Oaza Mira Logo
Privacy Policy

OAZA MIRA LLC

Effective date: 1 April 2026

1. Data Controller

Company: OAZA MIRA LLC

Address: 3834 Powerline Road, Fort Lauderdale, FL 33309, USA (principal office) / Mailing address: 261 North University Drive, Suite 500, Plantation, FL 33324, USA

Email: contact@oaza-mira.app

2. EU Representative (Art. 27 GDPR)

As OAZA MIRA LLC is established outside the European Union and processes the personal data of EU citizens, we have appointed the following representative in accordance with Article 27 of the General Data Protection Regulation (GDPR):

Organisation: AEON – Vereinigung für Bildung und Organisation der Verbindung zwischen den Generationen Address: Schönbrunner Straße 35/Top 4, 1050 Vienna, Austria ZVR number: 1568721336

3. Data We Collect

3.1 Account data

Name, email address and login credentials provided during registration.

3.2 Payment data

Payment information is processed by our partner Stripe. We do not store credit card details on our servers.

3.3 Order data

Information about your bookings, including the grave location, type of service and communication with service providers.

3.4 Usage data

IP address, browser type, device information, pages visited and general interaction data collected by analytics tools, including Google Analytics.

3.5 Communication data

Information you provide when contacting us or subscribing to our newsletter.

3.6 Photographs and images (Proof of Care)

“Before and after” photographs of the grave site uploaded by service providers as proof that the service has been performed and for quality assurance. These photographs may show headstone inscriptions, monuments and their immediate surroundings.

3.7 Location data (GPS)

Geolocation metadata (GPS coordinates) associated with Proof of Care photographs and the grave site location, which we use to verify that the service was carried out at the correct location.

3.8 Phone number

We collect your phone number for identity verification by one-time password (OTP), account protection and order-related communication.

3.9 Grave and deceased person data

Information you enter about the grave site and the deceased person (e.g. name and inscription on the monument, name and location of the cemetery, grave plot reference) that is necessary to perform the ordered service.

4. Purpose and Legal Basis

  • Performance of a contract (Art. 6(1)(b) GDPR): processing your bookings, managing your account, processing payments, enabling communication between customers and service providers.
  • Legitimate interests (Art. 6(1)(f) GDPR): improving our platform, analytics, fraud prevention, quality assurance (Proof of Care verification).
  • Consent (Art. 6(1)(a) GDPR): marketing communication, newsletter, marketing cookies. You may withdraw your consent at any time.
  • Legal obligation (Art. 6(1)(c) GDPR): tax retention, legal compliance, responding to lawful requests.

We carry out phone number verification by one-time password (OTP) and the processing of Proof of Care photographs and GPS data for the performance of the contract (Art. 6(1)(b) GDPR) and for our legitimate interest in quality assurance and fraud prevention (Art. 6(1)(f) GDPR).

5. Recipients and Data Processors

We share personal data with the following categories of recipients to the extent necessary for the operation of our platform:

  • Stripe, Inc. – payment processing
  • GoHighLevel – customer relationship management and communication
  • Google Analytics – website analytics
  • Google / Firebase (Google LLC) – hosting, database, authentication, photo storage (Proof of Care) and push notifications
  • Resend – delivery of transactional and system emails
  • WhatsApp / Meta Platforms – user communication via WhatsApp messages

Data is shared only to the extent necessary for the specific purpose. All processors are contractually bound to handle data in accordance with applicable data protection laws.

6. International Data Transfers

Important: Our servers and primary data processing operations are located in the USA. OAZA MIRA LLC is not certified under the EU–US Data Privacy Framework. By using our platform, you acknowledge that your personal data is transferred to and processed in the USA. We apply appropriate safeguards, including Standard Contractual Clauses where applicable, to protect your data during such transfers.

These transfers to the USA also include photographs (Proof of Care), GPS location data and phone numbers, as they are processed via providers based in the USA (e.g. Google/Firebase, Resend, Meta). Standard Contractual Clauses and appropriate safeguards likewise apply to these categories of data.

7. Storage Period

We retain personal data for as long as your account is active or as necessary to provide our services. Upon termination of your account, we retain data in accordance with applicable tax and commercial legal obligations or as necessary to resolve disputes. Data processed for marketing purposes is kept until you withdraw your consent.

8. Your Rights (EU Users)

If you are located within the European Union, you have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR) – request information about your processed data
  • Right to rectification (Art. 16 GDPR) – correction of inaccurate data
  • Right to erasure (Art. 17 GDPR) – request deletion of your data
  • Right to restriction of processing (Art. 18 GDPR) – restrict the processing of your data
  • Right to data portability (Art. 20 GDPR) – receive your data in a portable format
  • Right to object (Art. 21 GDPR) – object to processing based on legitimate interests
  • Right to withdraw consent (Art. 7(3) GDPR) – withdraw your consent at any time

To exercise your rights, please contact us at contact@oaza-mira.app. We will respond within 30 days. You also have the right to lodge a complaint with the supervisory authority in the EU Member State of your residence.

9. Newsletter

If you subscribe to our newsletter, we process your email address on the basis of your consent. You may unsubscribe at any time by clicking the unsubscribe link in the email or by contacting us.

10. Cookies

Detailed information about our use of cookies can be found in our Cookie Policy.

11. Security

We use industry-standard technical and organisational measures to protect your personal data against unauthorised access, loss or alteration. Payment data is processed exclusively through certified PCI-DSS providers.

12. Children’s Privacy

Our platform is not intended for persons under the age of 18. We do not knowingly collect personal data from minors.

13. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy at any time. Changes will be published on the platform with an updated effective date. Continued use of the platform constitutes acceptance of the amended Privacy Policy.

14. Contact

For all privacy-related enquiries:

Email: contact@oaza-mira.app

EU Representative: AEON, Schönbrunner Straße 35/Top 4, 1050 Vienna, Austria