Privacy Policy

Who we are and how to contact us

Scope and roles

Mortem AI provides AI-powered communication, automation, and marketing tools to funeral homes, cremation service providers, and related businesses. Mortem AI is not a funeral home, cremation provider, mortuary, healthcare provider, or HIPAA covered entity, and does not hold itself out as such.

When you visit our websites or contact us directly

Mortem AI is the controller (or, where applicable, the "business") of personal information you provide to us through mortemai.com or by contacting us, in connection with sales inquiries, account management, customer support, marketing, and similar interactions.

When end users interact with a Client's funeral home using our Services

When consumers, families, or other end users interact with our Client's website chat, SMS, email, or landing pages powered by Mortem AI's "Sarah" AI assistant or related Services, our Client (the funeral home) remains the controller of that personal information. Mortem AI acts as a service provider, processor, or sub-controller, depending on the applicable jurisdiction's privacy framework. We process such personal information only on the Client's documented instructions and to deliver the Services described in our Master Service Agreement with that Client.

If you interacted with an AI assistant on a funeral home's website or via SMS and have a privacy question about that interaction, please first contact the funeral home directly, as they control that data. You may also contact us at [email protected] and we will direct your request appropriately.

How our AI Services work

Our flagship product, "Sarah," is an AI-powered conversational assistant deployed on funeral home websites, SMS channels, and email. Sarah is configured with content provided by each funeral home Client (services offered, pricing, locations, hours, frequently asked questions) and uses large language models to generate responses to end-user inquiries.

Sarah is not a substitute for licensed funeral director services and is configured to:

• Identify itself as an AI assistant at the start of every interaction;
• Escalate to a human team member whenever an end user requests human contact, when emotional distress or crisis indicators are detected, or when the conversation involves matters requiring professional judgment;
• Decline to provide legal, medical, or professional advice;
• Decline to make binding pricing or service commitments on the funeral home's behalf;
• Decline to process health information, cause-of-death information, or Protected Health Information.

Information we collect

Information you provide to us

• Contact details, such as name, email address, and phone number.
• Business details, such as company name, role, billing contacts, and operational information shared during onboarding.
• Account and support information, such as credentials, preferences, and communications with us.
• Payment information handled by our payment processor. We do not store full payment card numbers on our servers.

Information collected automatically when you visit our websites

• Usage and device data, including IP address, browser type, pages viewed, timestamps, and referring URLs.
• Analytics events and session data via tools such as Google Analytics and Microsoft Clarity.
• Advertising identifiers and pixel data via Meta Pixel and Google Ads, subject to your cookie preferences.

Information processed on behalf of Clients

When our Clients use Mortem AI to power chat, forms, SMS, or email on their funeral home websites or in their CRM, we may process the following categories of personal information on their behalf:

• Contact information (name, telephone number, email address, postal address) of the Client's customers and families;
• Communication content (chat transcripts, SMS messages, email content) exchanged through Mortem AI Services;
• Service inquiry details and appointment scheduling data;
• Limited sensitive data: information related to deceased persons, bereavement circumstances, religious or cultural preferences, and limited financial information (such as the service tier inquired about).

Categories of personal information we do not collect or process: Social Security numbers, Social Insurance Numbers, or equivalent government identification numbers; financial account or payment card information; Protected Health Information; cause-of-death information.

How we use information

• Provide, operate, and improve the Services, including AI features, automations, and integrations.
• Authenticate users, secure accounts, and prevent fraud and abuse.
• Process payments and manage subscriptions.
• Provide customer support and respond to inquiries.
• Measure and analyse performance, including product usage and marketing effectiveness.
• Generate aggregated, anonymised, and de-identified statistical data that cannot reasonably be used to identify any individual.
• Send service-related communications and, where permitted by applicable law, marketing communications. You can opt out of marketing at any time.
• Comply with legal obligations and enforce our terms, including protection of rights, property, and safety.

Automated decision-making

Our AI Services include automated decision-making components. Sarah generates responses to end-user inquiries using large language model technology configured with content provided by the funeral home Client.

Sarah's outputs are assistive in nature and are not used to make decisions that produce legal effects or similarly significant effects concerning individuals. Sarah does not:

• Bind funeral homes contractually;
• Make final pricing or discount commitments;
• Accept cremation authorisation (which requires written next-of-kin authorisation under applicable law);
• Determine eligibility for services, financing, or pre-need arrangements.

