Privacy Policy.

“Afterward,” “we,” and “us” mean Afterward LLC, an Oregon domestic limited liability company that operates the Afterward service at afterward.care and app.afterward.care. Our Oregon registry number is 258197699. Legal correspondence may be sent to 5441 S Macadam Ave, Ste N, Portland, OR 97239.

This policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over it. It applies to the marketing site, the web application, and the mobile applications we publish.

Account information. Your email address, a password hash (we never store your password itself), and the basics needed to authenticate you. If you sign in with a third-party identity provider, we receive the identifiers that provider returns.

Billing information. If you choose Family, Stripe handles card details directly. Afterward stores the billing references needed to run the subscription: Stripe customer ID, subscription ID, price ID, plan status, renewal and cancellation state, and invoice, payment, refund, dispute, or chargeback references when needed for support, accounting, tax, fraud prevention, or legal compliance. We do not send billing metadata to advertising platforms or marketing tools.

Binder content. The text and files you place in your binder are encrypted on your device before they reach us. We store the encrypted form. We do not have, and cannot derive, the keys to read it.

Recipient details. The names, email addresses, and phone numbers of the people you choose as recipients, so we can deliver the read-link if and when you ask us to. Delivery email addresses are encrypted at rest and deleted when the recipient is revoked or after the delivery retry window closes. Recipients do not need an Afterward account.

Operational telemetry. Aggregate usage data — page loads, error rates, performance metrics — and the timestamps we need to run the courtesy interval (the date you last opened the application). We do not inspect the contents of any binder to produce this telemetry.

Communications with us. If you write to us, we keep a record of that conversation so we can follow up.

The contents of your binder. Including everything you mark as a sealed envelope. The architecture is end-to-end encrypted; we hold an unreadable copy.

Behavioural profiles for advertising. Afterward does not run advertising and is not built to support it. We do not build a profile of you to sell, share, or rent.

Data brokered from third parties. We do not buy lists or augment your account with information acquired from data brokers.

Training data for artificial intelligence. We do not use your binder content to train, fine-tune, or evaluate machine-learning models, and we do not provide it to third parties for those purposes.

We use what we collect to:

• Operate the Afterward service — store your encrypted binder, deliver read-links to the recipients you named, and run the courtesy interval that allows the binder to do its job if you cannot reach for it yourself.
• Communicate with you about your account and the courtesy-interval check-ins.
• Provide support when you write to us.
• Improve the product based on aggregate usage patterns and the technical telemetry described above. We do not inspect binder content to do this.
• Process Family billing, refunds, cancellations, and subscription support when you choose a paid plan.
• Comply with legal obligations and enforce our terms.

You. You can see, edit, export, and erase everything in your account.

The recipients you name. They see the parts of the binder you have shared with them, on the schedule you set. They do not need to install an application or create an account; they read in a browser through a single-use sign-in link.

Service providers we contract with. Cloud infrastructure, authentication, email delivery, hosting, DNS, and customer-support tooling, each under a written agreement that limits what they can do with the information they handle on our behalf. The launch service uses Clerk for authentication, Railway for API hosting and Postgres in its US West region, Cloudflare for DNS, Vercel for web hosting, Resend for transactional email, Google Workspace for company email, and Stripe for Family billing and payment processing.

Legal authorities. If we receive a valid legal request — a subpoena, court order, or equivalent — we evaluate it carefully and respond as the law requires. What we are able to provide is the encrypted form of your binder, which is unreadable without the keys you and your recipients hold. We do not have the keys, and we will not engineer a way to obtain them. Where the law allows, we will notify you before complying.

Acquirers. If Afterward is acquired or its assets are transferred, your information may transfer with it, subject to this policy and any successor policy that gives you at least equivalent protection.

No one else. We do not sell personal information. We do not rent it. We do not share it with advertising networks or data brokers.

We use a small number of first-party cookies and similar storage to keep you signed in, protect sessions, remember the basics of how you have set up the application, and measure aggregate service health. These cookies are not used for advertising or cross-site tracking.

