Data protection
Privacy Policy
This Privacy Policy comprehensively describes which personal data the Emoria platform processes for accounts, memorial pages, virtual memorial candles, subscriptions, media uploads, family and family-tree functions, forum, condolence and comment functions, partner and marketplace functions, email communication and support processes — for which purposes, on which legal basis, for how long and with which recipients. It also informs about international data transfers, processors used, security and bot-protection technologies in use as well as your rights as a data subject under the GDPR.
- Controller (Art. 4 no. 7 GDPR)
- lead.online GmbH
- Represented by
- Jannik Schlossberger, Fabian Köller, Philipp Himmel
- Postal address
- lead.online GmbHBaierbrunner Straße 381379 MünchenDeutschland
- General contact
- hello@emoria.app
- Data protection contact
- privacy@emoria.app
- Data protection officer
- There is no statutory obligation to appoint a DPO under Section 38 BDSG. Please address data protection enquiries directly to the data protection contact named above.
- Supervisory authority
- Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany, https://www.lda.bayern.de
- Service model
- Digital memorial pages, virtual memorial candles, subscriptions with storage limits, family/family-tree functions, partner marketplace, newsletter and transactional emails
- Hosting / core infrastructure
- Hetzner Online GmbH (server hosting for the self-managed app and deployment infrastructure, location Frankfurt am Main/Germany)Neon, Inc. (serverless PostgreSQL database, region eu-central-1)Amazon Web Services EMEA SARL (AWS S3 — eu-central-1, Frankfurt)Amazon Web Services EMEA SARL (Amazon SES — transactional email delivery)Stripe Payments Europe Ltd. (payment processing, subscriptions, billing portal)Cloudflare, Inc. (DNS/proxy, CDN, DDoS/bot protection and Turnstile on login/form flows)Google Ireland Ltd. (Google Analytics 4 Measurement Protocol, server-side)Meta Platforms Ireland Ltd. (Meta Pixel + Conversions API, only with marketing consent)
1. Categories of data processed
- Account data: email address, name, username, roles, verification and security-related data, password hash if set, connected login providers.
- Memorial page and profile data: information about the deceased person, biography, relationship data, privacy settings, media, memories, condolences, comments and other user-generated content.
- Order and payment data: order data for virtual memorial candles, pricing country, currency, billing and payment status, Stripe references and subscription-related contract data.
- Storage and media data: upload metadata, file types, sizes, storage usage, S3 media keys, variants, access caches and plan-based quotas.
- Communication and support data: messages, feedback tickets, moderation reports, support requests and audit/administration logs.
- Technical data: IP-related headers, user agent, server logs, geo headers for trusted country determination, functional cookies and comparable local-storage information.
2. Purposes and legal bases
- Performance of contract or implementation of pre-contractual measures: provision of accounts, memorial pages, protected areas, virtual memorial candles, subscriptions, storage management, partner orders and support.
- Consent: where you voluntarily upload content, choose public visibility, complete optional profiles, use password/invitation features or consent to optional analytics or marketing technologies.
- Legitimate interests: abuse prevention, IT security, moderation, enforcement of usage rules, product improvement, internal statistics, resilience and verifiability of administrative processes. This includes in particular technical protection against automated attacks via Cloudflare Turnstile, Cloudflare proxy/firewall rules, first-party rate limits and comparable server-side protective measures.
- Legal obligations: bookkeeping, retention obligations under tax and commercial law, payment processing, fraud prevention and compliance with statutory disclosure and deletion duties.
3. Special notes on memorial pages and third-party data
Emoria regularly processes information about deceased persons as well as information about loved ones, mourners, contributors and other living persons. For content that users publish on a memorial page, the respective user remains responsible for ensuring that there is a legal basis for it and that no third-party rights are infringed.
The platform supports three visibility levels: public, invitation only and password protected. Public content may appear in archives, feeds, search functions and social previews. Non-public content is only accessible to authorised persons and is protected by technical access restrictions.
4. Payments, country-based pricing and subscriptions
For paid virtual memorial candles and subscriptions, Emoria processes contract, order and payment data. Payments are processed via Stripe. This may include Stripe customer numbers, checkout or payment-intent IDs, amounts, currencies, payment status and tax-relevant information.
