Privacy & Security

Our promise to you

What information we collect

Information you provide directly

• Account details: Your name, email address, and location (city/state) when you create an account.
• Information about your loved one: Name, date of passing, and other details you choose to enter to personalize your checklist (such as address, employer, or religious preferences).
• Estate and financial references: You may enter references to financial accounts, insurance policies, property, or legal documents as part of tracking your tasks. See “Sensitive data” below for how we handle this.
• Funeral and memorial preferences: Any details you enter about service plans, burial or cremation preferences, or provider selections.
• Family and contact information: Names, relationships, and contact details of family members, beneficiaries, or other individuals relevant to your checklist tasks.
• Collaborator information: Names and email addresses of people you invite to share your checklist.
• Notes and comments: Any notes you or your collaborators add to tasks.
• Communications: Messages you send us through support or feedback channels.

Information collected automatically

• Usage data: How you interact with Omuna (pages visited, features used, time spent) so we can improve the experience. This data is anonymized and never tied to your personal details.
• Device information: Browser type, operating system, and screen size to ensure Omuna works properly on your device.
• Cookies: We use essential cookies only — the ones required to keep you logged in and remember your preferences. We do not use advertising or tracking cookies.

Information we never collect

• Medical records: We do not collect or store any health or medical information.
• Biometric data: We do not collect fingerprints, facial recognition data, or any other biometric identifiers.
• Payment information: Omuna is free. We do not collect credit card or banking details for payment purposes. (If you enter financial account references as part of estate tracking, those are protected under our sensitive data policies above.)

How we use your information

We use your information only to:

1. 1Operate your checklist — Save your progress, sync between devices, and share with collaborators you've invited.
2. 2Personalize your experience — Tailor the checklist phases and tasks to your situation (for example, showing state-specific legal requirements based on your location).
3. 3Surface relevant service providers — Recommend vetted funeral homes, estate attorneys, financial advisors, or other professionals based on your location and the phase of your checklist. See “How Omuna stays free” for full details on how this works and what data is used.
4. 4Send you relevant communications — Account confirmations, password resets, and optional progress reminders if you've turned them on. You can turn off all non-essential emails at any time.
5. 5Improve Omuna — Understand how people use the product so we can make it better. This analysis uses anonymized, aggregated data only.

How Omuna stays free

Omuna is free for every family, and we want to be completely transparent about how that's possible.

How it works

We partner with a curated network of service providers — funeral homes, estate attorneys, financial advisors, grief counselors, and other professionals who serve families during and after loss. When a partner is relevant to your situation, we may recommend them within your checklist at the appropriate phase. If you choose to contact or engage with a recommended provider, Omuna may receive a referral fee from that provider. This is how we sustain the platform.

What data partners receive

How we choose partners

Not just anyone can become an Omuna partner. We vet providers based on:

• Licensing and professional credentials
• Customer reviews and reputation
• Transparent pricing practices
• Willingness to serve families with empathy and without pressure

We remove partners who receive consistent negative feedback from Omuna users.

Your control

• Recommendations are optional. You can ignore every recommendation with no impact on your checklist experience.
• You can turn them off. In your account settings, you can disable partner recommendations entirely. Your checklist works exactly the same without them.
• No data is shared without your action. We never proactively send your information to a partner. Data is only shared when you explicitly choose to connect with a provider.
• Partner interactions are clearly labeled. Every recommendation in your checklist is marked as a partner suggestion so you always know the difference between a general task and a referral.

How we protect your information

Encryption

• In transit: All data sent between your device and our servers is encrypted using TLS 1.2 or higher (the same standard used by banks and healthcare providers).
• At rest: All personal data stored on our servers is encrypted using AES-256 encryption.
• Sensitive fields: Financial account numbers, policy numbers, and legal document details receive additional field-level encryption on top of the baseline protections.

Access controls

• Only a small number of authorized team members can access user data, and only when necessary to provide support or maintain the platform.
• All access is logged and audited.
• Team members with data access undergo background checks and sign confidentiality agreements.
• No team member can access your decrypted sensitive fields (account numbers, policy numbers) without a documented support reason and a second team member's approval.

Infrastructure

• Omuna is hosted on Replit with data centers located in the United States.
• We perform regular security assessments and vulnerability testing.
• Automated monitoring alerts our team to any unusual activity 24/7.

Authentication

• Passwords are hashed using bcrypt and are never stored in plain text.
• Sessions expire after 7 days of inactivity.

Who can see your information

Collaborators you invite

When you invite a collaborator to your checklist, they can see the tasks, notes, and progress within that shared checklist. They cannot see:

• Your account email or password
• Sensitive financial or legal fields (account numbers, policy numbers) — unless you've explicitly marked a field as visible to collaborators
• Any data from other checklists you may have

You can remove a collaborator's access at any time.

Service providers (only if you choose)

As described in "How Omuna stays free," partner service providers only receive your information if you actively choose to connect with them. See that section for exactly what is and isn't shared.

Service providers that help us operate

We work with a small number of trusted providers to run Omuna:

These providers are contractually required to protect your data, can only access the minimum needed for their service, and cannot use your data for their own purposes. We will update this table when providers change.

Law enforcement

We will only disclose personal information to law enforcement or government authorities if legally required by a valid subpoena, court order, or other binding legal process. If permitted by law, we will notify you before any disclosure.

Your rights and choices

You have full control over your data.

Collaborator privacy

• Invitation only. No one can access your checklist unless you explicitly invite them.
• Limited visibility. Collaborators see only the shared checklist — not your email, account details, sensitive financial fields, or other checklists.
• Revocable access. Remove any collaborator at any time. Access is revoked immediately.
• Independent accounts. Each collaborator has their own account with their own privacy protections.
• Sensitive field control. By default, sensitive fields (account numbers, policy numbers) are hidden from collaborators. You can choose to make specific fields visible on a per-field basis.

Children's privacy

Omuna is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it immediately. If you believe a child has provided us with personal information, please contact us at privacy@joinomuna.com.

Data retention

Changes to this policy

If we make significant changes to this policy, we will:

• Notify you by email at least 14 days before the changes take effect.
• Post a clear notice on our website.
• Update the “Last updated” date at the top of this page.

We will never make changes that reduce your privacy protections retroactively without giving you advance notice and the opportunity to delete your account first.

For California residents (CCPA)

Under the California Consumer Privacy Act, you have the right to:

• Know what personal information we collect and why.
• Request deletion of your personal information.
• Opt out of the sale of your personal information. Omuna does not sell personal information. Our partner referral program shares limited data only when you actively choose to connect with a provider — this is not a "sale" under the CCPA. Regardless, you can disable all partner features in your settings.
• Not be discriminated against for exercising your privacy rights.

To exercise any of these rights, contact us at privacy@joinomuna.com.

For European residents (GDPR)

If you are located in the European Economic Area:

• Legal basis: We process your data based on your consent (account creation, partner referrals) and our legitimate interest in operating and improving Omuna.
• Data portability: Request your data in a machine-readable format.
• Right to object: Object to certain processing activities, including partner recommendations.
• Data Protection Officer: Reach our DPO at dpo@joinomuna.com.
• Supervisory authority: You have the right to lodge a complaint with your local data protection authority.

How to contact us