Where applicable law (including Quebec's Act respecting the protection of personal information in the private sector as amended by Law 25) grants individuals the right to be informed of automated decision-making and to request human intervention, you may contact us at [email protected] to exercise that right. The funeral home Client, as data controller, will work with us to provide the required information and human review.

AI transparency disclosure

In accordance with California Business and Professions Code Section 17941 (SB 1001), Quebec Law 25, and similar transparency obligations, our AI assistant Sarah identifies itself as an automated AI assistant at the start of every interaction.

End users may at any time request to speak with a human team member at the relevant funeral home, and Sarah is configured to route such requests to designated human responders.

No training on Client Data

Mortem AI does not train, fine-tune, retrain, or otherwise develop or improve any artificial intelligence model, foundation model, or machine learning system using Client Data. This commitment applies to Mortem AI and to any third-party large language model provider that processes Client Data on our behalf.

Our current production large language model provider is OpenAI, which has contractually committed (in its API terms applicable to commercial API customers) not to use API inputs or outputs to train its models. We may use Anthropic for internal benchmarking and evaluation only, not in production runtime.

This no-training commitment does not apply to:

• Configuring the AI Services for the specific Client's deployment, including embedding Client Data in retrieval-augmented generation context windows on a per-conversation basis;
• Generating aggregated, anonymised, and de-identified statistical data that cannot reasonably be used to identify any individual;
• Mortem AI's internal evaluation, testing, and quality assurance of the AI Services using Mortem AI-owned or specifically licensed evaluation data, which does not include Client Data or any data derived from Client Data, whether in identifiable, aggregated, or anonymised form.

How we share information

• Service providers and sub-processors that help us deliver the Services, including hosting, infrastructure, AI inference, messaging, secrets management, analytics, and payment processing. See Sub-processors below.
• Clients when we process information on their behalf in connection with their use of the Services.
• Business transfers in the event of a merger, acquisition, financing, or sale of assets, subject to the same protections set forth in this policy.
• Legal and safety when required by law, subpoena, court order, or governmental request, or if necessary to protect rights, property, or safety of Mortem AI, our users, Clients, or the public.
• With consent or at your direction.

We do not sell personal information, and we do not share personal information for cross-context behavioural advertising as defined under California law or for similar purposes under the laws of other US states or Canadian provinces.

Sub-processors

We use the following sub-processors to deliver the Services. This list is current as of the date at the top of this policy and is republished here as it changes. Clients receive thirty (30) days advance notice of additions, substitutions, or removals of sub-processors that process Client Data.

Cookies and tracking technologies

We use cookies, pixels, SDKs, and similar technologies to operate and improve the Services, understand usage, and support advertising. You can control cookies through your browser settings.

Some browsers send "Do Not Track" signals. Our Services do not respond to these signals at this time. Where required by law, we will honour valid user-enabled global privacy controls, such as the Global Privacy Control (GPC) signal.

Advertising and analytics

We use analytics services such as Google Analytics and Microsoft Clarity to evaluate and improve the Services. We also use advertising platforms such as Google Ads and Meta Ads. These partners may set cookies or read existing cookies and collect information about your use of the Services and other sites over time for analytics and advertising purposes.

You can learn about Google's practices and opt out at policies.google.com/technologies/ads and control Meta interest-based ads at facebook.com/help.

Security, retention, and location of processing

Security

We implement reasonable and appropriate administrative, technical, and physical safeguards to protect personal information, including encryption in transit (TLS 1.2 or higher), encryption at rest (AES-256), multi-factor authentication on administrative consoles, centralised secrets management with audit logging, continuous vulnerability scanning, and incident response procedures. No security controls are perfect and we cannot guarantee absolute security.

To report a suspected security vulnerability, please contact [email protected].

Retention

We retain personal information only as long as necessary to provide the Services and for legitimate business or legal purposes, including to comply with law, resolve disputes, and enforce agreements. The following retention periods apply to information processed in connection with the Services, unless otherwise required by law or agreed in writing with the relevant Client:

• Conversation transcripts: 24 months from creation;
• Application logs (operational): 90 days from creation;
• Security and audit logs: 12 months from creation;
• Backup data: 7 days for daily backups, with longer-period backups deleted on a rolling schedule;
• Aggregated, anonymised, de-identified statistical data: indefinitely.

Where personal information is processed on behalf of a Client (funeral home), retention is governed by our agreement with that Client. Upon termination of a Client agreement, we delete or return Client Data within the timeframe specified in that agreement.

