Skip to content
VestigiaVestigia
ExploreAboutBlog
Create your legacy
Create your legacy

Privacy policy

Last updated: February 21, 2026

At Vestigia, we take the protection of your personal data very seriously. This policy describes how we collect, use, and protect your information in accordance with the General Data Protection Regulation (GDPR).

Data controller

The data controller is Vestigia, based in Spain. You can contact us at info@vestigia.me.

Data we collect

We collect the following types of personal data:

  • Registration data: name, email address, and encrypted password.
  • Profile data: biography, photo, profession, location, and any content you choose to publish in your legacy.
  • Usage data: information about how you interact with the platform, including pages visited and actions taken.
  • Technical data: IP address, browser type, operating system, and cookies.
  • Managed profile data: name, relationship with the manager, published content (photographs, texts, achievements), and vital status (alive or deceased) of the represented person.

Purpose of processing

We process your data for the following purposes:

  • To manage your account and provide you with access to the platform.
  • To publish and maintain your public legacy profile according to your preferences.
  • To improve our services and the user experience.
  • To send you email communications, classified into the following categories:
    • Transactional emails (account verification, password reset): necessary for the operation of the service and cannot be disabled.
    • Service notifications (pet linking requests, managed profile claims): enabled by default. You can disable them at any time from your account settings.
    • Incomplete profile reminders (maximum 3 emails, spaced 14 days apart): enabled by default. You can disable them at any time from your account settings.
    • Product and news communications (newsletters, tips, platform updates): only sent with your prior explicit consent. You can grant or revoke this consent at any time from your account settings.
  • To comply with our legal obligations.

Legal basis for processing

The processing of your data is based on:

  • Consent by registering and creating your profile, you consent to the processing of your data for the described purposes.
  • Performance of a contract the processing is necessary to provide you with the service you have subscribed to.
  • Legitimate interest to improve our services, ensure the security of the platform, and send you operational service notifications (pet linking requests, profile claims) and incomplete profile reminders. You can object to these communications at any time from your account settings.
  • Legal obligation when necessary to comply with applicable legislation.
  • Explicit consent for commercial communications the sending of newsletters, news, and product communications requires your prior and specific consent (Article 6(1)(a) of the GDPR). You can revoke it at any time from your account settings.

Your rights (GDPR)

As a data subject, you have the following rights that you can exercise at any time:

  • Access the right to know what personal data of yours we process.
  • Rectification the right to correct inaccurate or incomplete data.
  • Erasure the right to request the deletion of your data ("right to be forgotten").
  • Restriction the right to restrict the processing of your data in certain circumstances.
  • Portability the right to receive your data in a structured and commonly used format.
  • Objection the right to object to the processing of your data.

To exercise any of these rights, contact us at info@vestigia.me. We will respond within a maximum of 30 days.

Managing communication preferences

You can manage your email communication preferences at any time from the Settings > Notifications section of your account. From there you can:

  • Enable or disable pet linking request notifications.
  • Enable or disable managed profile claim notifications.
  • Enable or disable incomplete profile reminders.
  • Enable or disable product and news communications.

Transactional emails (account verification and password reset) cannot be disabled, as they are essential for the operation and security of your account.

Cookies

We use cookies to improve your experience on the platform. You can consult our cookie policy for detailed information about the cookies we use and how to manage them. cookie policy

Data retention

We retain your personal data as long as your account is active or as long as necessary to provide you with the service. You can request the deletion of your account and data at any time.

Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Managed profile data

When a user creates a managed profile, we collect and process data about the represented person (name, relationship with the manager, published content, vital status). The manager is responsible for ensuring they have sufficient authorization or legitimacy to provide such data. The represented person (or their heirs) may exercise their GDPR rights over this data by contacting us at info@vestigia.me.

Data processors and sub-processors

To provide our services, we share data with the following providers:

  • OpenAI (United States) -- AI content processing. Only data you voluntarily enter in the legacy assistant is sent. OpenAI does not use this data to train their models.
  • Hostinger (European Union/Lithuania) -- Email delivery through their SMTP service. Only your email address is used for the communications described in this policy.
  • Hetzner (Germany) -- Server infrastructure hosting and data storage.

International data transfers

Some of our providers (OpenAI) are based in the United States. These transfers are carried out under the standard contractual clauses approved by the European Commission and the EU-US Data Privacy Framework. Only data strictly necessary for providing the service is transferred. The email service (Hostinger) operates within the European Union.

Biometric data

Vestigia does not collect, store, or process biometric data. Photographs uploaded to the platform are treated exclusively as images, without applying facial recognition technology or any type of biometric analysis. IP addresses are anonymized using SHA-256 hashing before storage.

Contact

If you have questions about this privacy policy or the processing of your data, you can contact us at info@vestigia.me.

You also have the right to file a complaint with the Spanish Data Protection Agency (AEPD) if you believe your rights have been violated.

VestigiaVestigia

Every life leaves its mark.

Platform

  • Explore
  • Create profile
  • How it works
  • Blog
  • FAQ

Legal

  • Privacy
  • Terms
  • Cookies

Community

  • Twitter/X
  • Reddit
  • GitHub

© 2026 Vestigia. All rights reserved.