Skip to content

Policy

Privacy, by default.

Flieder is built around family control, careful review, and quiet memorial publishing. The full account of what we collect and how we use it is below — and never longer than it needs to be.

Effective June 2, 2026

Who we are

Flieder (“we,” “us”) operates flieder.life, a family-controlled memorial platform, and a secondary community place-archive. This policy explains what we collect, how we use it, who we share it with, and your choices. Questions or requests: support@flieder.life. Our services are hosted and processed in the United States.

What we collect

Account details (email, and a display name if you provide one); memorial and person records; obituary and life-story text; privacy settings; location or QR preferences; guestbook tributes; photo or story uploads; claim and verification requests and any supporting documents; and the moderation trail that goes with them. We also collect limited analytics and advertising-measurement data, and basic technical data (IP address and request metadata used for rate-limiting and security). We do not collect more than we need, and we do not ask for sensitive data we don’t require.

How we use it

To create, display, and protect memorials per the settings families choose; to authenticate accounts and restore drafts; to review claims and moderate contributions; to process payments; to keep the service secure and prevent abuse; to fix problems and improve the product; and to communicate with you about your memorial or account. Legal bases (where the GDPR applies) include performing our contract with you, your consent (e.g., analytics/ads cookies), and our legitimate interests in operating and securing the service.

Drafts and accounts

You can begin a memorial before creating an account. Drafts are kept on your device until you sign up and choose to publish. Account access is used to protect the memorial, restore drafts, manage family controls, and review contributions.

Memorial visibility

Families choose private, unlisted, or public visibility. Private memorials are family-only. Unlisted memorials are shared by link and are not listed or search-indexed. Public memorials may appear in search engines only if the family explicitly allows indexing. We also ask the major AI/LLM crawlers not to scrape memorial pages.

Tributes and photos

Contributors may submit written tributes, stories, relationship details, and photographs when the family enables those options. By default, contributions are reviewed before they appear. Pending or rejected contributions are never shown on a public memorial.

Verification and claims

Claim and verification submissions may include relationship statements, authority explanations, and supporting documents. These are used solely to review who should control or verify a memorial, are visible only to staff and the relevant memorial owner, and are kept only as long as needed for that review.

Automated review of submissions

To screen claim and community-archive submissions for accuracy and policy violations before they appear, we use an automated content-moderation provider (through our AI gateway). The submitted text is sent to that provider solely to return a classification (for example, whether a place appears real and a story plausible); uncertain cases are routed to a person. The provider processes this text to perform the classification and does not use it to train its models, and we never use memorial content to train AI.

Location and QR data

Families can add a meaningful place, address notes, coordinates, and QR sharing. Exact location is hidden unless the family chooses to show it. QR links are intended for programs, keepsakes, and memorial places. Maps are rendered via Mapbox.

Cookies and analytics

We use a small amount of privacy-respecting analytics (PostHog) and error monitoring (Sentry) to understand how the product is used and to fix problems — never to build advertising profiles of you. If you arrive from a Google ad, Google Ads conversion measurement records that the visit led to a sign-up or purchase; where we use Enhanced Conversions, a hashed (not plain) version of your email may be shared with Google solely to match that conversion. These technologies use cookies or similar identifiers; you can accept or decline them in the banner, block them in your browser, and we honor Global Privacy Control / Do-Not-Track and use Consent Mode so nothing advertising-related fires in the EEA/UK until you agree.

Who receives data

Flieder runs on a small set of trusted service providers, each handling only what their job needs: Supabase (database, authentication, image storage); Stripe (payments — your card details go to Stripe and are never stored by us); Vercel (hosting); an AI gateway/model provider (automated moderation of claim and archive submissions, as described above); Resend (sending transactional email); Mapbox (maps); Cloudflare Turnstile (bot protection); PostHog and Sentry (analytics and error monitoring); and Google (advertising-conversion measurement, only when you arrive from an ad and consent). We may also disclose information if required by law or to protect rights and safety. We do not sell your personal information, we do not “share” it for cross-context behavioral advertising, and we never use memorial content to train AI.

How long we keep it

We keep memorial content for as long as the memorial exists or your account is active, and as needed to provide the service. Claim/verification evidence is kept only as long as needed to review the claim. Backups and security logs are kept for a limited period. When you delete a memorial or account, we delete or de-identify the associated personal data within a reasonable time, except where we must retain it to comply with law, resolve disputes, or enforce our terms.

Your rights and choices

You can edit or delete a memorial you control, change privacy and indexing settings, and ask us to access, correct, export, or delete your account or its data. Depending on where you live (e.g., the EEA/UK or California), you may have rights to access, correct, delete, port, or object to certain processing, and to withdraw consent. California residents: we do not sell or share personal information as those terms are defined under the CCPA. To exercise any right, email support@flieder.life; we will verify and respond as required by law, and you won’t be discriminated against for exercising a right.

Children

Flieder is not directed to children and is intended for users 16 and older. We do not knowingly collect personal information from children under 16. If you believe a child has provided us information, contact support@flieder.life and we will delete it.

International users

Flieder is operated from and processed in the United States. If you access it from outside the US, you understand your information will be processed in the US, which may have different data-protection laws than your country.

No grief commerce

Flieder defaults to no ads, no flowers, no candles, and no donation upsells inside a memorial. Paid features unlock preservation and family control — never grief-commerce defaults.

Support, takedowns, and changes

Use support@flieder.life to request review of unauthorized memorials, incorrect facts, privacy concerns, disputed claims, copyright issues, or sensitive content. We may update this policy; if changes are material, we will surface notice before they take effect.

Updated periodically. Material changes are surfaced before they take effect.