Privacy Policy

1. Introduction

At AGP Media Ltd trading as Cuimhne Code ("we", "our", or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website, purchase our physical QR plaques, and create or interact with our digital memorials. We process your data in compliance with the General Data Protection Regulation (GDPR) and applicable Irish law.

2. Data We Collect

We collect information when you purchase a product, create an account, build a memorial, or leave a tribute:

• Account & Contact Data: Name, email address, password/authentication details, and communications with our support team.
• Order Data: Information related to your physical plaque purchases (shipping address and order history). Note: Payment processing is handled securely by third-party processors; we do not store full credit card details.
• Memorial Content: Biographies, dates, locations, stories, photos, and videos uploaded to a memorial.
• Tribute Data: Names, messages, and optional photos left by visitors in a memorial's guestbook.
• Technical Data: Essential device information, IP addresses, and login logs necessary for security, rate limiting, and service functionality.

3. How & Why We Use Your Data

We process your data under the following lawful bases:

• Contract Performance: To fulfill physical product orders, create your account, and host your digital memorial.
• Legitimate Interests: To secure our platform, prevent spam/abuse, provide customer support, and improve our services.
• Consent: Where applicable, for placing non-essential cookies or sending marketing communications (which you can opt out of at any time).

4. Public Memorials & User Content

By design, Cuimhne Code memorials are public web pages linked to physical QR plaques. When a memorial is published, the content uploaded (including the deceased's information, photos, and visitor tributes) will be visible to anyone on the internet who scans the QR code or visits the URL. Please consider this carefully before uploading sensitive personal data. Search engines may also index public memorial pages.

5. Data Sharing & Third Parties

We do not sell your personal data. We only share data with trusted third-party service providers necessary to operate our business, such as secure cloud hosting providers, database infrastructure (e.g., Supabase), payment gateways, and delivery/shipping partners. We may also disclose data if required by law.

6. Data Storage & Security

We use industry-standard security measures to protect your data. All media is stored in encrypted cloud buckets, and database access is strictly controlled by Row Level Security (RLS) policies. While we strive to protect your data, no internet transmission is 100% secure.

7. Your GDPR Rights

As a user based in the EU/EEA, you have the following rights:

• Right of Access & Portability: Request a copy of the data we hold about you.
• Right to Rectification: Request corrections to inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request the deletion of your account and memorial data.
• Right to Object/Restrict: Object to or limit specific processing activities.

To exercise these rights, please contact us using the details below.

8. Cookies

Our platform uses strictly necessary cookies to maintain user sessions, authenticate log-ins, and ensure security. We may use optional analytics cookies only with your consent.