Privacy Policy

Pocket Lantern helps funeral homes publish online memorial programs. We collect the minimum needed to run the service: the account details of the funeral-home staff who sign in, the memorial content they create about the person being remembered, and anonymous daily counts of how many times a memorial was opened. We do not track the families and guests who view a memorial — no analytics on viewers, no advertising trackers, no fingerprinting, and no guestbook that collects visitor information. We never sell data. A funeral home can delete a memorial or close its account at any time, and we remove the data within 30 days.

For purposes of the GDPR, UK GDPR, CCPA/CPRA, Brazil's LGPD, and similar laws, the operator of pocketlantern.org is the data controller of account and operational data. Contact: privacy@pocketlantern.org. General support: support@pocketlantern.org.

Important roles. A funeral home that uses Pocket Lantern decides what memorial content to publish and is responsible for the relationship with the bereaved family. With respect to the personal information contained within a memorial (the deceased's details, the obituary, and information about surviving family members), the funeral home acts as the controller and Pocket Lantern acts as its processor / service provider, handling that content only to display it as instructed.

Most data-protection laws — including the EU GDPR (Recital 27) — apply to living individuals and do not, by their terms, govern information about people who have died. Some countries (for example France, Italy, Denmark, and several U.S. states) extend specific protections to the deceased or to their next of kin. Regardless of what the law strictly requires, we treat memorial content with care and dignity, because it concerns real people and grieving families.

A memorial can reveal sensitive context about living people too — religious or philosophical beliefs implied by an order of service, family relationships, and photographs of attendees. The funeral home is responsible for ensuring it has the authority and the family's permission to publish this content (see Terms). If you are a family member and want a memorial corrected or removed, contact the funeral home that arranged it, or email us at privacy@pocketlantern.org and we will help facilitate the request.

• Funeral-home account information — the name and email address of staff who sign in (from Google OAuth). Source: Google.
• Funeral-home profile — business name, memorial URL slug, logo/crest, brand color, and chapel/location labels. Source: you.
• Memorial content — everything entered for a memorial: the name of the person being remembered, dates, portrait photo, obituary / life story, order of service, names of officiants, pallbearers, and surviving family, and any donation/charity information. Source: the funeral home (on behalf of the family).
• Billing information — handled entirely by Stripe. We store a Stripe customer ID, subscription status, and billing interval. We never see or store card numbers, CVV, or expiration dates.
• Memorial open counts — when someone opens a memorial, we increment a daily counter (e.g., "42 opens on May 30"). We do not store who opened it, their IP, device fingerprint, or any identifying information about the viewer.
• Authentication cookies — a session cookie set by our auth provider to keep funeral-home staff signed in. No tracking, analytics, or advertising cookies.
• Standard server logs — request paths, timestamps, and error traces from our hosting provider for operational reliability. Retained up to 30 days, then deleted.

• We do not track the families or guests who open a memorial beyond an anonymous daily count.
• We do not offer a public guestbook or condolence form by default, so we do not collect names, messages, emails, or other personal information from visitors.
• We do not use third-party advertising trackers, pixels, retargeting tags, or any analytics that share data with ad networks.
• We do not fingerprint browsers.
• We do not read a signed-in user's Google contacts, files, calendar, or any other Google data — only their name and email.
• We do not sell, rent, or trade personal information to anyone.

If you are in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases for processing the personal data of living individuals (funeral-home staff and identifiable surviving family members):

• Performance of a contract (Art. 6(1)(b)) — to provide the service, process billing, and send transactional emails to the funeral home.
• Legitimate interests (Art. 6(1)(f)) — to operate, secure, and improve the service, including anonymous open counters, server logs, and fraud prevention. For memorial content about surviving family, the funeral home relies on the family's authorization, which it represents it has obtained.
• Compliance with legal obligations (Art. 6(1)(c)) — to retain billing records as required by law.
• Consent (Art. 6(1)(a)) — for any future marketing communications, which we will request explicit opt-in for.