To determine the pricing country and currency, we process the approximate geographical origin of your request based on server-side proxy or country headers, in particular via Cloudflare where available. Precise location tracking or permanent storage of your IP address for this purpose does not take place.
Subscriptions and storage plans may control plan-based limits such as the number of memorial pages, storage volume, file types, file sizes and video features. To enforce these limits, plan-related usage data is processed.
5. Media uploads and storage infrastructure
Media uploads are stored in a private AWS S3 bucket in the region eu-central-1. Delivery is controlled via server-side access restrictions, stable internal media paths or time-limited access caches. Permanently signed retrieval URLs are not stored as a primary reference.
For technical optimisation, image variants, preview images, file metadata and storage usage values may be generated. Plan-based storage quotas are taken into account during uploads and further media processing.
6. Cookies, local storage and similar technologies
Emoria uses technically necessary and functional cookies as well as comparable local-storage mechanisms, in particular for login sessions, password access to protected memorial pages, cart functions, stored region preferences and storing your consent selection.
Your selection regarding analytics and marketing technologies is stored in the cookie `emoria_cookie_consent`. In addition, depending on your consent, marketing cookies such as `_fbp` and `_fbc` may be set or deleted again upon withdrawal.
A separate overview of the individual cookies and local-storage mechanisms can be found in the Cookie Policy on this website. There you can also adjust your selection again.
7. Analytics, conversion measurement and marketing
For reach measurement, Emoria uses the Google Analytics 4 Measurement Protocol on the server side. After your consent to the analytics category, Emoria sets its own analytics cookies such as `emoria_ga_cid`, `emoria_ga_sid` and, where applicable, `emoria_attribution` in order to pseudonymously attribute pageviews, sessions, campaign references and conversion events. This processing only takes place if you have consented to the analytics category; these product-side analytics cookies are deleted upon withdrawal.
For marketing and campaign measurement, Emoria may use Meta Pixel in the browser as well as the Meta Conversions API on the server side after corresponding consent. This may involve the processing or transmission to Meta of, in particular, page views, UTM/campaign references, technical request data, device information, shortened or hashed identifiers, order and conversion events as well as Meta-specific cookie information such as `_fbp` and `_fbc`.
Insofar as personal or personally identifiable data is transmitted to Google or Meta in this context, this is done exclusively on the basis of your respective consent or another applicable data protection legal basis and in compliance with the safeguards required for international data transfers.
8. System emails, transactional emails and email tracking
Emoria currently sends primarily transactional and system-related emails that are necessary for the performance of the contract, the management of your account and the security of the platform (e.g. registration confirmations, login codes, password notices, order confirmations, payment and invoice receipts, security-related notices and notifications about activities on memorial pages you manage or follow). These emails may also be sent without separate marketing consent insofar as they are necessary for the contract, account or security. The legal basis is Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.
If you actively sign up in the future for a newsletter, product information or other marketing emails, this is done exclusively on the basis of your express consent pursuant to Art. 6(1)(a) GDPR and § 7(2) no. 3 UWG. We use a double opt-in procedure for this purpose: after your registration, you will receive a confirmation email which you must actively confirm. You may withdraw a given consent at any time via the unsubscribe link in any marketing email or by notifying our contact addresses, with effect for the future.
In the context of email delivery, Emoria processes your email address, sending and delivery information, language and segment data and, where applicable, the time of sign-up, confirmation, unsubscribe and individual sending events.
Emoria may use open-tracking pixels and click-tracking links in its own emails to track delivery, opens, interactions, unsubscribes and the performance of email campaigns. Unsubscribe links and legally required links are not rewritten for click measurement.
9. Recipients, data processing (Art. 28 GDPR) and third-country transfers
Data processing agreements pursuant to Art. 28 GDPR or the data processing agreements (DPAs) offered by the respective provider are in place with all processors that process personal data on our behalf.
Insofar as recipients are based outside the EEA or data access from third countries — in particular the USA — cannot be excluded, such transfers take place on the basis of appropriate safeguards, in particular EU Standard Contractual Clauses (SCC) pursuant to Implementing Decision (EU) 2021/914, certification under the EU-US Data Privacy Framework (where the respective provider is certified) or other legally permissible transfer mechanisms including supplementary protective measures.
