Privacy Policy

Last updated: March 30, 2026 · Effective: April 4, 2026

Reunifyr LLC (“Company,” “we,” “us”) operates the Reunifyr platform (“Service”). This Privacy Policy describes what information we collect, how we use it, and the choices you have. By using the Service you consent to the practices described here.

1. Information We Collect

a. Account Information

When you register we collect your name, email address, and a hashed password. Tenant administrators may also provide an organization name, subdomain, and billing details.

b. Profile & Genealogy Data

Users and administrators may enter family-member profiles, genealogy records (names, dates, relationships), event details, photos, videos, and documents. This information is stored within your tenant’s isolated data scope.

c. Payment Information

Payment details (credit card numbers, billing addresses) are collected and processed exclusively by Stripe, Inc. We do not store card numbers on our servers. We retain Stripe customer IDs, subscription IDs, and invoice summaries for account management.

d. Usage & Log Data

We automatically collect IP addresses, browser type, pages visited, timestamps, and login activity. This data is used for security monitoring (e.g., brute-force detection), performance analytics, and audit logging.

e. Uploaded Content

Photos, videos, documents, and GEDCOM files you upload are stored in Azure Blob Storage (or a local equivalent in development) under tenant-scoped paths. Image metadata (EXIF) is read for processing but stripped from stored thumbnails.

2. How We Use Your Information

  • Service delivery: Display your data within the platform, generate reports, power search and notifications.
  • Billing: Process subscriptions, send invoices, and manage plan changes via Stripe.
  • Security: Detect unauthorized access, enforce rate limits, log admin and user activity for audit trails.
  • Communication: Send transactional emails (account verification, password resets, billing receipts). We do not send marketing emails without explicit opt-in.
  • Improvement: Analyze aggregate usage patterns to improve performance and features. We do not use your content for AI training or advertising.

3. Multi-Tenancy & Data Isolation

Reunifyr is a multi-tenant platform. Each tenant’s data is logically isolated through:

  • TenantId columns on every data table with Entity Framework Core global query filters.
  • A StampTenantId interceptor that overrides the tenant identifier on every new record to prevent spoofing.
  • Role-based access control (viewer, admin, superuser, platform-admin) with policy-based authorization.

While tenants share underlying compute and database infrastructure, one tenant cannot view, query, or modify another tenant’s data through the application.

4. Third-Party Services

Service Purpose Data Shared
Stripe, Inc. Payment processing Name, email, billing address, payment method
Microsoft Azure Hosting, storage, CDN, monitoring All platform data (encrypted at rest and in transit)
Application Insights Performance monitoring & error tracking Anonymized telemetry, request metadata

We do not sell, rent, or share your personal data with any other third parties.

5. Cookies & Local Storage

We use essential cookies for authentication (session cookies, antiforgery tokens) and optional cookies for output caching. We do not use third-party tracking cookies or advertising pixels. No consent banner is required because all cookies are strictly necessary for service operation.

6. Data Storage & Security

  • All data in transit is encrypted via TLS 1.2+.
  • Data at rest is encrypted by Azure (Azure SQL TDE, Blob Storage SSE).
  • Passwords are hashed using PBKDF2 with a unique salt per user.
  • Sensitive configuration (connection strings, API keys) is stored in Azure Key Vault.
  • Security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options) are enforced on all responses.
  • Rate limiting protects login and API endpoints from brute-force attacks.

7. Data Retention

  • Active accounts: Data is retained for the duration of your subscription.
  • Cancelled accounts: You have 30 days after cancellation to export your data (including GEDCOM export). Data is permanently deleted after this period.
  • Audit logs: Login attempts, admin actions, and security events are retained for 12 months for compliance and security purposes.
  • Backups: Automated daily database backups are retained per Azure SQL retention policy (7–35 days depending on tier).

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Update inaccurate or incomplete data via your profile or by contacting us.
  • Deletion — Request deletion of your account and associated data.
  • Export — Download your data via CSV export, PDF reports, photo downloads, or GEDCOM export.
  • Restriction — Request that we limit processing of your data in certain circumstances.

To exercise any of these rights, email info@reunifyr.com. We will respond within 30 days.

9. Children’s Privacy

The Service is not directed at children under 13. Tenant administrators may enter genealogy records for minors (e.g., family-tree data), but minors may not create their own accounts. If we learn that a child under 13 has created an account, we will delete it promptly.

10. International Data Transfers

The Service is hosted on Microsoft Azure in the United States. If you access the Service from outside the U.S., your data may be transferred to, stored, and processed in the U.S. By using the Service you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before they take effect. The “Last updated” date at the top indicates the most recent revision.

12. Contact

For questions or concerns about this Privacy Policy, contact us at info@reunifyr.com.

© 2026 Reunifyr LLC. All rights reserved.