• To authenticate funeral-home staff and let them build and manage memorials.
• To render public memorial pages to families and guests.
• To process billing and provide customer support.
• To send transactional emails (sign-in confirmations, billing receipts, important account notices). We do not send marketing emails without explicit opt-in.
• To detect abuse, fraud, and security incidents.
• To comply with our legal obligations and respond to valid requests from families.

We use a small set of vetted infrastructure providers. Each only sees the data necessary to provide its service, under a Data Processing Agreement.

We will provide at least 30 days' notice before adding or changing material subprocessors. To object to a new subprocessor or request our current DPA, email privacy@pocketlantern.org.

Our infrastructure providers operate primarily in the United States. If you are in the EEA, UK, or Switzerland, data may be transferred to the US. These transfers are protected by Standard Contractual Clauses (SCCs) signed with our subprocessors.

If you are in the EEA, UK, or Switzerland (GDPR), you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to lodge a complaint with your local data protection authority. Funeral-home staff can edit most account data directly in the dashboard.

Families and next of kin: because the funeral home controls memorial content, the fastest route to correct or remove a memorial is to contact that funeral home. You may also email privacy@pocketlantern.org and we will help facilitate your request, including erasure of a memorial where appropriate.

If you are a California resident (CCPA / CPRA), you have the right to know what personal information we collect, request deletion, correct inaccuracies, and to non-discrimination for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising, so no opt-out action is required.

Virginia, Colorado, Connecticut, Utah, and similar state laws grant comparable access, deletion, correction, and portability rights, and Brazil's LGPD grants analogous rights. To exercise any right, email privacy@pocketlantern.org. We respond within 30 days and may need to verify your identity first.

Pocket Lantern uses only strictly necessary cookies. We do not set analytics, advertising, marketing, retargeting, fingerprinting, or any third-party tracker cookies, and we set no cookies at all on a public memorial page. The full list:

Under the EU ePrivacy Directive (Art. 5(3)), UK PECR (Reg. 6), and analogous rules elsewhere, strictly necessary cookies do not require prior opt-in consent. The cookies above are only ever set in the signed-in dashboard, never on a public memorial. We still show a one-time notice on first visit so you are informed.

If we ever add analytics, marketing cookies, or an optional guestbook, we will (a) update this policy, (b) replace the one-time notice with a granular consent prompt offering Accept and Reject equally prominently, and (c) honor Global Privacy Control (GPC) signals automatically.

"Do Not Sell or Share My Personal Information": Pocket Lantern does not sell personal information for money or share it for cross-context behavioral advertising. There is nothing to opt out of. If our practices ever change, this section will be updated and an explicit opt-out link will appear here and in the footer of every page. We honor the Global Privacy Control (GPC) browser signal as a valid opt-out request.

We keep account and memorial data for as long as the account is active. If a funeral home deletes a memorial or closes its account, we permanently remove the data within 30 days, with two exceptions: standard infrastructure backups may retain it for up to 90 days, and billing records we are legally required to keep (typically 7 years for tax purposes).

Because a memorial is often something a family returns to for years, we keep a published memorial online for the lifetime of the funeral home's account unless the funeral home or family asks us to take it down. Anonymous open counters are retained indefinitely in aggregate because they contain no personal information.

All connections to Pocket Lantern are encrypted with TLS (HTTPS). Data at rest is stored in Supabase's managed Postgres with AES-256 encryption and row-level security enforcing per-account isolation. We do not store passwords because we use Google OAuth.

In the event of a personal data breach affecting your data, we will notify you and the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it, as required by GDPR Article 33. Report any security concern to security@pocketlantern.org.

Pocket Lantern is a professional tool for funeral homes and is not directed to children. We do not knowingly collect personal data from anyone under 16 through the dashboard. A memorial may, however, concern a child who has died, or may include photographs of living children among the family. Responsibility for obtaining the family's authorization to publish such content rests with the funeral home (see Terms). If you believe content should not be published, contact privacy@pocketlantern.org and we will act promptly.

If we make material changes, we will update the "Last updated" date and notify funeral-home account holders by email at least 30 days before the changes take effect.

Questions, requests, or concerns? Email privacy@pocketlantern.org. We respond within 5 business days.