Location of processing

We and our service providers process information primarily in the United States. See Cross-border data transfers below for additional information relevant to Canadian residents.

Cross-border data transfers

If you are located in Canada, please note that personal information about you may be transferred to, stored in, and processed in the United States by Mortem AI and our sub-processors. Personal information processed outside Canada may be subject to lawful access by foreign law enforcement and national security authorities.

PIPEDA comparable protection

In accordance with Principle 4.1.3 of Schedule 1 to Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Mortem AI maintains administrative, technical, and contractual safeguards designed to provide a level of protection for personal information processed outside Canada substantially comparable to that required under PIPEDA, including the security measures described above and the contractual commitments imposed on our sub-processors.

Alberta PIPA notice

If you are an Alberta resident and personal information about you is processed by us outside Canada, you may obtain information about our cross-border processing policies and the contact information of foreign service providers by writing to us at [email protected], in accordance with Section 13.1 of Alberta's Personal Information Protection Act.

Canadian-region hosting option

Where a Client requires personal information of Canadian residents to be stored and processed within Canadian territory (including to satisfy Quebec Law 25 obligations), Canadian-region hosting via Supabase's Canadian regions or equivalent infrastructure is available on commercially reasonable terms agreed separately between Mortem AI and the Client.

Your US privacy rights

Depending on your state of residence, you may have rights to access, correct, delete, or obtain a portable copy of certain personal information, and to opt out of certain processing activities such as targeted advertising, sale of personal information, sharing for cross-context behavioural advertising, or significant automated decision-making.

States with comprehensive privacy laws as of the date of this policy include, for example, California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Tennessee, Minnesota, Montana, Indiana, Florida, Maryland, Rhode Island, and Kentucky.

To exercise these rights, contact us at [email protected]. We will verify your identity before responding and will respond within the timeframes required by applicable state law. You may also authorise an agent to submit a request on your behalf, subject to verification.

If we deny your request, you may appeal our decision by replying to our response and requesting reconsideration. We will respond to appeals within 60 days. If your appeal is denied, you may file a complaint with your state Attorney General.

Your Canadian privacy rights

If you are a Canadian resident, you have rights under PIPEDA and applicable provincial privacy laws (including British Columbia PIPA and Alberta PIPA), including the right to:

• Access personal information we hold about you;
• Request correction of inaccurate personal information;
• Withdraw consent to processing where consent is the basis for processing, subject to legal and contractual restrictions;
• Receive information about how we manage personal information, including our policies and practices.

To exercise these rights, contact us at [email protected]. If you are dissatisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada, the Office of the Information and Privacy Commissioner of Alberta, or the Office of the Information and Privacy Commissioner for British Columbia, as applicable.

Your Quebec-specific rights

If you are a Quebec resident, you have additional rights under Quebec's Act respecting the protection of personal information in the private sector as amended by Law 25, including the right to:

• Access and request correction of personal information we hold about you;
• Request de-indexing or cessation of dissemination of personal information that contravenes the law or a court order;
• Receive your personal information in a structured, commonly used technological format (data portability);
• Be informed of automated decision-making and request human intervention, as set out in Automated decision-making above;
• Request the cessation of dissemination or de-indexing of personal information where applicable.

To exercise these rights, contact our Privacy Officer at [email protected]. If you are dissatisfied with our response, you may file a complaint with the Commission d'accès à l'information du Quebec (CAI).

Opt-outs and privacy choices

• Marketing emails: Use the unsubscribe link in any marketing email, or contact us at [email protected].
• SMS messages from funeral home Clients: Reply STOP to opt out. The funeral home and our messaging infrastructure will honour the opt-out across all future marketing messages.
• Analytics and advertising cookies: See Advertising and analytics above and your device or browser settings.
• Targeted advertising and sale of personal information opt-out (where applicable): Contact [email protected].
• Global Privacy Control (GPC): Where required by law, we honour GPC signals as a request to opt out of sale or sharing of personal information.

Children's privacy

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to us, contact us at [email protected] and we will take steps to delete such information.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and revise the "Last updated" date. For material changes, we will provide additional notice (such as an email notification or a prominent notice on our website) before the changes take effect. Your continued use of the Services after changes become effective signifies your acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or our privacy practices, contact us at:

Mortem AI Inc.
1717 Devney Drive
Altoona, Wisconsin 54720
United States

Privacy: [email protected]
Security: [email protected]
General: [email protected]