Privacy Policy
Last updated: July 9, 2026
This Privacy Policy explains how [Company Legal Name] (“we”, “us”), [Registered Address, City, Country], processes personal data when you use Family Origin (the “Service”). We are the data controller for the processing described here.
1. Data we collect
- Family details you enter: names, birth dates and relationships of the people you add to your tree.
- Photos you upload (optional): images of you and your family members used to generate the portraits.
- Gift recipient emails: the addresses you provide when sending a portrait as a gift.
- Order and payment data: what you purchased and payment status. Full payment details are processed by our payment providers (e.g. PayPal / card processors) — we never see your card number.
- Usage and device data: pages viewed, quiz/builder steps, IP address, browser information and advertising cookies (see our Cookie Policy).
2. Why we process it (legal bases)
- To provide the Service — generating portraits, delivering purchases, sending gift emails (performance of a contract).
- Payments and fraud prevention (contract / legal obligation / legitimate interest).
- Marketing measurement — Meta Pixel and Conversions API events to measure and improve advertising (consent where required, otherwise legitimate interest).
- Service improvement and security (legitimate interest).
3. Photos and AI processing
Uploaded photos are transmitted to our AI image-generation providers (currently OpenAI and Google) solely to create your portraits. Photos and generated images are stored with our hosting provider (Supabase) so you can access your results. We do not use your photos to train AI models, we do not sell them, and we do not perform facial-recognition identification. You can request deletion of your photos and project at any time (see “Your rights”).
4. Who we share data with
- AI processing: OpenAI (image generation, story text, narration), Google (image/video generation where applicable);
- Hosting and storage: Supabase (project data and images), our web hosting provider;
- Payments: PayPal and/or card payment processors (e.g. Stripe);
- Email delivery: Resend (gift and transactional emails);
- Advertising measurement: Meta Platforms (Pixel and Conversions API — event data such as page views, checkout events, hashed identifiers, IP and browser data).
These providers act as processors or independent controllers under their own terms. Some are located outside the EEA/UK; where required, transfers rely on adequacy decisions or standard contractual clauses.
5. Retention
- Projects (tree data, photos, generated portraits): retained while needed to provide the Service; deleted upon your request.
- Order records: kept as required by tax and accounting law.
- Gift recipient emails: used only to deliver the gift and associated notifications.
- Advertising event data: per Meta's retention terms.
6. Your rights
Depending on your location (e.g. GDPR in the EEA/UK), you may have the right to access, rectify, delete, restrict or object to processing, data portability, and to withdraw consent at any time. You may also lodge a complaint with your supervisory authority. To exercise any right, email info@familyorigin.org — include the link to your result page so we can locate your project.
7. Children
The Service is not directed at children under 16. Photos of children may only be uploaded by a parent/guardian or with their permission.
8. Security
We use encryption in transit, access controls and reputable infrastructure providers. No system is 100% secure; please keep your result-page links private, as anyone with a link can view that project.
9. Changes
We may update this Policy from time to time; the current version is always available on this page with its effective date.
10. Contact
Privacy questions and requests: info@familyorigin.org · [Company Legal Name], [Registered Address, City, Country].