Privacy Policy

Effective Date: February 2026 · Zero-Knowledge Architecture

Your privacy is not a setting; it is our architecture. This policy outlines how AfterToMe collects, uses, and protects your data.

1. Data We Collect

  • Identity Data: Name, email, phone number, and government ID (for KYC verification only).
  • Legacy Data: Texts, photos, videos, and voice samples uploaded to your vault.
  • Biometric-Adjacent Data: Selfie images used strictly for liveness checks (not stored as raw biometric templates).
  • Usage Data: Login timestamps and audit logs (ALF Transcript) for security tracking.

2. Zero-Knowledge Promise

Data stored in your SecretVault™ is encrypted using keys that only you (and your designated beneficiaries upon trigger) possess.AfterToMe employees cannot read this data even if compelled by law enforcement, as we do not hold the decryption keys for specific vault segments.

3. Legal Basis for Processing

We process your data based on:

  • Contractual Necessity: To provide the legacy services you purchased.
  • Consent: Specifically for processing sensitive data (e.g., biometric verification).
  • Legitimate Interest: For fraud prevention and network security.

4. Data Retention

Active Accounts: Retained for the duration of your subscription.Post-Termination: We retain account metadata for 5 years for legal auditing. Legacy content is handled according to your "Deletion Mode" settings (e.g., immediate deletion or timed preservation).

5. Third-Party Processors

We partner with trusted infrastructure providers:

  • AWS (eu-central-1): Encrypted storage and compute.
  • Supabase: Database and authentication services.
  • Stripe: Payment processing (we do not store card details).
  • OpenAI: Processor for EchoSoul™ (Standard Contractual Clauses applied; strictly no training on user data).
  • Twilio: SMS delivery for OTP and notifications.
  • Google Maps: Address autocomplete services.

6. Your Rights (GDPR & Global)

Regardless of your location, you have the right to:

  • Access: Request a copy of your data (ALF Export).
  • Rectification: Correct inaccurate information.
  • Erasure: Request the "Right to be Forgotten" (subject to unalterable blockchain logs).
  • Portability: Receive your data in a structured JSON format.

7. Contact Us

For privacy inquiries or to exercise your rights, contact our Data Protection Officer (DPO):
privacy@aftertome.com