Privacy Policy

Last updated: 27 June 2026

This Privacy Policy explains how After Me ("After Me", "we", "our", or "us") handles personal data when you use our mobile app, web app, public website, trusted-contact flows, recipient flows, support channels, and related services (together, the "Service").

After Me is designed as a privacy-first, zero-knowledge service for secured instruction content. Your instructions, attachments, and audio notes are encrypted on your device before upload. We cannot read your secured content while it is stored in your account. We do, however, process account, contact, device, payment, delivery, and operational metadata so the Service can work.

If you have questions or privacy requests, contact us at support@sanghance.com.

Quick summary

• We do not sell your personal data.
• We do not use your secured instruction content for ads or cross-app tracking.
• Your secured instructions and attachments are encrypted before upload.
• Trusted contacts help confirm inactivity; they do not see your private instructions unless you also make them a recipient.
• Recipients receive only the instructions you selected for them after your configured release conditions are met.
• We use service providers such as Firebase/Google, app stores, messaging providers, and support/hosting tools to operate the Service.
• You can request access, correction, export, deletion, or consent withdrawal by using in-app controls where available or by contacting support.

Who this policy covers

This policy applies to:

• Account holders who create instructions.
• Trusted contacts invited to help confirm inactivity.
• Recipients selected to receive released instructions.
• Website visitors and people who submit lead forms or contact support.
• App reviewers, testers, and other people who interact with hosted After Me flows.

Information we collect

Account and identity data

We may collect your name, email address, phone number, profile details, authentication provider identifiers, Firebase user ID, sign-in state, verification status, and account settings.

Security and access data

We may process security logs, authentication events, device/session details, failed sign-in signals, abuse-prevention signals, password/PIN setup state, encrypted key metadata, and account recovery or trusted-contact recovery status.

We do not store your data password, PIN, or master key in plaintext. If you lose your data password or PIN, we may not be able to recover your secured content.

Trusted contacts and recipients

When you add a trusted contact or recipient, we collect the details you provide, such as name, email address, phone number, country code, role, invitation status, confirmation status, release status, and delivery history.

If you use optional contact import, we read the contact you select from your device and upload only the details you confirm and save. We do not upload your full address book.

You are responsible for having a lawful basis or permission to provide another person's contact details to After Me.

Secured instructions, attachments, and audio

You may create instructions, attach files, images, videos, documents, and audio notes, and choose recipients for each instruction.

Secured content is encrypted on your device before upload and stored in encrypted form. To operate the Service, we may store non-content metadata such as creation time, update time, file size, file type, recipient assignment, delivery configuration, check-in state, release state, and audit-oriented workflow status.

When your configured release conditions are met, the Service may temporarily process decrypted instruction content only as needed to deliver it to the recipients you selected. This release processing is limited to the configured workflow and is not used for advertising or analytics.

Check-ins, reminders, and delivery records

We process check-in schedules, missed check-in state, reminder history, trusted-contact verification requests, recovery passcode workflow state, release sessions, message IDs, delivery status, webhook status, and related operational logs.

Device, app, and diagnostics data

We may collect device model, operating system, app version, browser or webview information, language, time zone, IP address, push notification tokens, feature flags, crash logs, performance data, and app interaction events. Analytics and crash reporting may be controlled by configuration and platform settings.

Payments and purchases

If you buy an in-app product, Apple App Store or Google Play processes the payment. We receive purchase-related data such as product ID, transaction ID, receipt or entitlement status, store platform, restore status, and purchase history needed to unlock features and handle support. We do not receive or store full card numbers.

Website, marketing, and support data

If you use our website, download a template, submit a form, or contact support, we may collect your email address, name if provided, message content, campaign/source parameters, page/device data, and support history. You can opt out of marketing messages.

How we use personal data

We use personal data to:

• Create, authenticate, secure, and maintain accounts.
• Sync encrypted instructions and account settings across devices.
• Let you add recipients and trusted contacts.
• Send invitations, verification requests, check-in reminders, release notifications, and delivery messages.
• Process trusted-contact confirmations and recipient-specific release workflows.
• Provide attachments, audio notes, purchase entitlements, account deletion, and data export features.
• Diagnose crashes, fix bugs, prevent abuse, and protect the Service.
• Respond to support, privacy, and legal requests.
• Measure and improve the Service, where analytics are enabled.
• Send marketing or campaign follow-up only where allowed and opt-out is available.
• Comply with applicable law, store requirements, tax/accounting obligations, and valid legal processes.

