Privacy Policy

Who We Are

Eternity is operated by Eternity, based in Europe. Entity registration is in progress. We are the data controller for the personal data processed through the Eternity platform.

Contact us about privacy:
Email: marko@eternity.family
The founder acts as Eternity's privacy contact. At our current scale, a formal Data Protection Officer appointment is not required under GDPR Article 37. We will reassess this as Eternity grows.

What Data We Collect

Data You Provide Directly

Account information. When you create an Eternity account, we collect your first name, last name, email address, and date of birth. Your date of birth is used solely to verify you meet our minimum age requirement (13 years old) and is not shared with other users unless you choose to display it.

Family tree information. You and your family members create entries ("stars") in your family constellation. Each star may include a name, date of birth, date of death (if applicable), a profile photo, a short biography, and relationship connections to other family members. Some of this information may relate to people who don't have Eternity accounts — for example, deceased relatives or young children added by their parents.

Uploaded media. Photos, videos, and voice recordings you upload to preserve family memories. This is the heart of what Eternity stores for you.

Descriptions and annotations. Text you attach to media — captions, stories, context about who's in a photo or when it was taken.

Tags and mentions. When you tag family members in photos or other content, we store those associations.

Data We Collect Automatically

Device and usage data. When you use Eternity, we collect basic technical information needed to make the app work: device type, operating system version, app version, language preference, and general usage patterns. We use Umami, a self-hosted, privacy-first analytics tool that does not track you across websites, does not use cookies, and does not collect personally identifiable information. We do not use Google Analytics.

Photo metadata (EXIF data). When you upload photos, those files often contain embedded metadata including the date the photo was taken, GPS coordinates, and camera settings. We extract this metadata client-side (on your device) to help organize your memories chronologically and by location. GPS coordinates are stored separately from the photo file so you can review and remove location data from any upload without affecting the original image.

Log data. Our servers automatically record information when you access the service, including your IP address, request timestamps, and referring URLs. This data is retained for security and debugging purposes and deleted after 90 days.

Data We Receive from Third Parties

Sign in with Apple. If you sign in using Apple, we receive your name and an email address (which may be Apple's private relay address). We use this solely to create and authenticate your account.

Apple (and Stripe, planned). If you subscribe to Cosmos or purchase For Eternity, Apple processes your App Store payment. We receive confirmation of your subscription status, the plan you're on, and a transaction identifier. We never see or store your credit card number, bank details, or other financial account information.

Other family members. When a family member adds you to their constellation, uploads a photo of you, or tags you in content, they are providing your personal data to Eternity. We treat this data with the same care as data you provide directly.

Why We Process Your Data (Legal Basis)

Under GDPR, we need a legal reason for every type of data processing. Here's ours:

Performance of a contract (Article 6(1)(b) GDPR). Processing your account information, family tree data, subscription details, and your own media uploads is necessary to provide you with the Eternity service. Uploading and preserving family memories is the core purpose of the service you signed up for — it's not an optional extra, it's the product itself.

Consent (Article 6(1)(a) GDPR). We rely on your explicit consent for specific, optional processing activities: uploading photos or recordings that depict people who are not Eternity members, retaining GPS location data extracted from photo metadata, and enabling the public constellation view at eternity.family/[family-name]. You can withdraw consent for any of these at any time without affecting your ability to use Eternity's core features.

Legitimate interest (Article 6(1)(f) GDPR). We rely on legitimate interest for account security, service improvement (aggregated, anonymized usage analytics), and sending you essential service communications. Our legitimate interest does not override your privacy — we never use your data for advertising or sell it to third parties.

Legal obligation (Article 6(1)(c) GDPR). We are legally required to scan uploaded images for child sexual abuse material (CSAM) and to report any detected material to the appropriate authorities. We are also required to respond to valid law enforcement requests and to maintain certain records for tax and business compliance.

How We Use Your Data

We use your personal data for the following purposes and no others:

Providing the Eternity service. Storing and displaying your family constellation, media, and memories to authorized family members. Sending notifications when family members add new content. Processing subscription payments.

