Privacy Policy

Information we collect

We collect information in two ways:

Information you provide directly: Your name, email address, the stories and memories you share in sessions, information you enter into the vault, and any other content you create on the platform.

Information generated by your use: Session metadata, feature usage patterns, and technical information such as browser type and IP address, collected to operate and improve the Service.

How we use your information

• —To provide the Longafter service — storing your stories, generating your biography, sending emails you have requested
• —To process payments securely via Stripe
• —To send transactional emails (session summaries, weekly prompts, monthly reflections) that you have opted into
• —To improve the platform based on aggregated, anonymised usage patterns
• —To comply with our legal obligations

We do not use your personal information for advertising. We do not sell your data to third parties. We do not use your stories or content to train AI models.

Google sign-in

Longafter offers sign-in via Google OAuth as a convenience. When you choose to sign in with Google, we receive your name and email address from Google — nothing else. We do not receive access to your Google Drive, Gmail, contacts, or any other Google service.

The information received from Google (name and email) is used only to create and identify your Longafter account. It is subject to the same protections as all other personal information described in this policy.

How we store and protect your information

Your data is stored on servers located in Sydney, Australia (Supabase ap-southeast-2 region). Application functions run in Sydney (Vercel syd1 region).

Vault contents are encrypted in your browser using AES-256-GCM encryption before being transmitted to our servers. Longafter cannot read your vault contents — the encryption key is derived from your vault password, which we never store.

We use industry-standard security measures including HTTPS, encrypted storage, and access controls. Your account can be further secured with two-factor authentication.

Third-party service providers

We use the following services to operate the platform. Each processes your data only as necessary to provide their service to us:

Anthropic has confirmed they do not train on API customer data by default. Content sent to Anthropic is processed to generate your story responses and biography and is not retained beyond the immediate request.

Data retention and deletion

We retain your personal information for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where we are required by law to retain certain records.

Anonymised, aggregated usage statistics that cannot identify you individually may be retained indefinitely.

Your rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

• —Access the personal information we hold about you
• —Request correction of inaccurate or incomplete information
• —Request deletion of your account and associated data
• —Opt out of non-essential communications at any time from Settings
• —Lodge a complaint if you believe we have breached the Australian Privacy Principles

Contact and complaints

For any privacy questions, access requests, or complaints, contact us at hello@longafter.au. We will respond within 30 days.

If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by displaying a notice within the app at least 30 days before changes take effect. Continued use after the effective date constitutes acceptance.