In detail, we use the following recipients and processors:
- Hetzner Online GmbH (Germany): server hosting for the self-managed app and deployment infrastructure at a server location in Frankfurt am Main. Processing takes place in Germany.
- Neon, Inc. (USA, processing in eu-central-1): serverless PostgreSQL database backend. SCC and DPA active.
- Amazon Web Services EMEA SARL (Luxembourg, processing in eu-central-1): AWS S3 (Frankfurt) for storage and media processing as well as Amazon SES for transactional emails and system notifications. AWS group partly USA — SCC and DPA active, EU-US DPF certified.
- Stripe Payments Europe Ltd. (Ireland, group USA): payment processing, subscription checkout, billing portal, refunds and webhook processing. SCC and DPA active, EU-US DPF certified.
- Cloudflare, Inc. (USA): DNS/proxy, CDN, DDoS/bot protection, Turnstile bot mitigation and technical protection of authentication and form processes. SCC and DPA active, EU-US DPF certified.
- Google Ireland Ltd. (Ireland, group USA): Google Analytics 4 (Measurement Protocol) for server-side reach measurement, provided analytics has been activated. SCC and DPA active, EU-US DPF certified.
- Meta Platforms Ireland Ltd. (Ireland, group USA): Meta Pixel and Meta Conversions API for marketing and conversion events, provided marketing has been activated. SCC and DPA active, EU-US DPF certified.
- Other processors or independent recipients, insofar as this is necessary for support, abuse prevention, bookkeeping, legal enforcement or partner fulfilment.
10. Storage and deletion periods
Account data and publicly visible content are generally stored for as long as the user account or the respective memorial page is actively operated or there are legitimate retention interests.
In the event of prolonged inactivity of a user account (reference value: 36 months without login and without any paid booking), we may delete or anonymise the account after prior advance warning by email. The date of the last successful login is processed for this purpose.
Order, payment and accounting-relevant data are stored in accordance with statutory retention periods (in particular Section 257 HGB, Section 147 AO, regularly 6-10 years).
Server access logs (e.g. Hetzner, Coolify, proxy and app logs) are generally deleted or overwritten automatically within 30 days, insofar as they are not still required to defend against specific security incidents.
Temporary tokens, upload intermediate states, access caches and comparable auxiliary data are stored for significantly shorter periods or deleted automatically as soon as they are no longer needed.
When a user account is deleted, account master data is anonymised insofar as this is necessary to safeguard data integrity, fulfil statutory retention obligations or document completed processes.
11. Your rights
Requests regarding data subject rights can be addressed to privacy@emoria.app or hello@emoria.app.
Requests for access, data portability or erasure are processed via the contact channels mentioned. An automated self-service data export is in preparation; until it is available, we answer access and data portability requests manually within the statutory deadlines.
- Right of access to the data processed about you.
- Right to rectification of incorrect or incomplete data.
- Right to erasure, insofar as no statutory or overriding legitimate grounds preclude this.
- Right to restriction of processing.
- Right to object to processing based on legitimate interests.
- Right to data portability, insofar as the processing is based on contract or consent and is technically possible.
- Right to withdraw consent given, with effect for the future.
- Right to lodge a complaint with a data protection supervisory authority.
12. Minimum age
Emoria is aimed at users aged 16 and over. By registering, you confirm that you are at least 16 years old. If your residence is in an EU member state in which a higher age limit applies under Art. 8 GDPR, this higher age limit applies.
If we become aware that a person under the age of 16 has created an account without the consent of their legal guardians, we will block or delete the account and the associated data.
13. Feedback and bug reports
Emoria offers an integrated feedback function via which users can submit bug reports, suggestions for improvement and other feedback directly from within the platform.
The following data is processed in this context: the message entered by the user, the selected category, an optional title, the optionally provided email address, as well as automatically captured technical context data (current page URL, page path, language setting, viewport size, browser and device information).
For logged-in users, the feedback is associated with the existing user account. Users who are not logged in may optionally provide an email address for follow-up contact.
The legal basis for processing is Art. 6(1)(a) GDPR (consent). Consent is obtained via a checkbox before the feedback is submitted and can be withdrawn at any time with effect for the future.
