Privacy Policy
At Historias Infinitas we know the information you entrust to us is as intimate as the memories you seek to preserve. This policy explains who receives it, for what purpose, what rights you have over it, and how to exercise them — in accordance with the California Consumer Privacy Act (CCPA/CPRA), the EU General Data Protection Regulation (GDPR) for our European visitors, and Mexico's Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) where applicable.
1. Data controller
Historias Infinitas ("Historias Infinitas", "we", "us"), with legal name [LEGAL NAME, LLC / INC.] and registered address at [FULL ADDRESS], is the data controller.
Privacy contact: privacy@historias-infinitas.com
2. Data we collect
- Identification & contact data: name, email, phone and — for the Eternal plan — shipping address.
- Data about the deceased or pet being honored: name, dates of birth and passing, biography, epitaph, photographs and videos you voluntarily upload.
- Billing data: strictly what's needed for the receipt. Card details are processed directly by Stripe Inc. — we never store them.
- Browsing data: IP address, browser type, pages visited, time on page — via first-party and third-party cookies.
3. Purposes of processing
Primary (necessary to deliver the service)
- Create and maintain your account.
- Host the digital memorial, generate its unique URL, QR code and AI portrait.
- Process payments and issue receipts.
- For the Eternal plan, produce and ship the stainless steel plate.
- Support and respond to your requests.
- Legal, tax and accounting compliance.
Secondary (require consent)
- News and feature updates.
- Quality and improvement surveys via aggregated analysis.
4. Your rights
Depending on your jurisdiction, you have the right to:
- Access the data we hold about you.
- Rectify inaccurate data.
- Delete your data (right to erasure / "right to be forgotten").
- Object to specific processing.
- Data portability: receive your data in a machine-readable format.
- Opt out of sale of personal information (we don't sell, but we confirm).
- Non-discrimination for exercising these rights.
To exercise them, email privacy@historias-infinitas.com with your full name, the right you want to exercise, and a copy of a valid ID (destroyed after verification). We respond within 30 days (GDPR) / 45 days (CCPA).
5. Data transfers & processors
We share data only with these technical processors to deliver the service:
- Stripe Inc. (US) — payment processing. PCI-DSS Level 1.
- Supabase Inc. (US) — database and media hosting.
- Replicate, Inc. (US) — AI portrait generation (Flux Kontext).
- Resend (US) — transactional email.
- Vercel Inc. (US) — application hosting.
- Competent authorities when required by law.
We do not sell, rent or trade your personal information.
6. Security & retention
We implement reasonable administrative, technical and physical safeguards — TLS encryption in transit, encryption at rest, role-based access control and audit logs. We retain your data while your account is active plus a reasonable period to comply with tax obligations (typically 5–7 years in the US).
7. Cookies
We use strictly necessary cookies (session, preferences) and aggregate analytics. You can disable cookies from your browser — some features may be affected.
8. Children
Our service is not directed to children under 13 (COPPA) / 16 (GDPR). We do not knowingly collect data from minors.
9. Changes
This policy may be updated to reflect legal or operational changes. We'll publish any modifications here and update the date at the top. Material changes are notified by email at least 30 days in advance.
By registering or using our service, you acknowledge you've read and accepted this Privacy Policy.