Version 2: Last updated February 5, 2025 | Download PDF

This privacy notice for Thereafter, Inc. (doing business as Thereafter) ("we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you: visit our website at http://www.thereafter.com, or any website of ours that links to this privacy notice, or engage with us in other related ways, including any sales, marketing, or events

Our Commitment to You

At Thereafter, we believe in protecting your privacy and being transparent about how we handle your data. Here's what you can expect from us:

  1. You hold the only key: Your passkey is the login to your account. We never store it anywhere in our system.
  2. Strong Government Bank Like Encryption: All your content is protected with end-to-end encryption, both when it's stored and when it's being sent.
  3. You Control Your Data: You decide what to share and with whom. Your data belongs to you.
  4. We Don't Sell Your Data: We will never sell or share your secure data.

What Information We Collect

We collect two types of data:

  1. Secure Data: This includes everything you create or upload in your Thereafter account. It's encrypted and only accessible by you.
  2. Service Data: This is information we need to run our service, like your email, phone number, and usage statistics.

How We Use Your Information

We use your information to:

  • Provide and improve our services
  • Communicate with you
  • Ensure security and prevent fraud
  • Comply with legal requirements

We never use your data for marketing purposes without your explicit consent.

Sharing Your Information

We only share your Service Data in limited circumstances:

  • With service providers who help us run Thereafter
  • If required by law (but we can't share your Secure Data even if asked)
  • If you choose to share it with other users

Your Rights and Choices

You have the right to:

  • Access your data
  • Correct your data
  • Delete your data
  • Take your data with you

To exercise these rights, email privacy@thereafter.com.
Want to learn more about what we do with any information we collect? Review the privacy notice in full.

TABLE OF CONTENTS

  1. WHAT INFORMATION DO WE COLLECT?
  2. HOW DO WE USE YOUR INFORMATION?
  3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  5. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
  6. HOW LONG DO WE KEEP YOUR INFORMATION?
  7. HOW DO WE KEEP YOUR INFORMATION SAFE?
  8. DO WE COLLECT INFORMATION FROM MINORS?
  9. WHAT ARE YOUR PRIVACY RIGHTS?
  10. CONTROLS FOR DO-NOT-TRACK FEATURES
  11. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
  12. DO WE MAKE UPDATES TO THIS NOTICE?
  13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
  14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us
In Short: We collect personal information that you provide to us, but the content in your Thereafter is protected with strong end-to-end encrypted so its not accessible by anyone except for you (including us!).
We process two types of user data in our service provision: (i) Secure Data and (ii) Service Data.

(i) Secure Data. Secure Data comprises information encrypted in a manner that renders it inaccessible to us under any circumstances. This includes data stored within your Thereafter account, encrypted using keys solely controlled by you. We do not (nor does any third party) have access to decrypted Secure Data nor do we receive unencrypted copies. Your Secure Data remains exclusively yours. We make no claims to it beyond what is necessary for Service delivery. You have full autonomy to add, modify, and delete Secure Data at your discretion. Without a Thereafter account, you have not provided us with Secure Data.

(ii) Service Data. Service Data encompasses information we automatically collect or is necessary for your usage of Thereafter – your account, and payments, security and privacy, and data essential for Service operation, improvement and maintenance. This data is strictly used for service-related purposes and never for anything else. Service Data is treated confidentially and is accessible only to our authorized staff. It encompasses server logs, billing details, client IP addresses, browser and device characteristics, referring URLs, entry counts, data usage, company or family names, and email addresses. Additionally, it includes profile names and optional profile images uploaded at your discretion. While you use our Services, we retain the right to possess and use Service Data for service provision, issue resolution, performance analysis, and facilitating payment processing. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes. Like many businesses, we also collect information through cookies and similar technologies.

(iii) Diagnostic Data (Optional). Diagnostic Data constitutes a subset of Service Data that is not automatically collected or necessary for Service operation. On occasions, we may request diagnostic reports and troubleshooting data from users to identify and resolve product or Service issues. This information is solicited on a per-case basis or by users who explicitly opt into early release product programs or choose to provide diagnostic data. Diagnostic Data may contain device and operating environment details as well as personally identifiable information. While we may request Diagnostic Data to assist with problem resolution, you are under no obligation to provide it. Diagnostic Data never includes decrypted Secure Data, and we never request Account Passwords or Secret Keys.

To provide further understanding, the information we collect that you provide us includes:

  • Sign Up Information. We collect the data you give us when you sign up for Thereafter and create a profile, including your location, email address or phone number. Phone numbers are collected solely for account-related purposes.
  • Your Activity on Thereafter. Thereafter allows you to upload your data, send messages, record audio, take photos and record videos. We collect this data, but as we use strong end-to-end encrypted messaging on your account, we do not have access to it as its only viewable by you. We do collect the time, frequency and duration of your activities on Thereafter.
  • Connections. We collect information about your connections that you add to your profile and link to the content that you create to share after. This information includes your connections’ information, such as their name and email address or phone number. Learn how to upload and delete connections through Manage My Data,
  • Payment Data. We may collect data necessary to process your payment if you make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is stored by Stripe. You may find their privacy notice link(s) here: https://stripe.com/privacy.
  • Social Media Login Data. We may provide you with the option to login with us using your existing social media account details, like your Facebook, Google, or other social media account. If you choose to register in this way, we will collect the information described in the section called "How Do We Handle Your Social Logins?" below.

