, features used, time spent
  • Device Information: Browser type, operating system, IP address
  • Cookies: Small files stored on your device to improve your experience (see our Cookie Policy)
  • Security Logs: Access attempts, login times, and security-related events

3. How We Use Your Information

3.1 Primary Service Delivery

  • Store and organize your digital legacy content securely
  • Facilitate the creation of eulogies and memorial content
  • Enable trusted key holders to access your content when appropriate
  • Process death verification requests and manage access transitions
  • Send verification codes and important service notifications

3.2 Account Management

  • Create and manage your user account
  • Authenticate your identity and prevent unauthorized access
  • Process account upgrades and billing
  • Provide customer support and technical assistance

3.3 Communication

  • Send important service updates and security notifications
  • Facilitate WhatsApp verification processes for death notifications
  • Contact key holders when appropriate access conditions are met
  • Provide customer support responses

3.4 Security and Legal Compliance

  • Monitor for suspicious activity and prevent fraud
  • Comply with legal obligations and law enforcement requests
  • Protect the rights and safety of our users
  • Maintain audit logs for security and compliance purposes

4. Legal Basis for Processing (GDPR)

Under the EU General Data Protection Regulation (GDPR), we process your personal data based on:

  • Contractual Necessity: To provide our digital legacy services as agreed in our Terms of Service
  • Legitimate Interests: To maintain security, prevent fraud, and improve our services
  • Legal Obligation: To comply with applicable laws and regulations
  • Consent: For marketing communications and optional analytics (where you have explicitly consented)

5. Data Sharing and Disclosure

5.1 Key Holders and Designated Recipients

The primary purpose of our service is to share your digital legacy content with trusted individuals after your death. We will share your content with designated key holders only:

  • After a verified death notification process
  • Following our established verification procedures
  • In accordance with the access permissions you have set

5.2 Service Providers

We may share limited data with trusted third-party service providers who assist us in delivering our services:

  • Cloud Storage Providers: For secure data storage and backup
  • Email Service Providers: For sending verification emails and notifications
  • SMS/WhatsApp Providers: For verification and notification services
  • Payment Processors: For handling premium account payments
  • Security Services: For fraud prevention and security monitoring

5.3 Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

  • Comply with legal processes, court orders, or government requests
  • Protect our rights, property, or safety, or that of our users
  • Investigate potential violations of our Terms of Service
  • Prevent fraud or other illegal activities

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

6. Data Security

We implement comprehensive security measures to protect your sensitive personal content:

6.1 Technical Safeguards

  • Encryption: Data encrypted both in transit (TLS/SSL) and at rest
  • Access Controls: Multi-factor authentication and role-based access
  • Secure Infrastructure: Regular security audits and monitoring
  • Data Backup: Regular encrypted backups stored in secure locations

6.2 Organizational Safeguards

  • Background checks for employees with data access
  • Regular security training and awareness programs
  • Incident response procedures and breach notification protocols
  • Limited access on a need-to-know basis

6.3 File Upload Security

  • Virus and malware scanning of uploaded content
  • File type validation and size limitations
  • Secure file storage outside publicly accessible directories
  • Regular integrity checks of stored media files

7. Data Retention

7.1 Digital Legacy Content

Your digital legacy content (text, images, audio, video) is retained indefinitely as this is the core purpose of our service - to preserve your memories for future access by designated key holders.

7.2 Account Information

We retain your account information for as long as your account is active and for a reasonable period afterward to fulfill our legal obligations and resolve disputes.

7.3 Technical Data

  • Security Logs: Retained for 2 years for security and audit purposes
  • Verification Codes: Automatically deleted after 15 minutes or upon successful verification
  • Backup Data: Retained for 90 days in secure backup systems

7.4 Account Deletion

If you request account deletion during your lifetime, we will:

  • Remove all personal information and digital legacy content
  • Notify designated key holders of the account closure
  • Retain only essential information required for legal compliance
  • Complete deletion within 30 days of verification

8. Your Rights

Under applicable data protection laws, including GDPR, you have the following rights:

8.1 Access and Portability

  • Right of Access: Request copies of your personal data
  • Data Portability: Receive your data in a structured, machine-readable format
  • Account Dashboard: View and manage your data through your account settings

8.2 Correction and Deletion

  • Right to Rectification: Correct inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal data (with limitations for our legitimate purposes)
  • Right to Restrict Processing: Limit how we process your data in certain circumstances

8.3 Consent and Objection

  • Withdraw Consent: For processing based on consent (e.g., marketing communications)
  • Object to Processing: Object to processing based on legitimate interests
  • Opt-out: Unsubscribe from non-essential communications

8.4 Exercising Your Rights

To exercise any of these rights, contact us at privacy@treeof.me. We will respond within 30 days and may require identity verification.

9. International Data Transfers

Your data may be processed and stored in countries outside your residence. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) for transfers outside the EU
  • Adequacy decisions for transfers to approved countries
  • Additional security measures for sensitive personal content
  • Regular monitoring of international data transfer compliance

10. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Parents or guardians may create accounts to preserve family memories, but the account holder must be at least 16 years old.

11. Cookies and Tracking

We use cookies and similar technologies to improve your experience on our website:

11.1 Essential Cookies

Required for basic website functionality, including:

  • User authentication and session management
  • Security and fraud prevention
  • Load balancing and performance optimization

11.2 Analytics Cookies

With your consent, we use analytics cookies to:

  • Understand how users interact with our website
  • Improve our services and user experience
  • Generate anonymous usage statistics

11.3 Cookie Management

You can manage your cookie preferences through:

  • Our cookie consent banner (appears on first visit)
  • Your browser settings
  • Contacting us directly for assistance

12. Third-Party Services

12.1 WhatsApp Integration

We use WhatsApp Business API for death verification notifications. WhatsApp's privacy policy applies to these interactions. We only send notifications as part of our verification process and do not store WhatsApp conversation data.

12.2 Payment Processors

Premium account payments are processed by third-party payment providers. We do not store full credit card information on our servers. Payment processors have their own privacy policies and security measures.

12.3 Cloud Storage

Your digital legacy content may be stored using reputable cloud storage providers with appropriate data processing agreements and security certifications.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will:

  • Notify you of significant changes via email or through our platform
  • Update the "Last Updated" date at the top of this policy
  • Provide at least 30 days' notice for material changes
  • Archive previous versions for your reference

Your continued use of our services after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Information

Data Controller

Treeof.me
2 Imp Chez Cottier
Vouleme, Vienne 86400
France

Privacy Contact

Email: privacy@treeof.me
General Contact: info@treeof.me

Data Protection Rights

For questions about your privacy rights or to exercise any of the rights described in this policy, please contact our privacy team at privacy@treeof.me.

Supervisory Authority

If you are in the EU and have concerns about how we handle your personal data, you may contact your local data protection authority or the French data protection authority (CNIL).

← Back to Home