Vona Compliance Memo
Last updated: October, 2025
At Vona, we understand how important it is for your institution to safeguard the trust of your community—whether that’s residents, students, educators, or families. We’re proud to share how Vona complies with international privacy regulations and prioritizes the protection of all personal data entrusted to us. Below is a short overview of our privacy framework, written in simple language, so you can understand what we do, why we do it, and how it protects your users.
Who We Are
Vona is a brand of For Posterity Ltd., a UK-based company that helps individuals, families, and institutions preserve personal and family legacies. Users upload stories, interviews, and photos to our secure online platform, which uses AI to help create digital or printed life story books.
How We Comply with Privacy Laws
Vona complies with the most rigorous international data protection standards, including:
GDPR (European Union)
UK GDPR
Israel’s Privacy Protection Law
California Consumer Privacy Act (CCPA)
We follow both the Controller and Processor models required by these laws:
As a Controller, we manage basic user information like account details, emails, or payment confirmations.
As a Processor, we handle sensitive story content, voice recordings, interviews, and images strictly on behalf of your users. We do not use this content for marketing or share it without explicit consent.
Key Privacy & Security Measures
We apply industry-standard safeguards to keep personal data secure:
Encryption: All user data is encrypted during transfer and while stored.
Strict Access Controls: Only authorized Vona employees can access personal data, and only when necessary.
Backups & Resilience: We back up user data and maintain robust business continuity practices.
AI Safety: Users’ private content is not used to train public AI models. Where anonymized data is used for improving Vona’s tools, it is stripped of personal identifiers.
Key Privacy & Security Measures
We apply industry-standard safeguards to keep personal data secure:
Encryption: All user data is encrypted during transfer and while stored.
Strict Access Controls: Only authorized Vona employees can access personal data, and only when necessary.
Backups & Resilience: We back up user data and maintain robust business continuity practices.
AI Safety: Users’ private content is not used to train public AI models. Where anonymized data is used for improving Vona’s tools, it is stripped of personal identifiers.
Your Role as a Partner
When your institution works with us—whether for a school legacy project, community initiative, or retirement home program—you are not required to collect or process personal data.
Instead:
Each end-user signs up independently and accepts our Terms of Service and Privacy Policy.
You, as the partner, do not receive access to personal data.
If you're participating in our affiliate referral program, you only see anonymized activity (e.g., “3 people signed up through your link”), not individual names or story content.
How we Care for Your Interests
We’ve structured our platform, contracts, and privacy systems to ensure:
Clear legal terms for all users (see our Terms of Service)
Consent-based data use for marketing, cookies, and referrals
An easy opt-out or deletion process for users who change their minds
Dedicated support from our team to answer any legal or privacy-related questions you or your organization might have
Additional Legal Protections
Our platform is backed by:
A detailed Privacy Notice (October 2025)
Up-to-date Terms of Service
A Data Processing Agreement (DPA) in place for all applicable use cases
A dedicated Data Protection Officer (DPO) to oversee compliance
Vendor controls and international transfer protections (e.g., EU Standard Contractual Clauses)
Questions?