Feedback data is used exclusively for bug fixing, quality assurance and further development of the platform. No disclosure to third parties takes place unless this is necessary for the technical provision of the platform (e.g. hosting provider).
Feedback data is deleted as soon as the associated matter has been resolved and there are no longer any legitimate retention interests, but no later than 24 months after submission. Users may request the deletion of their feedback data at any time via hello@emoria.app or privacy@emoria.app.
14. Family, family-tree and relationship functions
The family-tree and family functions allow users to model relationships between deceased persons, living relatives and other contributors. In particular, this involves processing kinship designations, life dates, places of birth and death, photo links and voluntary profile information.
If you create relationships involving living persons or store data of living persons (e.g. parents, siblings, children), you as the uploading user remain responsible for ensuring that a legal basis exists for the processing of this data (in particular consent of the data subject or another legal basis under Art. 6(1) GDPR).
Insofar as automated link suggestions (e.g. potential family-tree merges) compare data from different users, this is done exclusively server-side on the basis of data already stored. A consolidation of family-tree content is only carried out after express confirmation by both participating users.
15. Forum, condolence book, comments and moderation
Entries in the condolence book, in forum areas or in comment functions are published with the display name you have chosen and, where applicable, a profile picture. If the associated memorial page is public, these entries are likewise publicly accessible; for private or password-protected memorial pages, the respective access restrictions apply.
For moderation, spam mitigation and enforcement of the terms of use, we may review, approve, block, unpublish or delete entries with regard to their content. To this end, content, creation timestamps, language settings, technical metadata and, where applicable, reports from other users are processed. The legal basis is Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(f) GDPR (legitimate interest in platform integrity and protection of third parties).
Insulting, unlawful or grief-violating entries will be removed without undue delay upon notice or upon obtaining knowledge.
16. Bot protection, IT security and server logs
To protect the platform against abusive use, automated attacks, brute-force attempts, spam bots and scraping activities, we use technical security mechanisms. These include in particular Cloudflare Turnstile (free CAPTCHA alternative on login, registration and contact forms), Cloudflare proxy/firewall rules, server-side rate limits, honeypot checks and access restrictions on security-relevant endpoints.
In the context of every HTTP request, the hosting and proxy infrastructure temporarily processes technical data such as IP address, date and time of the request, requested URL, HTTP status code, referrer URL, user agent, approximate geographical origin (where available via proxy or country headers) and security-relevant headers. This data is processed exclusively for security, performance and stability purposes.
Server logs of the Hetzner/Coolify/proxy and app infrastructure are generally deleted or overwritten automatically within 30 days, insofar as they are not still required to defend against specific security incidents. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in IT security and stability).
17. Data security
We implement technical and organisational measures (TOMs) to protect your data against unauthorised access, loss and manipulation. These include in particular continuous transport encryption via TLS 1.2/1.3, controlled delivery of media from private S3 buckets exclusively via server-side signed or access-checked paths, hashing of passwords using modern procedures, pseudonymisation of internal identifiers and a strict separation of production, preview and development environments.
The app server infrastructure is operated on a self-managed Hetzner server in Frankfurt am Main. The database infrastructure (Neon) and object storage (AWS S3) continue to be operated in European data centres (region eu-central-1, Frankfurt). Backups are stored in encrypted form and created at regular intervals.
Access to productive systems is restricted to a small group of authorised persons and is logged.
18. No automated individual decision-making within the meaning of Art. 22 GDPR
Automated individual decision-making with legal effect for you or with similarly significant impact within the meaning of Art. 22 GDPR does not take place. In particular, no automated profiling for credit decisions, contract conclusions or the automatic blocking of accounts is carried out.
Upstream technical protection mechanisms (e.g. bot detection, rate limits, CAPTCHA) may temporarily block individual requests; this does not, however, constitute automated decision-making within the meaning of Art. 22 GDPR, since no final legal or comparably significant effect is produced.
19. Changes to this Privacy Policy
We reserve the right to adapt this Privacy Policy so that it always meets current legal requirements or to implement changes to our services, for example when introducing new functions or new processors.
The respective current version is available on this page. In the event of significant changes, in particular changes that require renewed consent, we will actively inform you (e.g. by email to the stored contact address or via a notice within the platform).
Status of this Privacy Policy: 20 May 2026. For questions please contact privacy@emoria.app.