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of receiving help through our customer support channels, participation in customer surveys or contests, and facilitation in the delivery of our Services and to respond to your inquiries.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

2. HOW DO WE USE YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you and personalize your experience, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We do not sell your data.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication, otherwise manage user accounts and enable user-to-user communications. We may process your information so you can create and log in to your account, as well as keep your account in working order, and if you choose to use any of our offerings that allow for communication with another user.
  • To protect, evaluate and improve our Services, products, marketing, and your experience. We may process your information when we believe it is necessary to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Services, products, marketing, and your experience. We may also process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
  • To send you administrative, marketing and promotional communications. We may process the personal information you send to us for administrative and marketing purposes, if this is in accordance with your marketing preferences which you can change in ‘Manage My Profile’. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service. We may also send you details about our products and services, changes to our terms and policies, and other similar information. You can opt out of our marketing emails at any time. For more information, see "What Are Your Privacy Rights?" below.
  • To comply with our legal obligations. We may process your information to comply with our legal obligations, respond to legal requests, and exercise, establish, or defend our legal rights. We will also hold accurate records of user consent for both SMS and email communications, including the date, time and method of consent.

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following third parties
We may need to share your personal information in the following situations:

  • When we use Google Analytics. We may share your information with Google Analytics to track and analyze the use of the Services. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout. For more information on the privacy practices of Google, please visit the Google Privacy & Terms page.
  • For SMS and Email Contact. We collect and process your mobile phone number and email address for account verification and important administrative updates. This information is processed through our service provider, Twilio. Your contact information is used solely for account-related communications and not for marketing purposes. This includes sending SMS messages and emails for verification codes, security alerts, and critical service updates. Twilio processes this data in accordance with their privacy policy and our instructions.
  • Affiliates. We may share your personal information (which does not include any Secure Data) with our affiliates, in which case we will require those affiliates to honor this privacy notice. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us for the purpose of delivering or maintaining our Services.
  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Other Users. When you share personal information (for example in relation to your Connections, by creating content, posting requests, or uploading content to the Services), such personal information may be viewed by all users you designated to receive the relevant personal information and once downloaded or recorded may be publicly made available outside the Services in perpetuity. Please note that we do not control, and are not responsible for, the personal information you shared with your Connections when it has been downloaded from Thereafter.
  • Government and Legal Requests. We are committed to protecting user privacy while complying with applicable laws. Our platform employs end-to-end encryption, which means that once user content is created and encrypted, we do not have the technical capability to access or decrypt this content. In response to valid legal requests such as subpoenas, court orders, or other lawful government demands, we may be required to disclose certain information. However, this is strictly limited to data we can access, which includes account information, metadata, and usage logs. We cannot and do not provide access to the content of communications or files stored on our platform due to our encryption protocols. We strive to notify users of legal requests for their information whenever possible, unless prohibited by law or if such notification would be counterproductive. Where legally permissible, we publish transparency reports detailing the number and types of government requests received. We reserve the right to challenge requests that we believe are overly broad, legally unsound, or incompatible with our technical capabilities. Users should be aware that while we protect their privacy through encryption, this also means we cannot assist in recovering or accessing their content should they lose access to their account or devices. We encourage users to maintain their own backups of important information, as we cannot provide content data in response to user requests or legal demands. Our data retention policies are designed to minimize the noncontent data we hold, and we may not be able to provide historical metadata beyond our retention period. We are committed to maintaining the integrity of our encryption system to protect user privacy, even in the face of legal challenges

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

5. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook or Google logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.

We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than three (3) months past the termination of your account. Where third party providers transact with your personal information, such a Twillio and Stripe, such providers will also retaim this data in accordance with their data retention policies.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. Your passkey serves as the login, and you are the only one who has it. Your passkey is not at risk with us, because we never store your passkey anywhere in our system or anywhere else. The data you provide and the content you upload or create is end-to-end encrypted, when you access or interact with it, and at rest when you have logged out, with the same algorithm the US government uses for sensitive data and communications. You should only access the Services within a secure environment as we do not control the safety and security of your personal information outside of your use of Thereafter.

8. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services.

9. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: You may review, change, or terminate your account at any time.

  • Right to Know and Access: The right to request that we disclose to you the Personal Information that we collect, use, or disclose, and information about our data practices.
  • Right to Request Correction: You can request that we correct any inaccurate or incomplete information that we maintain about you.
  • Right to Request Deletion: You can request that we delete your Personal Information that we maintain about you. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.
  • Right to Obtain: You can request a copy of your Personal Information and the information that you upload into your Thereafter, so you have the ability to reuse it across different services and platforms. You can obtain a copy of your data at any time through the ‘Manage My Account’ page.
  • Right to Consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time.
  • Right to Opt out of Marketing and Promotional Communications: You can unsubscribe from our marketing and promotional communications at any time. You can opt-out of SMS messages by replying STOP to any message or contacting our support team. To unsubscribe from emails, click the unsubscribe link in any email or contact our support team. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.
  • Right to Data Security. You have a right to understand how your data is being protected from unauthorized access, disclosure, alteration and destruction.

You can exercise these rights at any time by contacting us at privacy@thereafter.com from the email address associated with your account, and clearly stating the specific right you want to exercise in the subject, along with your name. If you have a complaint about how we handle your data, we would like to hear from you.

We may request that you provide additional information reasonably necessary to verify you and your request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request. We may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

If we decline to take action regarding your request and you wish to appeal our decision, please email us at privacy@thereafter.com. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

However, please note that exercising any of your rights listed here will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

If you have questions or comments about your privacy rights, you may email us at privacy@thereafter.com.

12. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws or changing circumstances, however we will always provide you notice.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at privacy@thereafter.com or contact us by post at:

Thereafter, Inc.
25 Old Kings Hwy N
STE 18 #1022
Darien, CT 06820
United States