Privacy Policy
Last updated: 25 May 2026
Pax Anima (‘we’, ‘us’, ‘our’) takes the protection of your personal data seriously. This policy explains what data we collect, why, and what rights you have under GDPR.
1. Who we are (controller)
Pax Anima BV. If you have questions about this policy or wish to exercise your rights, contact us at privacy@paxanima.com.
2. Who this policy applies to
This policy covers people who create and manage a Pax Anima account. For pet owners and bereaved families, your crematorium or clinic is the data controller.
3. What data we collect and why
| Category | Data | Purpose | Legal basis |
|---|---|---|---|
| Account | First name, last name, email, company name, role | Create and manage your account | Contract (Art. 6(1)(b)) |
| Authentication | Password hash (bcrypt) | Verify your identity | Contract (Art. 6(1)(b)) |
| Security logs | Email, IP address, login timestamp, success/failure | Detect and prevent abuse | Legitimate interests (Art. 6(1)(f)) |
| Billing | Company name, email, Stripe customer ID, subscription tier | Process subscription payments | Contract (Art. 6(1)(b)) |
| Usage telemetry | Anonymised request metrics | Monitor service health | Legitimate interests (Art. 6(1)(f)) |
4. How long we keep your data
| Category | Retention |
|---|---|
| Account data | Subscription duration + 1 year |
| Security logs | 90 days |
| Session tokens | 90 days after expiry |
| Audit trail | As required by applicable law |
| Billing records | 7 years |
5. Who we share your data with
| Processor | Purpose | Location |
|---|---|---|
| Microsoft Azure | Infrastructure hosting, telemetry | EU (West Europe) |
| Stripe | Subscription billing and payment processing | EU (Ireland) |
| Resend | Transactional email delivery | United States (SCCs in place) |
6. Your rights
Under GDPR Articles 15–22, you have the right to:
- Access a copy of your data
- Request erasure (right to be forgotten)
- Rectification of inaccurate data
- Data portability in machine-readable format
- Object to processing based on legitimate interests
- Restriction of processing
You also have the right to lodge a complaint with the Belgian Data Protection Authority (GBA/APD).
7. Security
We protect your data using TLS encryption in transit, bcrypt password hashing, role-based access controls, tamper-evident audit logs, and two-factor authentication.
8. Memorial pages
Published memorial pages can include pet details, memorial text/photos, and visitor condolences. Owner email is never displayed publicly.
9. Data breach notification
If a breach is likely to create risk, Pax Anima will notify the Belgian Data Protection Authority within 72 hours and inform controllers without undue delay.
10. Changes to this policy
We will notify you by email and update the ‘Last updated’ date above if we make material changes.