Privacy Policy

Last updated: February 2026

The Short Version

Your memorials are private. We don't sell your data. We don't track you. We don't show ads. You can delete everything at any time. That's it.

What We Collect

  • Your email address — used for sign-in (magic link) and optional anniversary/birthday reminders. Nothing else.
  • Memorial content you create — names, dates, memories, photos, and preferences you enter. This is your data and exists solely for your use.
  • Basic server logs — IP addresses and timestamps for security and error diagnosis. These are not linked to your account and are not analyzed.

What We Don't Collect

  • No third-party analytics (no Google Analytics, no Facebook Pixel, nothing)
  • No tracking cookies beyond your login session
  • No advertising or ad-related tracking of any kind
  • No selling, renting, or sharing of your data with anyone
  • No behavioral profiling or data mining

How Your Data Is Used

  • To display your memorials and memories back to you
  • To send magic link emails so you can sign in
  • To send anniversary and birthday reminders (if you opt in)
  • To share your memorial publicly (only if you explicitly enable sharing)
  • To generate AI-powered prayers (text is sent to Anthropic's API and not stored by them)

Privacy by Default

  • Memorials are private when created — no one can see them but you
  • You must explicitly turn on sharing for a memorial to be visible to others
  • Group memorials use a random token URL — they are not indexed or searchable
  • You can turn sharing off at any time and the public link stops working immediately

Data Security

  • All connections are encrypted with HTTPS/TLS
  • Passwords are never stored — we use magic link authentication
  • Session cookies are HTTP-only and secure
  • Security headers are enforced (Content-Security-Policy, HSTS, X-Content-Type-Options)
  • Rate limiting protects against abuse

How Sign-In Works

Eternal Light uses magic link authentication instead of passwords. Here's how it protects your account:

  • You enter your email and we send a one-time sign-in link to your inbox
  • The link expires in 15 minutes and can only be used once
  • No one can access your account without access to your email inbox — knowing your email address alone is not enough
  • There are no passwords to steal, guess, or leak
  • Sign-in attempts are rate-limited to prevent abuse (5 per hour per email, plus IP-based limits)

If someone else enters your email on the sign-in page, all that happens is you receive a sign-in email. They cannot access your account, your memorials, or your private memories without clicking the link that was sent to your inbox.

Your Rights

You can at any time:

  • Export — download your memorial as a PDF keepsake
  • Delete — remove any memory, photo, or your entire memorial
  • Revoke sharing — make any public memorial private again instantly
  • Leave — stop using Eternal Light at any time with no strings attached

For data deletion requests or questions, contact [email protected].

Changes to This Policy

If we change this policy, we'll update the date at the top of this page. We'll never quietly reduce your privacy protections. If anything changes in a meaningful way, we'll let you know.