AfterYou.fyiAfterYou.fyi
Visitor

Legal

Privacy Policy

Effective May 12, 2026

1. Who we are

AfterYou Inc. ("AfterYou", "we", "our", "us") operates AfterYou.fyi, a digital estate planning service that lets you encrypt and time-release personal information to designated recipients. Our principal place of business is in the United States. Questions about this policy may be sent to privacy@afteryou.fyi.

2. What we collect

Account information

Name, email address, and optionally a phone number, collected when you join the waitlist or create a vault.

Vault contents (ciphertext only)

Everything you store is encrypted in your browser before it reaches our servers. We store only ciphertext — we never have access to the plaintext of your vault contents, period.

Check-in and usage data

Timestamps of check-ins, check-in cadence preferences, and vault access logs (recipient identity verification events).

Device and log data

IP address, browser type, operating system, and request logs, retained for up to 90 days for security and fraud prevention.

3. How we use your information

  • To operate the AfterYou service and send check-in reminders.
  • To verify recipient identities before releasing vault contents.
  • To contact you about service status, security notices, and updates you've opted into.
  • To detect and prevent fraud, abuse, and unauthorized access.
  • To comply with applicable law and respond to lawful requests.

We do not sell your personal information. We do not use your data to train AI models.

4. Sharing

We share data only in these limited circumstances:

  • Service providers — infrastructure, email delivery, and identity verification vendors operating under strict data processing agreements.
  • Estate trustee — we plan to engage an independent estate-law trustee to receive encrypted vault copies for continuity purposes. This is a pre-launch roadmap commitment, not yet active during early access. They will not be able to decrypt them.
  • Legal requirements — if compelled by a valid court order. Because we hold only ciphertext, there is nothing readable to produce.
  • Business transfers — in the event of a merger or acquisition, subject to the same privacy obligations as this policy.

5. Data retention

Account data is retained for the life of your vault plus a 12-month wind-down period after closure. You may request deletion at any time by writing to privacy@afteryou.fyi. Encrypted vault ciphertext is deleted within 30 days of a deletion request.

6. Security

All vault contents are encrypted client-side using AES-256-GCM with a key derived from your passphrase (PBKDF2, 600,000 iterations). We enforce TLS 1.3 in transit. Access to production infrastructure is restricted to named engineers via hardware-key–protected sessions and is fully logged.

7. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your account and associated data.
  • Port your account metadata in a machine-readable format.
  • Object to processing or withdraw consent where we rely on it.

To exercise any of these rights, email privacy@afteryou.fyi. We respond within 30 days.

8. Cookies

We use only essential cookies required for session management and security (CSRF protection). We do not use advertising or tracking cookies. No third-party analytics scripts are loaded.

9. Children

AfterYou.fyi is not directed to individuals under 18. We do not knowingly collect personal information from minors. If you believe a minor has submitted data to us, contact us immediately.

10. Changes to this policy

We will notify you by email of material changes at least 30 days before they take effect. Continued use after that date constitutes acceptance of the revised policy. The current version is always at afteryou.fyi/privacy.

11. Contact

AfterYou Inc.
privacy@afteryou.fyi