Dafn Registry

Privacy Policy

Last updated: 19 June 2026

Dafn Registry (“we”, “us”) provides software for UK Muslim cemeteries: a public memorial portal and an operations platform for the cemeteries themselves. This policy explains what personal data we handle, why, and your rights under UK GDPR and the Data Protection Act 2018. For any privacy question or request, contact hello@dafnregistry.com.

Our role

For a cemetery’s burial records and the people in them, the cemetery is the data controller and we are a data processor acting on its instructions. For our own marketing site, directory, and operator accounts, we are the controller.

What we collect

  • Cemetery operators: name, email, role, and authentication details for staff accounts.
  • Burial & memorial records:the deceased person’s name, dates, plot, and any biographical content the cemetery or family chooses to add. (UK GDPR does not apply to the deceased, but we still protect these records.)
  • Next of kin & responsible persons: name, address, phone, and email captured during a burial booking.
  • Visitors: the name, email, and message you provide when leaving a tribute, contacting a cemetery, following a memorial, or making a contribution.
  • Payments: processed by Stripe. We receive a confirmation and amount — we never see or store full card numbers.
  • Technical: essential session cookies and standard server logs.

Why we use it (lawful bases)

  • To provide the service to cemeteries — contract and our processing agreement with them.
  • To publish memorials and the cemetery directory, and to take bookings and contributions — legitimate interestsand the cemetery’s instructions.
  • To send memorial-follow and notification emails — consent, which you can withdraw at any time.

Who we share it with (sub-processors)

We use a small set of trusted providers, each under a data processing agreement:

  • Supabase — database & secure storage
  • Vercel — application hosting
  • Stripe — payment processing
  • Mailgun — transactional email
  • Mapbox — maps

Where a provider processes data outside the UK/EEA, that transfer is covered by appropriate safeguards (e.g. UK IDTA / Standard Contractual Clauses). We never sell personal data.

How long we keep it

Burial and memorial records are retained as part of the cemetery’s permanent register, for as long as the cemetery instructs. Next-of-kin contact details and visitor messages are retained only as long as needed for the purpose collected. Operator accounts are kept for the life of the subscription and deleted on request after closure.

Your rights

Under UK GDPR you can ask to access, correct, erase, restrict, or port your personal data, and to object to certain processing. For memorial and burial records, requests are directed to the cemetery (the controller); we will assist them. Email hello@dafnregistry.com and we will respond within one month. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk.

Cookies

We use only strictly-necessary cookies — to keep operators signed in and to keep the site secure. We do not use advertising or cross-site tracking cookies. Maps may set their own functional storage to work. Because we use only essential cookies, no consent is required to set them.

Changes

We may update this policy; material changes will be reflected in the “last updated” date above. Questions? See our Terms or email us.