Legal bases and lawful purposes

Where a legal basis is required, we rely on one or more of the following:

• Contract: to provide the Service you request.
• Consent: for optional contact import, notifications, marketing, analytics where required, and other optional features.
• Legitimate interests: to secure the Service, prevent abuse, debug issues, improve reliability, and understand product performance.
• Legal obligation: to comply with applicable law, tax/accounting duties, valid legal requests, and app store obligations.

You may withdraw consent where processing depends on consent. Withdrawal does not affect processing already completed and may limit features that require that data.

How we share data

We share personal data only as needed for the Service, including:

• With your trusted contacts: invitations, check-in or verification requests, and confirmation workflow details. Trusted contacts do not receive your private instructions unless they are also selected as recipients.
• With your recipients: the specific released instructions and contact/delivery information needed to give them access after your configured release conditions are met.
• With service providers: Firebase/Google services for authentication, database, storage, Cloud Functions, Remote Config, push notifications, analytics, and crash reporting; MSG91 or similar providers for SMS, WhatsApp, email, and delivery callbacks; Apple App Store and Google Play for purchases; hosting, support, monitoring, and email tools.
• For safety, legal, and compliance reasons: if required by law, valid legal process, app store review, security investigation, or to protect users and the Service.
• For business transfers: if we are involved in a merger, acquisition, financing, reorganization, or asset transfer, subject to this policy and applicable law.

We do not sell personal data. We do not share secured instruction content with advertisers.

Trusted contacts and recipients

Trusted contacts and recipients have different roles.

Trusted contacts help confirm whether your release workflow should proceed. They may receive invitations, reminders, passcodes, and verification links. They cannot read your secured instructions just because they are trusted contacts.

Recipients receive the specific instructions you assigned to them only after your configured release conditions are met. A recipient may need to verify access through a secure link or app/web flow.

If you are a trusted contact or recipient and want your details corrected or removed, contact the account holder or email support@sanghance.com.

Retention

We keep personal data only for as long as needed for the purposes described in this policy, including:

• Account and profile data while your account is active.
• Encrypted instructions and attachments until you delete them, delete your account, or they are released according to your settings.
• Trusted-contact, recipient, check-in, purchase, delivery, security, and audit records for as long as needed to operate the workflow, resolve disputes, prevent abuse, comply with law, or maintain accounting records.
• Website lead and support records until they are no longer needed, you opt out, or you request deletion, subject to legal and security needs.
• Backups and logs for a limited period before routine deletion or overwrite.

When you delete your account, we delete or de-identify data according to our deletion process, except where retention is needed for legal, security, fraud-prevention, dispute, tax, accounting, or app store compliance reasons.

Your choices and rights

Depending on your location, you may have rights to:

• Access your personal data.
• Correct, complete, or update inaccurate data.
• Export data available through the Service.
• Delete your account or request erasure.
• Withdraw consent for optional processing.
• Object to or restrict certain processing.
• Opt out of marketing messages.
• Lodge a complaint with a relevant authority where applicable.

You can manage some choices in the app, including account controls, notifications, data export, and deletion where available. You can also email support@sanghance.com.

International processing

We may process and store data in countries other than where you live, including where our service providers operate infrastructure. We use safeguards required by applicable law and follow applicable restrictions on international transfers.

Security

We use encryption, access controls, monitoring, Firebase security controls, operational logging, and limited-access workflows to protect data. No system is 100% secure. You are responsible for protecting your devices, account credentials, data password/PIN, and trusted-contact choices.

Children's privacy

After Me is intended for adults and is not directed to children. If you are under 18, you may use the Service only with permission from a parent or guardian. We do not knowingly collect personal data from children under the age required by applicable law. If you believe a child has provided personal data, contact us so we can take appropriate action.

Changes to this policy

We may update this policy as the Service, law, or store requirements change. We will update the "Last updated" date and, for material changes, provide notice through the app, website, email, or another reasonable method.

Contact

Questions, privacy requests, or grievances: support@sanghance.com