Security & Compliance

At Memorial Management, we understand that funeral homes handle deeply personal and sensitive information. Protecting that data is a responsibility we take seriously. Our platform is designed with security, privacy, and reliability at its core.

This page outlines how we safeguard your data and maintain trust.

Data Hosting & Infrastructure

Memorial Management is hosted on secure cloud infrastructure backed by Google Cloud SQL, deployed through Replit's production environment.

  • Production and development environments are fully separated
  • Production databases are created only at publish time
  • Development tools cannot directly modify production data
  • No public database access or public IP exposure

This architecture prevents accidental data exposure and unauthorized access.

Multi-Tenant Data Isolation

Each funeral home operates in a fully isolated tenant environment.

  • Over 63 tenant-isolation enforcement points across all database queries
  • Data access is restricted at the application level
  • Users can only access records associated with their assigned funeral home(s)

This ensures one funeral home can never view or access another funeral home's data.

Encryption & Data Protection

We use industry-standard encryption to protect data at all times:

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for data at rest
  • Secure session handling and hardened cookies
  • Security headers including CSP, HSTS, and X-Frame-Options

Access Controls & Authentication

Access to Memorial Management is protected through layered controls:

  • Role-based access permissions
  • Password complexity requirements
  • Rate limiting on authentication attempts
  • CSRF protection on 155+ forms
  • Secure session management and timeout handling

Only authorized users can access sensitive functionality.

Secrets & Credential Management

All sensitive credentials are securely managed:

  • API keys and credentials are stored as encrypted secrets
  • Secrets are never hard-coded into the application
  • Secrets are not exposed in logs or public forks
  • Production secrets are isolated from development secrets

This includes payment credentials and third-party integrations.

Payments & Financial Security

Memorial Management integrates with Stripe for payment processing.

  • Payment information is handled directly by Stripe
  • Memorial Management does not store credit card numbers
  • Stripe operates under PCI-DSS compliance standards

Backups & Data Recovery

To protect against accidental loss or system issues:

  • Production databases support point-in-time recovery
  • Rollback capabilities are available if needed
  • Platform architecture is designed for minimal downtime during updates

Incident Response Commitment

While no system can guarantee zero risk, we are committed to responsible handling of any security concerns.

In the event of a suspected security incident, we will:

  • Investigate promptly
  • Restrict access as needed
  • Review logs and affected systems
  • Notify impacted customers if applicable
  • Take corrective action to prevent recurrence

Continuous Improvement

Security is an ongoing process. Memorial Management regularly reviews:

  • Application-level safeguards
  • Access controls
  • Platform updates and best practices

As the platform grows, additional security measures and third-party reviews may be introduced.

Questions?

If you have questions about security, privacy, or data protection, please contact us directly. We are happy to discuss our safeguards and how they support your funeral home's responsibilities.

Email: security@memorialmanagement.com

SSN Privacy Protection Policy

We maintain a dedicated Social Security Number Privacy Protection Policy that details how SSN data is collected, encrypted, accessed, and disposed of in compliance with all 50 state privacy laws including California, Connecticut, Minnesota, Illinois, New York, and Virginia requirements.

View SSN Privacy Protection Policy
Return to Home