Last updated: June 5, 2026
AncestralFire is a subscription product built by Event Horizon Partners. You pay us to research your family history, and that means our interests run exactly parallel to yours: we want you to keep subscribing because we made your family history feel real, not because we've trapped your data or monetized your attention.
Three guarantees: No ads, no data sale, no AI training on your data. Export anytime. Delete anytime.
Contents
AncestralFire is a product of Event Horizon Partners, a US-based company. We operate the service at app.ancestral-fire.com.
"AncestralFire," "we," "us," and "our" all refer to Event Horizon Partners and the AncestralFire product.
Contact: [email protected]
We collect the minimum necessary to deliver the service.
| What | Details | Shared with |
|---|---|---|
| Account | Email (required), display name (optional), WorkOS user ID, plan status | WorkOS (auth); Stripe (billing) |
| Family tree | Ancestor names, dates, places, relationships, GEDCOM files, record hints. Per-subscriber — no other subscriber sees your tree. FamilySearch data read-only when you connect (opt-in). | AncestralFire only |
| Conversations | Full chat turns (you + AI), tool calls the AI made on your behalf, sources cited. Only you can access these. | AI inference providers during active requests only (see §14) |
| AI memories | Facts the AI recorded about your research preferences. Every memory is visible and deletable at /activity. | AncestralFire only |
| Discoveries | Genealogy insights you or the AI save. Public sharing via link is opt-in and off by default. | AncestralFire; public if you share |
| Activity log | Every significant action AncestralFire takes on your behalf. Visible to you at /activity. | AncestralFire; WorkOS Audit Logs |
| Usage analytics | Anonymous page views and feature events. No conversation content, no tree data. | PostHog |
| Billing | Stripe customer ID and subscription ID only. Card numbers never touch our systems. | Stripe |
| Error traces | Stack traces when something breaks. Auto-redacted for PII before leaving our server. | Sentry |
| Server logs | IP addresses, request paths, timestamps. Deleted after 30 days. | AncestralFire only |
What we do not collect: raw DNA files; your current location; device fingerprints; advertising identifiers. If you mention DNA results in conversation, that text lives in your conversation history as text — no genetic file is stored.
We use your data to run the service you subscribed for. In concrete terms:
We do not use your data for advertising, cross-subscriber profiling, or AI model training.
We share data only with the sub-processors below, each receiving only what's necessary for their specific function.
| Sub-processor | Country | Purpose | Privacy policy |
|---|---|---|---|
| WorkOS | US | Authentication, sessions, audit logs | workos.com/legal/privacy |
| Stripe | US | Payment processing and billing | stripe.com/privacy |
| OpenRouter | US | LLM provider routing (primary AI path) | openrouter.ai/privacy |
| Anthropic | US | AI inference (Claude models) | anthropic.com/legal/privacy |
| US | AI inference (Gemini models) | policies.google.com/privacy | |
| OpenAI | US | AI inference (GPT models) | openai.com/policies/privacy-policy |
| Resend | US | Transactional email delivery | resend.com/legal/privacy-policy |
| Cloudflare | US / global | DNS, CDN, Tunnel, Pages, R2 storage, AI Gateway | cloudflare.com/privacypolicy |
| Sentry | US | Error monitoring and debugging | sentry.io/privacy |
| PostHog | US (EU-hosted data) | Product analytics | posthog.com/privacy |
| OVH | France, EU | VPS hosting — primary data store | ovhcloud.com/…/personal-data-protection |
| FamilySearch | US (nonprofit) | Tree data (read-only, when connected) | familysearch.org/privacy |
No one else. We don't share your data with data brokers, advertising networks, or any third party not on this list.
All structured data — your account, family tree, conversations, memories, discoveries, and activity log — is stored in a SQLite database on a VPS server hosted by OVH in France. The server is accessed exclusively over Tailscale VPN and is not exposed to the public internet directly.
The database is continuously replicated to Cloudflare R2 object storage via Litestream. GEDCOM files and other file uploads are stored in R2. R2 data sits in Cloudflare's US data centers by default.
When data moves from our OVH EU server to US-based sub-processors, we rely on Standard Contractual Clauses (SCCs) under GDPR Article 46 for each transfer.
| Data type | How long |
|---|---|
| Account, family tree, conversations, AI memories, discoveries | Until deletion + 30-day grace, then permanent purge |
| Activity log | Until account deletion + 30-day grace |
| Billing records (Stripe) | 7 years (legal obligation) |
| Database backups (R2 via Litestream) | 30-day rolling window |
| Server access logs (OVH VPS) | 30 days rolling |
| Error traces (Sentry) | 90 days |
| Usage analytics (PostHog) | 12 months rolling |
| Outbound email events (Resend) | 12 months |
These are live features, not future promises.