We do not use third-party advertising cookies. We do not use cross-site tracking. The marketing site loads fonts from Google Fonts; the application loads no third-party fonts.

We keep your binder for as long as your account is active, plus a short window after you close it so an export can be retrieved. After you close your account, we keep the encrypted binder and account record for thirty days so a final export can be retrieved, then delete them from active systems.

Operational logs and telemetry are retained for ninety days, after which they are deleted on a rolling basis. Security-relevant audit events — sign-ins, share-link creation, recipient access, and sealed-envelope release activity — may be kept for up to thirteen months in a separate, content-free audit store to support incident review.

Communications with our support team are retained for as long as we may need them to provide you continuity of service, and no longer.

Billing references are retained for as long as needed to provide billing support, process refunds, handle disputes or chargebacks, prevent fraud, keep accounting and tax records, and meet legal obligations. If you close your account, we remove product access records we no longer need, but we may retain billing records for those limited purposes.

You can ask us to erase your account at any time. The contents are deleted from our active systems promptly, and purged from backups within ninety days as older backup snapshots age out on our hosting provider's rolling schedule.

Afterward is built on an end-to-end encrypted architecture. Your binder is encrypted on your device using a data key that is wrapped by two parallel paths — one based on a passkey on your device, and one based on a backup code you confirm at signup. Either path can unwrap the data key; both are required to exist so you have a working backup if a device is lost. We hold the encrypted forms; we do not hold the keys.

We use industry-standard transport encryption between your devices and our servers, restrict employee access to systems that hold customer data, log administrative access, and run regular security reviews. Afterward has not yet completed an external audit programme such as SOC 2 Type II, and we do not claim certifications we have not earned; we will publish certification status on the security page as the programme matures.

A detailed plain-language description of the architecture, including the precise cryptographic primitives, lives on the security page.

No security architecture is absolute. If we discover a breach affecting your information, we will notify you as the law requires and as quickly as we reasonably can.

Depending on where you live, you may have rights to access, correct, port, restrict, or erase the personal information we hold about you, to object to certain kinds of processing, and to lodge a complaint with a supervisory authority. If you are a California resident, you have rights under the CCPA, as amended by the CPRA, to know what we have collected, to delete it, to correct it, to receive a copy, to limit the use of sensitive personal information, and to opt out of sale or sharing — Afterward does not sell or share personal information. We respond within 45 days, extendable by a further 45 as the statute allows. If you live in another US state with a comprehensive privacy law — including Oregon, Colorado, Connecticut, Virginia, Utah, Texas, or Montana — you have substantially similar rights, and we respond within 45 days.

You can exercise the rights that apply to you by writing to privacy@afterward.care. We will respond within the timeframes the law requires and will ask for verification before acting on requests that could expose your account to a third party.

Many of these rights you can also exercise yourself, directly, from inside the application — export your data, edit any field, change recipients, or close the account.

Afterward stores and processes data on servers located in the United States, including API and database hosting in Railway's US West region. If you use Afterward from outside the United States, your information will be transferred to and processed in the United States.

Afterward is for adults. The service is not directed to children under 18, and we do not knowingly collect personal information from children. If you believe a child has signed up, write to us and we will erase the account.

We will update this policy from time to time. When the changes are material, we will tell you in the application and by email at least thirty days before they take effect, and we will keep the previous version archived so you can compare them.

Non-material changes — clarifying language, fixing a typo, updating an address — take effect when posted, and the “Last updated” date at the top of this page changes accordingly.

For privacy questions, write to privacy@afterward.care. For everything else, write to hello@afterward.care. A real person reads both.

Privacy is coordinated by James Farmer at privacy@afterward.care. Legal correspondence may be sent to Afterward LLC, 5441 S Macadam Ave, Ste N, Portland, OR 97239. Our registered agent for service of process is Northwest Registered Agent LLC at the same address.