Privacy Policy

1. Introduction

TheArchivist ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our family tree and memory archiving service (the "Service"). This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using our Service, you consent to the collection and use of information in accordance with this policy. If you do not agree with the practices described in this policy, please do not use our Service.

2. Data Controller

The data controller responsible for your personal information is:

3. Information We Collect

3.1 Information You Provide

• Account Information: Name, email address, password (hashed), and profile information
• Family Tree Data: Names, dates of birth, relationships, events, photos, and biographical information about family members
• Memories: Audio recordings, transcripts, narratives, photos, and associated metadata
• Media: Photos, videos, and other media files you upload or import
• Communication Data: Messages you send through the Service, support requests, and feedback

3.2 Information Collected Automatically

• Usage Data: Log files, IP addresses, browser type, device information, pages visited, and time spent on pages
• Cookies and Tracking: Session cookies for authentication and service functionality
• Technical Data: Device identifiers, operating system, and browser version

3.3 Information from Third Parties

• Google Photos: When you connect your Google Photos account, we access photos you select for import using the Photos Picker API. We only access photos you explicitly select and do not access your entire Google Photos library.
• OAuth Providers: If you sign up using Google, we receive basic profile information (name, email) as authorized by the OAuth scope.

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 Service Provision

• Create and maintain your family tree and memories
• Store and organize your family history data
• Process and transcribe audio recordings (with your consent)
• Enable photo and media management
• Facilitate sharing features (with your explicit consent)

4.2 Legal Basis (GDPR)

• Consent: For processing audio recordings, facial recognition, and sharing features
• Contract Performance: To provide the Service you requested
• Legitimate Interests: For service improvement, security, and fraud prevention
• Legal Obligations: To comply with applicable laws and regulations

4.3 AI and Automated Processing

With your explicit consent, we use AI services (including OpenAI) to:

• Transcribe audio recordings into text
• Extract biographical information from transcripts
• Analyze and organize family history data
• Detect faces in photos (optional, requires consent)

Note: AI processing is optional. You can withdraw consent at any time in your Privacy Settings. When you withdraw consent, ongoing AI processing will stop, but previously processed data may remain unless you request deletion.

5. Data Sharing and Disclosure

5.1 Third-Party Services

We share data with the following third-party services:

• OpenAI: For transcription and text analysis (audio transcripts and narratives only)
• Google: For OAuth authentication and Google Photos integration (only photos you explicitly select)
• Hosting Provider: Our infrastructure provider for data storage and processing

5.2 Sharing Within Your Family Tree

Family tree data may be visible to other members of your family tree as configured by your tree settings. You control privacy settings for individual family members and can restrict access to sensitive information.

5.3 Public Sharing

When you create shareable links, the linked content becomes accessible to anyone with the link. You control when and what to share, and can revoke access at any time.

5.4 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or others.

6. Data Retention

We retain your personal information as follows:

• Account Data: Until you delete your account or request deletion
• Family Tree Data: Until you delete the data or your account
• Memories and Media: Until you delete them or your account
• Log Data: Up to 12 months for security and service improvement purposes
• Legal Requirements: As required by applicable laws (e.g., tax records)

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are legally required to retain it.

7. Your Rights Under GDPR

As a data subject, you have the following rights:

To exercise these rights: Contact us at privacy@thearchivist.cloud or use the tools available in the Privacy Settings section.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Secure password storage using industry-standard hashing
• Regular security assessments and updates
• Access controls and authentication
• Secure backup systems

Important: While we take security seriously, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our security measures.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other appropriate safeguards as required by GDPR

Third-party services we use (such as OpenAI) may process data in the United States and are subject to their own privacy policies and data protection measures.

10. Children's Privacy

Our Service is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13 without parental consent. If you believe we have collected information from a child under 13, please contact us immediately and we will take steps to delete such information.

For children's data in family trees, we recommend that parents or guardians manage accounts and consent on behalf of minors.

11. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and service functionality. These cannot be disabled.
• Session Cookies: Temporary cookies that expire when you close your browser.

We do not use third-party advertising cookies or tracking pixels. We do not sell your data to advertisers or third parties for marketing purposes.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top of this policy
• Sending an email notification for significant changes
• Requiring re-consent for changes affecting consent-based processing

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

We aim to respond to all inquiries within 30 days as required by GDPR.