Back
Privacy Policy

Afterword Privacy Policy

Effective date: March 31, 2026

Afterword is a secure, time-locked digital vault with three operating modes: Guardian Vault (check-in timer), Time Capsule (scheduled delivery), and Forever Letters (recurring annual delivery). This policy explains what information we collect, how we use it, and the choices you have.

1) What we collect

  • Account information: email address, authentication identifiers.
  • Profile settings: sender name, subscription status, timer settings, theme selections, app operating mode (Guardian Vault, Time Capsule).
  • Encrypted vault data: encrypted messages, encrypted recipient addresses, encrypted audio. We store ciphertext, dual key envelopes, and HMAC integrity seals — not plaintext.
  • Delivery metadata: scheduled delivery dates (Time Capsule), recurring delivery dates and last-sent-year tracking (Forever Letters), grace period timestamps.
  • Device and app info: push notification tokens and basic diagnostics needed to deliver notifications reliably.
  • Purchase information: subscription entitlement state (processed via our billing providers).

2) What we do not collect

  • We do not collect your message plaintext. All content is encrypted on your device with AES-256-GCM before upload.
  • We do not collect beneficiary security keys. Decryption happens locally in the beneficiary's browser using the Web Crypto API.
  • We do not collect analytics, advertising identifiers, location data, contacts, browsing history, or any telemetry.

3) How encryption works

Every vault entry is encrypted with a unique AES-256-GCM key generated on your device. The data key is then wrapped in a dual envelope: one half encrypted with your device secret (stored in secure hardware), one half encrypted with a server secret. Neither party alone can decrypt your data.

Each entry includes an HMAC-SHA256 integrity seal computed on your device. This seal covers the encrypted recipient, data key envelope, and metadata. If any sealed field is modified on the server, the HMAC will not match. Mismatches are logged but never block delivery — this prevents denial-of-service attacks.

Zero-knowledge mode (per entry, Guardian Vault and Time Capsule only): the server envelope stores an empty value. Only your device holds the decryption key. If lost, the entry is permanently unrecoverable.

4) How we use information

  • To create and manage your account.
  • To store your encrypted vault items and enforce integrity checks.
  • To operate the check-in timer, warnings, and protocol execution (Guardian Vault).
  • To deliver entries on scheduled dates (Time Capsule) or annually (Forever Letters).
  • To deliver push notifications and service emails.
  • To verify subscription entitlements securely.
  • To provide customer support when you contact us.

5) Legal bases

  • Contract: providing the service you request.
  • Legitimate interests: security, abuse prevention, and reliability.
  • Consent: where required (for example, notification permissions on your device).

6) Sharing and third parties

We use trusted providers to operate Afterword. They may process limited data on our behalf:

  • Supabase: database, authentication, encrypted storage.
  • Google Firebase Cloud Messaging: push notification delivery.
  • RevenueCat and Google Play Billing: subscription and purchase processing.
  • Resend: email delivery for warnings and beneficiary release messages.

No third party has access to your decrypted vault content. We do not sell your personal information.

7) Retention

  • Encrypted vault items are retained until you delete them, your account is deleted, or the protocol lifecycle triggers deletion.
  • Guardian Vault and Time Capsule: sent entries are available for 30 days (grace period), then permanently purged. Vault slots are recovered after purge.
  • Forever Letters: never automatically deleted. They deliver annually until you manually delete them or delete your account.
  • Operational logs and delivery metadata may be retained briefly for reliability and abuse prevention.

8) Security

Afterword is designed so the service cannot read your vault contents. Encryption occurs on your device using AES-256-GCM with unique per-entry keys. We use HMAC-SHA256 integrity seals to detect tampering. Recipients decrypt entries entirely in their browser using the Web Crypto API — the security key is never sent back to our servers. No system is perfectly secure, but we design and operate Afterword with security as a core requirement.

9) Your choices and rights

  • You can edit or delete vault entries and Forever Letters in the app.
  • You can delete your account from the app (which permanently destroys all stored data).
  • You can manage notification permissions in your device settings.
  • If applicable in your region, you may request access, correction, or deletion of personal information by contacting us.

Immediate Deletion: You may request the complete deletion of your account and all associated vault data at any time directly through the App's settings menu. If you have uninstalled the app, you can request full account deletion by emailing afterword.app@gmail.com from your registered email address.

10) Children

Afterword is strictly intended for users aged 18 and older. We do not knowingly collect information from anyone under the age of 18.

11) Contact

Email: afterword.app@gmail.com