Data Processing Agreement

Last updated: April 15, 2026

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between you (“Data Controller”) and OurFamilyLineage (“Data Processor”) in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

1. Scope & Purpose

OurFamilyLineage processes personal data on your behalf to provide family tree building, media storage, collaboration, and related services. This DPA applies to all personal data processed through the platform.

2. Categories of Data

• Account data: Name, email, authentication credentials
• Family tree data: Names, dates, relationships, biographical notes of family members
• Media: Photos, documents, audio/video recordings
• Usage data: IP address, browser information, access logs

3. Our Obligations as Processor

• Process personal data only on your documented instructions
• Ensure persons authorized to process data are bound by confidentiality
• Implement appropriate technical and organizational security measures
• Assist you in responding to data subject access requests
• Delete or return all personal data upon termination of services
• Make available all information necessary to demonstrate compliance
• Notify you without undue delay (within 72 hours) of any personal data breach

4. Sub-processors

We use the following sub-processors:

We will notify you before adding or replacing sub-processors and give you the opportunity to object.

5. International Transfers

Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) as adopted by the European Commission.

6. Security Measures

See our Security page for details on technical and organizational measures.

7. Duration

This DPA remains in effect for the duration of our processing of your personal data. Upon account termination, we will delete all personal data within 30 days unless retention is required by law.

8. Contact

For DPA inquiries: contact@ourfamilylineage.com