OurFamilyLineage← Back to home

Privacy Policy

Last updated: April 15, 2026

OurFamilyLineage (“we,” “us,” or “our”) is committed to protecting the privacy of your personal information and your family’s data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at ourfamilylineage.com.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a one-way hash). If you sign in via Google OAuth, we receive your name and email from Google — we never receive or store your Google password.

Family Tree Data

You voluntarily provide family member information including names, dates, relationships, biographical notes, and photographs. This data is the core of our service and is treated with the highest level of care. We do not sell, license, or share your family tree data with any third party.

Media & Files

Photos, documents, audio recordings, and video files you upload are stored in encrypted cloud storage (Supabase Storage backed by AWS S3). Files are associated with your account and family tree and are accessible only to you and collaborators you explicitly invite.

Usage Data

We collect standard web analytics: pages visited, time on site, browser type, device type, and IP address. This data is used to improve the service and is never linked to your family tree content.

2. How We Use Your Information

  • To provide, maintain, and improve the OurFamilyLineage service
  • To process your subscription and payment
  • To send transactional emails (account confirmation, password reset, collaboration invites)
  • To respond to your support requests
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

We never use your family tree data, photos, or stories to train AI models, serve advertising, or build marketing profiles.

3. AI Features

OurFamilyLineage offers optional AI-powered features (biography generation, photo restoration, document OCR). When you use these features:

  • Your data is sent to the AI provider (OpenAI, Anthropic, or Stability AI) solely to process your request
  • We do not permit AI providers to retain or train on your data
  • AI features are opt-in — your data is never processed by AI unless you initiate it
  • You can disable AI features entirely in your account settings

4. Data Sharing

We share your information only in these limited circumstances:

  • Service providers:Supabase (database & auth), Stripe/PayPal (payments), DreamHost (email). Each is bound by data processing agreements.
  • Collaborators:When you invite someone to your family tree, they can see the tree data you’ve shared. You control who has access and can revoke it at any time.
  • Legal compliance: If required by law, court order, or governmental authority.

We do not sell your personal data. We do not share your data with advertisers.

5. Data Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit
  • AES-256-GCM encryption for sensitive configuration data at rest
  • Row Level Security (RLS) policies on every database table
  • bcrypt password hashing with per-user salts
  • TOTP-based two-factor authentication (optional)
  • Rate limiting on authentication endpoints
  • Regular security audits and dependency updates

6. Your Rights (GDPR & Global)

You have the right to:

  • Access — Request a copy of all data we hold about you
  • Rectification — Correct inaccurate personal data
  • Erasure — Request deletion of your account and all associated data
  • Portability — Export your family tree in standard GEDCOM format
  • Restriction — Request we limit processing of your data
  • Objection — Object to processing based on legitimate interests
  • Withdraw consent — Withdraw consent for optional processing at any time

To exercise any of these rights, email us at contact@ourfamilylineage.com. We will respond within 30 days.

7. Data Retention

Your account and family tree data are retained as long as your account is active. After account deletion, all data is permanently removed within 30 days. Backups containing your data are rotated and destroyed within 90 days.

8. Children’s Privacy

Family trees naturally contain information about minors. We do not knowingly collect personal information directly from children under 16. Family tree entries about minors are managed by the adult account holder who is responsible for ensuring appropriate consent.

9. International Transfers

Our servers are located in the United States (AWS us-east-1). If you are located in the EU/EEA, your data is transferred to the US under Standard Contractual Clauses (SCCs) as maintained by our infrastructure providers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy inquiries, data requests, or concerns:
Email: contact@ourfamilylineage.com
Website: ourfamilylineage.com