Safety and security. Detecting and preventing unauthorized access to your account. Monitoring for abuse and terms of service violations. We plan to implement automated CSAM scanning using industry-standard detection technology.

Service communications. Sending you essential emails about your account (password resets, security alerts, subscription confirmations). These are not marketing emails — they're essential service communications.

Analytics. Understanding how families use Eternity in aggregate. We use Umami (self-hosted) for this purpose. It doesn't use cookies, doesn't track individuals, and doesn't share data with third parties. We cannot identify you from our analytics data.

We do not and will never use your data for advertising. We do not show ads. We do not build advertising profiles. We do not sell, rent, or trade your personal data with any third party for their marketing purposes. This is a permanent commitment, not a temporary policy.

CSAM Scanning Disclosure

Eternity is committed to implementing automated CSAM (child sexual abuse material) scanning using industry-standard hash-matching technology. When active, this scanning will check uploaded images against databases of known CSAM, be performed automatically on every image upload, not involve human review of your photos unless a match is detected, and not be possible to opt out of.

If a match is detected, Eternity is legally obligated to report the material to the relevant authority (such as NCMEC in the United States, or the relevant national authority in the EU) and to preserve relevant evidence. The associated account will be suspended pending investigation.

Protecting children is non-negotiable.

How We Store and Protect Your Data

Encryption

All your data is encrypted both in transit (TLS 1.3 for all connections between your device and our servers) and at rest (AES-256 encryption for all stored files). Your photos, videos, and personal information are protected whether they're being transmitted or sitting on a server.

Where Your Data Lives

• Supabase — Database hosting and file storage for account information, family tree structures, metadata, and all uploaded media (photos, videos, voice recordings). Hosted in the EU (Frankfurt) region.
• Apple — Payment processing for App Store subscriptions. Apple processes payment data under their own privacy policy.
• Stripe (planned) — Payment processing for web subscriptions. US-based with EU data processing infrastructure and Standard Contractual Clauses for data transfers.

Cross-Border Data Transfers

Eternity is designed for families that span countries. Our infrastructure is primarily based in the European Union. Where data is processed outside the EU/EEA (for example, by Stripe's US-based systems for payment processing), we ensure adequate protection through the EU-US Data Privacy Framework (DPF), an adequacy decision adopted by the European Commission in July 2023. Our US-based processors are DPF-certified. As a supplementary safeguard, we also maintain Standard Contractual Clauses (SCCs) with these processors.

Access Controls

Your family's content is accessible only to members of your family tree. We enforce this through row-level database security, encrypted authentication tokens, and role-based access controls. Eternity employees do not access your content unless required to respond to a support request you've initiated, investigate a CSAM detection alert, comply with a valid legal order, or debug a specific technical issue you've reported. Any employee access is logged and audited.

Data Retention

While Your Account Is Active

We retain all your data for as long as your account exists. That's the point — Eternity is designed for long-term memory preservation.

After Account Deletion

• Your account data (name, email, login credentials) is deleted within 30 days.
• Content you uploaded that isn't shared is deleted within 30 days.
• Content you uploaded that appears in others' memories — see the "Shared Content" section below.
• Backup copies of deleted data may persist in encrypted backups for up to 90 days, after which they are purged.
• Anonymized, aggregated analytics data (which cannot identify you) may be retained indefinitely.
• Legal hold data — if we are required by law to preserve certain data, that data will be retained as required and deleted when the legal obligation ends.

Inactive Accounts

If your account shows no login activity for 24 consecutive months, we will send email reminders at 24 months and 25 months. If there is no response, we may archive (not delete) your content after 26 months. Archived content can be restored by logging in again. We will not delete inactive accounts without advance notice.

What Happens If Eternity Shuts Down

If Eternity ceases operations, we commit to providing a minimum of 90 days' notice via email to all registered users, keeping the data export feature functional during the entire notice period, and not selling, transferring, or otherwise sharing your personal data as part of any wind-down. After the notice period, all user data will be securely deleted.

Shared Content and Deletion

Family memories are inherently shared. A photo from a family gathering might include five people, uploaded by one, tagged with three, and treasured by all. This creates genuine tension between one person's right to have their image removed and the family's desire to preserve a memory.

