Privacy policy
Last updated · 9 May 2026
This policy explains what personal data karasira.org ("the memorial", "we", "us") collects from visitors and contributors, why we collect it, how it is stored, and what rights you have over it.
The memorial is operated by independent volunteer maintainers. It is not operated by, on behalf of, or in any way commercially affiliated with the Karasira family or any government.
This policy is written to comply with the EU General Data Protection Regulation (GDPR) and the Rwandan Law N° 058/2021 of 13/10/2021 relating to the protection of personal data and privacy. If you live in another jurisdiction, your local rules may give you additional rights.
1. Who we are
Data controller: Aimable Karasira Memorial — community maintainers.
Contact for any privacy request: privacy@karasira.org
If you do not receive a reply within 10 days, you may also write to aimablekarasira01@gmail.com.
2. What we collect, why, and on what legal basis
| What | When | Why | Legal basis |
|---|---|---|---|
| Your name and city you submit (memory book) | You fill in the memory form | To attribute your contribution | Consent (Art. 6(1)(a) GDPR) |
| Email address (donations, contributions, audio testimonies) | You make a donation, choose a paid contribution tier, or sign in to record audio | Receipt, refund, moderation contact | Contract (Art. 6(1)(b)) for paid items; consent for free |
| Audio testimony (file + metadata) | You record a testimony | To publish (after moderation) on the memorial | Consent |
| Photo file you upload | You add a photo | To publish in the gallery | Consent |
| Card details | You pay | To process the payment | Contract — handled by Stripe; we never see card numbers |
| Hashed IP and browser fingerprint | Every page request | Rate-limiting, abuse prevention, security | Legitimate interest (Art. 6(1)(f)) |
| Error and performance traces (Sentry) | An error occurs | Diagnose and fix bugs | Legitimate interest |
| Cookie / localStorage values (welcome acceptance, language) | You first visit | Remember your choices so we don't ask again | Strictly necessary — no consent needed |
3. What we never collect
- Tracking pixels, analytics fingerprints or advertising identifiers
- Your raw IP address (we hash it before storage)
- Browsing data outside this site
- Card numbers, CVC, or full bank details (Stripe handles those entirely)
- Phone numbers (we don't ask)
- Information about minors — please do not submit on behalf of anyone under 16
4. Third parties we share data with (sub-processors)
To run the site we use the following sub-processors. Each receives only what is strictly needed.
| Service | What they receive | Why | Where |
|---|---|---|---|
| Vercel | Page requests, IP | Hosting | EU + US |
| Neon | Submitted text and metadata | Database | EU (Frankfurt) |
| Stripe | Email, card details, amount | Payments | US, EU |
| Clerk | Email, password (hashed), session | Authentication for audio testimonies | US, EU |
| Cloudinary | Photos, audio files | Media storage + EXIF strip + moderation | EU + US |
| Resend | Email address | Receipts, moderation alerts | EU + US |
| Sentry | Error stack traces | Bug tracking | EU (Frankfurt) |
| Cloudflare | IP, request metadata | DNS, WAF, DDoS protection | Global |
| Google Fonts | IP only (no cookies) | Serving fonts | Global |
| YouTube (privacy-enhanced mode) | Only when you click a video → page request | Album section | Global |
We do not sell or rent any personal data. Ever.
5. How long we keep things
- Approved memories, photos, testimonies — kept indefinitely as part of the public archive (you can request deletion at any time, see § 7)
- Rejected submissions — deleted within 30 days of moderation decision
- Donation records — kept 7 years for tax / accounting (legal obligation)
- Hashed IPs (rate-limit table) — auto-deleted after 24 hours
- Error traces (Sentry) — 90 days, then auto-deleted by Sentry
6. Cookies and local storage
We use the minimum technical storage needed to make the site work. No tracking, no advertising cookies.
k.welcome.accepted.v1— remembers you accepted the memorial guidelines (avoids showing the modal twice)k.lang— your language preference (EN / FR)k.memories.v1— your unsent / pending memory drafts (stays on your device)__client,__session(Clerk) — your sign-in session, only set after you log in to record a testimony__cf_bm(Cloudflare) — bot detection, expires after 30 minutes
We do not use Google Analytics, Meta Pixel, or any other behavioural tracker.
7. Your rights
Under GDPR you have the right to:
- Access — request a copy of every piece of data we hold on you
- Correct — fix anything that's wrong
- Delete — withdraw a memory, photo or testimony, or close your account
- Restrict — pause processing of your data while we look into something
- Object — to processing based on legitimate interest
- Portability — receive your data in a machine-readable format
- Withdraw consent — at any time, with no penalty
- Complain — to your national data protection authority (in EU/EEA), or to Rwanda's National Cyber Security Authority
To exercise any of these, write to privacy@karasira.org. We respond within 30 days.
8. International transfers
Some of our sub-processors (Stripe, Cloudinary, YouTube, Sentry) host data in the United States. Where this happens, transfers rely on EU Standard Contractual Clauses and the EU-US Data Privacy Framework. We do not knowingly transfer data to any country without an adequacy decision or appropriate safeguards.
9. Security
We apply industry-standard safeguards: TLS 1.3 in transit, encrypted at rest, signed Stripe webhooks, signed Cloudinary uploads, Cloudflare WAF, rate limiting, EXIF strip on photos, NSFW moderation, and per-environment secret scoping. The admin area requires multi-factor authentication.
If a personal-data breach occurs that puts you at risk, we will notify the relevant supervisory authority within 72 hours and you within 30 days, in line with Articles 33–34 GDPR.
10. Changes to this policy
If we change anything material, the "Last updated" date at the top will move and we will note the change at the top of this section. For changes that affect data processing significantly, we will email anyone who has given us an email and post a banner on the site for 30 days.
See also: Terms of Service · Cookie notice · Memorial home