Privacy Policy

1. Introduction

All Funeral Services LLC (“Company,” “we,” “our,” “us”) provides digital subscription services through the Tending mobile application (the “App”) and the tending.app website (the “Site,” and together with the App, the “Services”). This Privacy Policy explains how we collect, use, disclose, transfer, and safeguard information globally.

We process personal data in accordance with applicable laws, including the General Data Protection Regulation (EU) 2016/679 (GDPR) and UK GDPR, the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), Canada’s PIPEDA, Brazil’s LGPD, and the laws of the State of New York and other jurisdictions where required.

By accessing or using the Services, you acknowledge this Policy. If you do not agree, please do not use the Services.

2. Key Definitions

Personal Data / Personal Information (PI): information that identifies or can reasonably be linked to an individual.
Sensitive Personal Data / Sensitive PI: categories defined by law (e.g., health, religious beliefs, precise geolocation tied to a person, biometric data).
Processing: any operation performed on personal data (collection, storage, use, disclosure, etc.).
Controller / Business: the entity determining purposes and means of processing (we).
Processor / Service Provider: a third party processing data on our behalf under a written contract.
De-identified / Aggregated Data: data that cannot reasonably be linked to an individual.

3. Scope & Audience

This Policy applies to information collected through the App and Site, in connection with our subscription plans and on-site service fulfillment, worldwide. It does not cover third-party websites or services we do not control. Their practices are governed by their own policies.

4. What We Collect

We limit collection to what is necessary to deliver and improve the Services:

4.1 Account Data. Name, email address, phone number (if provided), authentication credentials, and preferences.
4.2 Service & Subscription Data. Plan tier, user-initiated service requests, order IDs, timestamps, private before/after photos or videos of work performed, support history.
4.3 Optional Location Data (Service Site). A user-entered service location for a memorial site (e.g., coordinates, address, or plot reference) to perform requested services and show private status updates. This is not user device tracking and is kept private in the account.
4.4 Payment Data. Subscription and billing details processed securely by authorized payment processors (e.g., App Store, Google Play, Stripe). We do not store full payment card numbers.
4.5 Technical & Usage Data. Device type, OS/app version, browser (for Site), IP address, language, time zone, crash logs, diagnostics, cookie/SDK identifiers for performance and security, and basic usage telemetry (e.g., page/app views, session durations).
4.6 Communications. Support inquiries, chat transcripts, emails, and notification preferences.

We do not require personal details about deceased persons. If a user uploads any reference to a memorial, it should be limited to the minimal service location information needed to perform the work.

5. What We Do Not Collect

We do not collect, process, or disclose:

health or medical data;
religious or philosophical beliefs;
political opinions or union membership;
racial or ethnic origin;
sexual orientation or intimate life information;
biometric or genetic identifiers;
government-issued identifiers (e.g., SSN);
personal data about deceased persons or their relatives (beyond an optional user-provided service location).

We do not collect a user’s precise device geolocation for advertising or tracking. The optional service location relates to the site of service, not the user’s movements.

Sensitive categories are never transmitted as analytics/advertising events and are not shared with third parties.

6. Sources of Personal Data

Directly from you: account setup, service requests, in-app/site forms, uploaded content.
Automatically: through the App/Site (technical telemetry, security logs, basic analytics).
Payment processors: transaction confirmations and subscription lifecycle events.
Contractors (on-site work): status updates and media strictly for your private report.

7. Purposes & Legal Bases

Purposes. We use data to: (a) operate and improve the Services; (b) fulfill orders and provide subscription features; (c) deliver private photo/video reports; (d) authenticate and secure accounts, prevent fraud and abuse; (e) process payments and comply with tax/accounting obligations; (f) provide customer support and communicate about the Services; (g) enforce agreements and comply with law.

Legal bases (GDPR/UK GDPR).

Contractual necessity (providing requested Services).
Consent (e.g., storing optional service location; certain cookies/SDKs; marketing where required).
Legitimate interests (service improvement, fraud prevention, network and information security).
Legal obligations (financial recordkeeping, compliance).

We do not use sensitive data for marketing or profiling.

8. Cookies, SDKs, and Similar Technologies

We use first-party cookies/SDKs for core functionality (session management, security), performance, and aggregated analytics. Where required, we seek consent and provide controls to manage preferences. You may adjust browser/device settings to restrict cookies or advertising IDs; essential features may require certain technologies.

9. Disclosures of Personal Data (No “Sale” or “Sharing”)

We do not sell personal information and do not “share” personal information for cross-context behavioral advertising as defined by the CPRA.

We disclose limited data only to:

Payment processors to complete transactions.
Hosting, analytics, customer support, and security providers under written agreements with confidentiality and security obligations.
Authorized contractors solely to perform on-site work at the user-designated service location (minimum necessary information).
Authorities where required by law or to protect rights, safety, property, or the integrity of the Services.
Successors/assignees in a corporate transaction, with notice and continued protections.

Sensitive categories listed in Section 5 are never disclosed to advertising platforms and are not sent as events.

10. International Data Transfers

Data may be processed in the United States and other jurisdictions where we or our providers operate. For transfers from the EEA/UK, we implement safeguards such as Standard Contractual Clauses (SCCs) and, where applicable, UK addenda and supplementary measures.

11. Security

We maintain administrative, technical, and physical safeguards commensurate with the nature of the data, including encryption in transit, access controls, least-privilege practices, logging/monitoring, and secure development lifecycle measures. No method is 100% secure; we continually improve our controls.

12. Retention

We retain data only as long as necessary for the purposes described or as required by law:

account and subscription data — while the account remains active;
order and billing records — per statutory/tax requirements;
support records — for operational history and compliance;
backups — for limited, rolling periods.

When no longer needed, we delete or de-identify data.

13. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

access and obtain a copy of your data;
correct inaccuracies;
delete your data;
withdraw consent (for optional processing);
object to or restrict certain processing;
data portability;
lodge a complaint with a supervisory authority.

California (CCPA/CPRA). You have rights to know, delete, correct, and to limit use of Sensitive PI. We do not sell or share PI as defined by CPRA.
Canada (PIPEDA). You may request access and corrections and withdraw consent, subject to legal limits.
Brazil (LGPD). You may request confirmation, access, correction, anonymization, portability, deletion, and information about processing.

Submit requests at privacy@tending.app. We will verify identity before acting. Authorized agents may submit requests with valid authorization where permitted.

14. Children’s Privacy

The Services are not directed to children under 13 (or the minimum digital consent age in your jurisdiction). We do not knowingly collect data from children. If we learn of such collection, we will delete it promptly.

15. De-identified and Aggregated Data

We may create and use de-identified or aggregated data for analytics and service improvement. We maintain safeguards to prevent re-identification and will not attempt to re-identify such data.

16. Third-Party Links & Services

The Services may link to third-party sites or services. We are not responsible for their content or privacy practices. Review their policies before providing information.

17. Changes to This Policy

We may update this Policy to reflect changes in our practices or legal requirements. Material changes will be notified via email and/or in-app notice, with the effective date indicated at the top. Continued use after the effective date signifies acceptance.

18. Contact Us

Questions, requests, or concerns: privacy@tending.app
Postal: All Funeral Services LLC, 750 Lexington Avenue, STE 07-119, New York, NY 10022