Skip to content
tree-family.com

Privacy Policy

Last updated: April 7, 2026

1. Who We Are

tree-family.com is operated by D23 Ventures Ltd ("we," "our," or "us"). We are the data controller responsible for your personal data collected through tree-family.com (the "Service").

If you have any questions about this Privacy Policy or how we handle your data, you can contact us at hello@d23.tech.

2. Information We Collect

2.1 Information You Provide Directly

  • Account details — name, email address, and password when you register
  • Family tree content — names, dates, relationships, locations, photos, and biographical notes you add to your trees
  • Payment information — billing details processed securely by Stripe; we do not store card numbers
  • Communications — messages you send us through the contact form or email

2.2 Information Collected Automatically

  • Device and browser information (type, version, operating system)
  • Usage data (pages visited, features used, session duration)
  • IP address and approximate geographic location
  • Referral source (how you arrived at our site)
  • Cookies and similar tracking technologies (see our Cookie Policy)

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

  • Contract performance — to provide and maintain the Service you signed up for
  • Legitimate interests — to improve our Service, prevent fraud, and ensure security
  • Consent — for analytics and marketing cookies, which you can withdraw at any time
  • Legal obligation — to comply with applicable laws and regulations

4. How We Use Your Information

  • Provide, operate, and maintain the Service
  • Process payments and manage your subscription
  • Send transactional notifications (account confirmations, password resets, subscription changes)
  • Respond to support requests and feedback
  • Analyze usage patterns to improve features and performance
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share data only in these circumstances:

  • Service providers — Supabase (hosting and database), Stripe (payments), Vercel (hosting and analytics), Resend (transactional email) — each bound by data processing agreements
  • Other users — only when you explicitly choose to share a family tree via a share link or collaboration invite
  • Legal requirements — when required by law, court order, or to protect the rights, safety, or property of D23 Ventures Ltd or others

6. International Data Transfers

Our service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or equivalent mechanisms recognized under applicable law.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your data within 30 days, except where we are required to retain it for legal, accounting, or security purposes.

8. Data Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, secure authentication via Supabase Auth, role-based access controls, and regular security reviews. No method of transmission or storage is 100% secure, but we take reasonable steps to protect your information.

9. Your Rights

Under the GDPR and other applicable data protection laws, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — request that we limit how we use your data
  • Data portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at hello@d23.tech. We will respond within 30 days.

10. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us at hello@d23.tech and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service before the changes take effect. The "Last updated" date at the top indicates when this policy was last revised.

12. Contact and Complaints

If you have questions or concerns about this Privacy Policy or our data practices, contact us:

D23 Ventures Ltd

Email: hello@d23.tech

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.