Privacy Policy

Tribute (“Tribute,” “we,” “our,” or “us”) respects your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have. It applies to our website, web app, and related services that allow users to create and share memorial tributes, life journeys, albums, messages, and QR codes that point to public or private tribute pages (collectively, the “Services”).

1) Information We Collect

We collect information in three ways: provided by you, collected automatically, and from third parties.

Account & Profile: name, email address, phone number (if provided), password hash, and basic settings (language, theme, notification preferences).
Tribute Content: text (e.g., life stories, milestones), photos and videos (albums), obituary details, funeral details, QR codes and links, social share settings, and visibility (public/private). Some tribute content may include information about living persons (e.g., family members, authors of messages). Please only share what you have rights to share.
Messages & Guestbook: comments, condolences, memorial messages, and their moderation status (approved, pending, rejected), including poster name and (optionally) email.
Technical & Usage Data: IP address, device and browser type/version, operating system, referring/exit pages, page views, feature usage (e.g., albums uploaded, messages posted), timestamps, and error logs. We may use cookies, local storage, and similar technologies to remember preferences and keep you signed in.
Payments: if you purchase premium features, we receive transaction metadata from our payment partners (e.g., a masked payment method, amount, status, reference). We do not store full card numbers on Tribute servers.
Notifications: your email and/or phone number if you opt into email/SMS updates (e.g., contribution confirmations, moderation updates, renewal reminders).
Analytics: pseudonymous event data (e.g., page views, navigation, device info) from tools like Google Analytics to understand usage and improve performance.

2) How We Use Information

Deliver the Services: create/manage tributes, life journeys, albums, QR links, and message moderation.
Personalize & Improve: remember preferences (e.g., dark mode), recommend relevant features, and refine UX.
Security & Integrity: fraud/spam detection, abuse prevention, access controls, audit logs, and incident response.
Payments: process orders for premium features, subscriptions, or add-ons via third-party processors.
Notifications: send transactional emails/SMS (receipts, approvals, reminders) and service communications.
Analytics: measure performance, diagnose issues, and guide product decisions (aggregated/statistical forms).
Legal: comply with laws, enforce Terms, and protect our rights and our users.

3) Legal Bases (where applicable)

Contract: processing necessary to provide the Services you request.
Legitimate Interests: securing our platform, preventing abuse, and improving features in ways that respect your rights.
Consent: non-essential analytics/cookies, marketing communications (where required). You can withdraw consent at any time.
Legal Obligation: responding to lawful requests or regulatory requirements.

4) Sharing & Disclosure

We do not sell your personal information. We share it only as described below:

Service Providers: hosting and storage (e.g., object storage/CDN), email/SMS delivery, analytics, payment processing, security and monitoring. These providers process data on our behalf under appropriate safeguards.
Public Sharing You Enable: when you set a tribute or certain elements (e.g., albums, messages) to public, they can be viewed by anyone with the link or QR code, and can be shared on social platforms.
Legal & Safety: to comply with law or respond to valid legal requests; to protect the rights, property, or safety of Tribute, our users, or the public.
Business Transfers: in the event of a merger, acquisition, or asset sale, your data may be transferred under continued protection consistent with this Policy.

5) Cookies & Similar Technologies

We use cookies/local storage for authentication (keeping you signed in), remembering preferences (e.g., theme), and analytics. You can control cookies via your browser settings; disabling essential cookies may affect core functionality.

Essential: session/auth, security, load balancing.
Preferences: theme, locale, UI settings.
Analytics: aggregated usage insights via tools like Google Analytics.

6) Data Retention

Tributes, Albums, Life Journeys, Messages: retained while your account is active or until you delete them. Deleting a tribute removes associated content (subject to reasonable backups and technical logs).
Account: if you delete your account, we queue permanent deletion within ~30 days (backups and logs may persist for a limited time for security/continuity).
Payments: transaction records are retained as required for accounting, regulatory, and anti-fraud obligations.
Logs & Analytics: retained for a limited period sufficient for security, troubleshooting, and product analysis.

7) Your Choices & Rights

Access & Update: view and edit your profile and tribute content in your account dashboard.
Visibility Controls: set tributes or certain sections to public or private, and regenerate/restrict shareable QR links.
Delete: remove albums/media, messages, or entire tributes; request account deletion.
Opt-Out: unsubscribe from non-essential emails/SMS; adjust cookie/analytics preferences where available.
Data Protection Rights: subject to local laws (e.g., Kenya Data Protection Act and others where applicable), you may have rights to request access, correction, deletion, restriction, objection, data portability, and to not be subject to solely automated decisions with legal or similarly significant effects.

8) Security

We implement administrative, technical, and physical safeguards: encryption in transit (HTTPS/TLS), hardened hosting, access controls and role-based permissions for admin tools, secure credential storage, audit logging, and regular monitoring. No system is 100% secure; we encourage strong, unique passwords and recommend enabling additional protections when available.

9) International Data Transfers

Our infrastructure and service providers may be located in different countries. When we transfer personal data across borders, we use appropriate safeguards consistent with applicable law (e.g., contractual protections).

10) Children & Sensitive Content

The Services are not directed to children under 13 (or the age defined by your local law). If we learn we’ve collected personal data from a child without appropriate consent, we will delete it.
Memorial content often references deceased persons. While data protection laws typically protect living individuals, please avoid uploading sensitive personal information about living persons without consent.

11) Third-Party Links & Embeds

Tribute pages may contain links to third-party sites or social platforms. We are not responsible for their privacy practices; review their policies before sharing data there.

12) Changes to This Policy

We may update this Policy to reflect changes to our Services or the law. We will post the updated version with a new “Last updated” date and, where appropriate, notify you via email or in-app.

13) Contact Us

Questions or requests regarding this Policy or your data? Contact us at support@tribute.co.ke.

Last updated: 9/20/2025

Product Notes (Transparency)

Moderation: Tribute includes tools for owners/admins to approve/reject messages and hide/report abusive content. Moderation actions and reasons may be logged for security and audit purposes.
Storage: Media you upload (photos, videos) are stored in secure object storage and may be served via a CDN for performance. Deleting a media item removes it from active serving; caches may take short periods to expire.
QR Sharing: QR codes simply encode public URLs. Anyone who scans a public QR can view the linked page. Use private visibility for sensitive content.
Analytics: We use analytics to understand how people navigate tribute pages so we can improve stability and performance. Where required, we’ll honor your analytics preferences.
Notifications: Email/SMS are used for transactional updates (e.g., purchase confirmations, moderation notices). You can opt out of non-essential communications at any time.

This document is provided for informational purposes and does not constitute legal advice. For requirements specific to your jurisdiction (e.g., Kenya Data Protection Act or others), please consult a qualified attorney.