Download a complete copy of everything we hold about you — account profile, family tree, conversations, memories, discoveries, and activity log — as a machine-readable JSON file.
Settings → Your data → "Download my data", or GET /api/me/export
Permanently delete your account and all associated data. Your account is deactivated immediately. All data is purged after a 30-day grace period. After 30 days, it's gone and cannot be recovered. Billing records may be retained for legally required periods.
Settings → Your data → "Delete my account", or POST /api/me/delete
To cancel a pending deletion during the grace period: email [email protected].
Update your name and preferences directly in the app. For anything else, email [email protected] and we'll correct it within 10 business days.
Every action AncestralFire has taken on your behalf is recorded and visible to you at /activity. Memories written, discoveries saved, files uploaded, sign-ins, data exports. You don't have to ask us — it's already there.
Contact [email protected] and we'll exclude your account from PostHog event capture.
Exercising any of these rights will not affect your access to AncestralFire or the price you pay.
To submit a formal data subject request: email [email protected] with "Data Request" in the subject line. We'll verify your identity and respond within 30 days (GDPR) or 45 days (CCPA).
We use two cookies. That's it.
| Cookie | Purpose | Duration | Can you decline? |
|---|---|---|---|
WorkOS session (wos-session) |
Keeps you signed in. Sealed with AES-GCM encryption; never tracks you across other sites. | Session or 30 days | No — required for the app to work |
| PostHog analytics | Recognises returning visitors for anonymous usage metrics. No personal content is sent. | 1 year | Yes — contact us and we'll exclude your account |
We do not use advertising cookies, third-party tracking pixels, or fingerprinting.
AncestralFire is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child under 16 has created an account, email [email protected] immediately. We will investigate and, if confirmed, delete all associated data.
If you live in California, the CCPA gives you additional rights: know · delete · correct · opt out of sale/sharing (we don't sell or share) · limit use of sensitive personal information · non-discrimination. To exercise any: email [email protected] or use in-app controls at /settings. We respond within 45 days.
California SB 243 requires operators of AI companion chatbots to clearly identify the AI as artificially generated, not human. AncestralFire complies: the AI companion is identified as an AI throughout the experience — in the onboarding flow, in the interface, and in the product copy. AncestralFire is a genealogy research assistant, not a social or romantic companion chatbot.
If you are located in the EEA, UK, or Switzerland, GDPR gives you additional rights and we process your data on a lawful basis.
Lawful bases: Running the service — contract performance (Art. 6(1)(b)). Security, reliability, analytics — legitimate interests (Art. 6(1)(f)). Billing records — legal obligation (Art. 6(1)(c)). Marketing email — consent (Art. 6(1)(a)).
Your GDPR rights: access · portability · erasure · rectification · restriction · object to legitimate-interest processing · withdraw consent · lodge a complaint with your supervisory authority.
Automated decision-making: AncestralFire does not make automated decisions with legal or similarly significant effects (GDPR Art. 22).
EU contact: [email protected]. Formal GDPR requests receive a response within 30 days.
No system is 100% secure. If we discover a breach that affects your personal data, we will notify you and any required regulators within the timeframes required by law.
AncestralFire is powered by large language models (LLMs). The AI companion you interact with is not a human. This is disclosed throughout the product experience, in compliance with California SB 243 and EU AI Act transparency requirements.
When you chat with AncestralFire, your conversation turns are sent to an AI inference provider (Anthropic, OpenAI, or Google, depending on which model is active) via OpenRouter. These requests are made under commercial API agreements where none of these providers train their foundation models on API customer data.
We pay these providers for inference compute. They are data processors acting on our instructions. We do not build or fine-tune our own AI models. There is no path by which your data enters a training dataset.
The AI companion may, in the course of a conversation:
Every action the agent takes on your behalf is logged to your activity feed. Nothing happens behind the scenes.
We'll post any changes to this policy at ancestral-fire.com/privacy. For material changes, we'll email you at least 30 days before the change takes effect. "Material changes" means: changes to what we collect, changes to how we use it, new sub-processors, or changes to your rights.
For privacy questions, data access requests, deletion requests, corrections, or complaints:
Roger Parkinson
[email protected]
AncestralFire (a product of Event Horizon Partners)
We aim to respond within 5 business days.
If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority. A list of EU supervisory authorities is at edpb.europa.eu. If you're in the UK, contact the Information Commissioner's Office.
AncestralFire turns the open record of humanity into the story of who came before you. We take privacy seriously because the data you share with us — your family's history — is not just personal. It's sacred. Our job is to be trustworthy with it.
← Back to AncestralFire