memoralise

Last updated: February 2026

Privacy Policy

1. Introduction

Memoralise Pty Ltd (“we”, “us”, “our”) operates the website memoralise.com and the associated digital legacy vault platform (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and phone number. This information is necessary to provide the Service, authenticate your identity, and communicate with you about your account.

2.2 Identity Verification Data

To comply with regulatory requirements and protect the security of legacy releases, we use AU10TIX to perform 100-point identity verification. Verification documents (such as government-issued identification) are processed by AU10TIX and are not stored by Memoralise beyond 30 days from the date of verification. After verification is complete, we retain only the verification status and a reference identifier.

2.3 Vault Data

Your vault data — including documents, messages, and other files you upload — is encrypted using a zero-knowledge architecture. This means that we cannot access, read, or view your vault data. Only you and your designated legacy contacts (upon verified release) can decrypt and access this information.

2.4 Usage Data

We collect anonymised usage analytics via PostHog to improve the Service. This includes page views, feature usage patterns, and technical information such as browser type and device type. Usage data collection is consent-gated — we only collect analytics data after you have provided explicit consent via our cookie consent manager (powered by Osano).

2.5 Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card numbers, bank account details, or other payment credentials on our servers. We retain only a Stripe customer identifier and basic transaction records (amount, date, subscription status) necessary for billing and accounting purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and maintain the Service — including account management, vault storage, and legacy contact release functionality.
  • Process identity verification — to verify your identity and the identity of legacy contacts prior to releasing vault data.
  • Process payments — to manage your subscription, process billing, and issue refunds where applicable.
  • Send service notifications — including account alerts, security notices, release confirmations, and subscription updates. We do not send marketing emails without your explicit consent.
  • Comply with legal obligations — including responding to lawful requests from regulatory authorities and maintaining records as required by applicable law.
  • Improve the Service — using anonymised, aggregated analytics data (with your consent) to identify and fix issues, improve user experience, and develop new features.

4. Data Storage & Security

We employ a layered security approach to protect your information:

  • Encryption in transit — All data transmitted between your device and our servers is encrypted using TLS 1.3.
  • Encryption at rest — All stored data is encrypted using AES-256 encryption.
  • Document storage — Vault documents are stored with TIMG, an ISO 27001 and SOC 2 Type II certified document storage provider based in Australia.
  • Database encryption — Our database infrastructure is hosted on AWS RDS with encryption enabled at the storage layer.
  • Application-layer encryption — Sensitive metadata fields receive an additional layer of Fernet encryption at the application level.
  • Key management — Encryption keys are managed via AWS Key Management Service (KMS) with per-tenant key isolation to ensure that one user’s keys cannot be used to access another user’s data.

While no system can guarantee absolute security, we continuously review and update our security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

5. Your Rights Under GDPR (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access — You may request a copy of the personal data we hold about you.
  • Right to rectification — You may request that we correct inaccurate or incomplete personal data.
  • Right to erasure — You may request that we delete your personal data, subject to legal retention obligations.
  • Right to restriction of processing — You may request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability — You may request a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Right to object — You may object to the processing of your personal data for direct marketing or where processing is based on legitimate interests.

To exercise any of these rights, please submit a Data Subject Access Request (DSAR) by emailing privacy@memoralise.com. We will respond to your request within 30 days as required by law.

Data Protection Officer: For GDPR-related enquiries, you may contact our Data Protection Officer at privacy@memoralise.com.

You also have the right to lodge a complaint with your local data protection supervisory authority.

6. Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with the following rights:

  • Right to know — You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to delete — You may request that we delete the personal information we have collected from you, subject to certain exceptions.
  • Right to opt-out of sale or sharing — You have the right to opt out of the sale or sharing of your personal information. We do not sell or share your personal information.
  • Right to non-discrimination — We will not discriminate against you for exercising your privacy rights.
  • Right to correct — You may request that we correct inaccurate personal information.
  • Right to limit use of sensitive personal information — You may limit the use and disclosure of your sensitive personal information to purposes necessary for providing the Service.

We do NOT sell personal information. Our zero-knowledge architecture means we cannot access your encrypted vault data, and we do not sell, rent, or trade any personal information to third parties for monetary or other valuable consideration.

To exercise your rights or to opt out, visit our Do Not Sell or Share My Personal Information page or email privacy@memoralise.com.

7. Third-Party Processors

We work with the following third-party service providers to deliver our Service. Each processor has been vetted for compliance with applicable data protection regulations:

Provider Purpose Data Processed Location
TIMG Document storage Encrypted vault documents Australia
AU10TIX Identity verification Government-issued ID, biometric data (facial recognition) Israel / EU
Stripe Payment processing Payment credentials, billing address, transaction history United States
PostHog Analytics (consent-gated) Anonymised usage data, page views, feature interactions European Union
AWS Cloud infrastructure All service data (encrypted) Configurable region

We require all third-party processors to enter into data processing agreements that comply with applicable data protection laws. Where data is transferred outside of your jurisdiction, appropriate safeguards (such as Standard Contractual Clauses) are in place.

8. Data Retention

  • Account data — Retained for the duration of your active account. Upon account deletion, account data is permanently deleted within 30 days.
  • Identity verification data — Verification documents are deleted within 30 days of verification. Only the verification status and a reference identifier are retained.
  • Vault data — Encrypted vault data is retained for the duration of your active account. Upon account deletion, encrypted vault data is permanently deleted within 30 days.
  • Payment records — Transaction records are retained for up to 7 years as required by Australian tax and financial reporting regulations.
  • Audit logs — Immutable audit logs are retained in accordance with regulatory requirements and cannot be modified or deleted.
  • Analytics data — Anonymised analytics data may be retained indefinitely as it cannot be linked to individual users.

9. Cookies

Our use of cookies is managed through Osano, our consent management platform. We categorise cookies as follows:

  • Essential cookies — Required for the Service to function (e.g., session management, security tokens). These are set without requiring consent as they are strictly necessary.
  • Analytics cookies — Used by PostHog to collect anonymised usage data. These are only set after you have provided explicit opt-in consent via the Osano cookie banner.

You can manage your cookie preferences at any time through the cookie settings accessible in the footer of our website, or by adjusting your browser settings.

10. Children’s Privacy

The Service is not intended for, nor directed at, anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take immediate steps to delete that information. If you believe a child under 18 has provided us with personal information, please contact us at privacy@memoralise.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email at the address associated with your account and update the “Last updated” date at the top of this page.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related enquiries, you may also contact our Data Protection Officer at the email address above.

Cookie Preferences

Choose which cookies you'd like to allow. Essential cookies are always enabled because they're needed for the site to work properly.

Essential

Required for the site to function. Cannot be disabled.

Analytics

Help us understand how visitors use the site so we can improve it.

Marketing

Used to show you relevant content and measure ad effectiveness.

Privacy Policy