Content You Uploaded

You can delete any content you uploaded at any time. If that content is tagged with other family members, they will be notified before deletion and given the opportunity to save a copy to their own device.

Your Image in Others' Content

If you appear in a photo or video uploaded by someone else, you can request that your likeness be removed. We offer these options in order of preference:

1. Face blur — your face is blurred in the photo while preserving the rest of the image for the family.
2. Archive — the photo is removed from the active timeline but preserved in a restricted archive accessible only to the tree admin.
3. Full deletion — the photo is deleted entirely. This is a last resort because it affects everyone in the photo.

When you submit a removal request, we notify the content uploader and the family tree admin. If no resolution is reached within 30 days, we default to face blur as a proportionate response that respects both your privacy rights and the family's interest in preserving memories.

Children's Data

You must be at least 13 years old to create an Eternity account. We verify this through a date of birth field during registration. If we discover that a user is under 13, we will deactivate their account and delete their data promptly.

Parents and guardians can add children under 13 as "stars" in the family constellation. This data is provided and managed entirely by the child's parent or legal guardian, visible only to members of the family tree (not publicly), and can be edited or removed by the parent or family admin at any time.

We do not collect data directly from children under 13. We do not allow children under 13 to interact with the app independently. Users aged 13 to 17 can create their own accounts and use Eternity's features.

Your Rights

If you're in the European Union, United Kingdom, or EEA, you have the following rights under GDPR. We extend these rights to all users regardless of location:

• Right to access (Article 15) — You can request a copy of all personal data we hold about you. We'll provide it within 30 days in a structured, machine-readable format.
• Right to rectification (Article 16) — If any of your personal data is inaccurate or incomplete, you can correct it directly in the app, or contact us.
• Right to erasure (Article 17) — You can request deletion of your personal data. See the "Shared Content and Deletion" section above for how this works with family content.
• Right to restrict processing (Article 18) — You can ask us to temporarily stop processing your data while you contest its accuracy or object to our processing.
• Right to data portability (Article 20) — You can export all your data in a standard format. Eternity provides a built-in export feature that generates a ZIP file containing your media files, family tree structure, profile information, and metadata.
• Right to object (Article 21) — You can object to our processing of your data based on legitimate interest.
• Right to withdraw consent — Where we rely on consent, you can withdraw it at any time.
• Right to lodge a complaint — You have the right to lodge a complaint with your local data protection authority.

You can exercise most of these rights directly in the app (account settings, data export, content deletion). For formal requests, email marko@eternity.family. We respond within 30 days. We do not charge a fee for exercising your rights, except in cases of manifestly unfounded or excessive requests.

Third-Party Processors

We share your data only with the following processors, and only as necessary to provide the Eternity service:

We do not share your data with advertisers, data brokers, social media platforms, or any party not listed above. We will update this table if we add new processors and notify you of material changes.

Cookies and Tracking

Eternity uses minimal cookies and local storage, limited to what's technically necessary:

Authentication cookies/tokens. To keep you logged in. These are essential — the app doesn't work without them.

Preference storage. Your theme choice, language setting, and notification preferences. Stored locally on your device.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Our analytics tool (Umami) doesn't use cookies at all.

Data Breach Notification

If we experience a data breach that poses a risk to your rights and freedoms, we will notify the relevant data protection authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33), notify affected users without undue delay if the breach poses a high risk (GDPR Article 34), and provide clear information about what happened, what data was affected, what we're doing about it, and what you can do to protect yourself.

Changes to This Policy

We'll update this policy when we make material changes to our data practices. When we do, we will email all registered users at least 30 days before the changes take effect, display a prominent notice in the app, and describe what changed and why in plain language.

We will never make changes that reduce your privacy protections and apply them retroactively to data collected under a previous version of this policy.

Contact Us

For privacy questions, data subject requests, or concerns:

Email: marko@eternity.family
Response time: Within 30 days for formal requests, typically much faster for general questions.

This privacy policy applies to the Eternity iOS app, the Eternity web application at eternity.family, and all related services.