How we handle information at Funeral Sentry.

This policy applies to (a) funeral home operators who are paying customers or pilot participants (“Operators”), (b) users invited by an Operator into that Operator's organization (staff, directors, consultants, auditors), and (c) prospective customers who interact with our marketing surface or submit a demo / lead form.

References to “we” or “us” mean Funeral Sentry, Inc. References to “you” mean the individual using the service or visiting the site.

We collect the categories of information below:

• Account information — name, work email, role, organization name, and authentication material (a one-way hashed password or an OAuth token from a provider you authorize).
• Operator content — General Price Lists, Casket Price Lists, Outer Burial Container Price Lists, disclosures, delivery logs, evidence files, audit packets, AI review findings, and any document or field an authorized user uploads or types into the platform.
• Usage data — IP address, user agent, request id, timestamps of authenticated actions, and the page or API route requested. This data is written to an append-only audit log.
• Billing data — Stripe customer id, subscription status, invoice records. Card numbers are handled by Stripe, never stored by us.
• Marketing data — when you submit the demo or lead form, we store the fields you provided (name, email, organization, role, location count, notes) plus the page URL that referred you.

We do not collect special-category personal data (health, biometric, financial-account-number, etc.) by design. If an Operator uploads such data into a free-form field, the data is treated as Operator content under the same controls.

We use information to:

• Provide the service — render the dashboard, run compliance checks, fire scheduled jobs, deliver transactional email, process billing.
• Maintain and improve security — detect abuse, investigate incidents, run audit logs.
• Communicate operationally — service notices, security advisories, billing statements, weekly summary emails to OWNER and MANAGER seats.
• Improve the product — aggregated, de-identified usage telemetry. We do not train AI models on Operator content without explicit written consent.

We share information only with:

• Sub-processors who run discrete parts of the service — cloud hosting, transactional email (Resend), payments (Stripe), error tracking (Sentry), product analytics (PostHog). Each is bound by a written contract requiring confidentiality and security commensurate with this policy.
• Operators' own users — within an Operator's organization, role-based access controls determine who can see what. Cross-organization reads are impossible by service design.
• Legal compulsion — if required by valid legal process. We will give notice to the Operator unless prohibited by law.
• Successor entity — in connection with a merger, acquisition, or asset sale, subject to confidentiality and continued application of this policy.

We do not sell personal information. We do not share information with advertising networks. We do not allow sub-processors to use Operator content for their own purposes.

Operator content is retained for the life of the subscription plus a reasonable export window after cancellation. Audit log rows are append-only and retained for the life of the organization to preserve the evidentiary record. Marketing leads are retained until you ask us to delete them or until they no longer have business relevance (whichever is sooner).

You can request full export or full deletion at any time — see Your rights.

We use industry-accepted controls: TLS in transit, encryption at rest at the storage layer, role-based access control, append-only audit logging, secrets stored in chmod-600 environment files owned by root, time-limited signed URLs for evidence downloads, daily backups with a monthly restore drill. The security page has the full list and the next review date.

No system is perfectly secure. If you believe a vulnerability exists, email security@funeralsentry.com. We will acknowledge within one business day.

You can:

• Access — request a copy of the personal information we hold about you.
• Export — download the full operating record as JSON, CSV, or sealed PDF.
• Correct — fix inaccuracies in your account information.
• Delete — request deletion of your personal information, subject to limitations where we must retain records for legal, audit, or fraud-prevention reasons (and we will tell you which).
• Withdraw consent — where we rely on consent to process your information, you can withdraw it at any time.
• Complain — to a supervisory authority where your jurisdiction provides one.

To exercise any of these rights, email privacy@funeralsentry.com. We respond within 30 days.

We use a small number of strictly-necessary cookies for authentication and session management. We use server-side product analytics (PostHog) to measure aggregate usage of authenticated routes. We do not use third-party advertising cookies. We do not run cross-site tracking pixels.

Marketing pages are static and do not set cookies on first visit. You can use the site fully with all non-essential cookies blocked.

Funeral Sentry is not directed to children. We do not knowingly collect information from anyone under 16. If you believe we have, email privacy@funeralsentry.com and we will delete it.

We will post the new version here with an updated “Last updated” date. If changes are material we will additionally email account owners. Continued use of the service after the effective date constitutes acceptance.

Email privacy@funeralsentry.com. For security disclosures specifically, use security@funeralsentry.com.