Legal

Privacy Policy

Effective Date: May 5, 2026
Last Updated: May 25, 2026

1. Introduction & Scope

The After Files, LLC ("Company," "we," "us," "our") operates theafterfiles.com (the "Website") and app.theafterfiles.com (the "App" or "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, website, and related products.

This Privacy Policy applies to:

  • Website visitors
  • App users with accounts
  • Email subscribers
  • Founding Circle members
  • Anyone interacting with The After Files in any form

This Privacy Policy does NOT apply to:

  • Third-party websites linked from our website (we are not responsible for their privacy practices)
  • Offline interactions or phone calls
  • Resumes or applications submitted for employment

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, do not use the Service. By accessing or using The After Files Service, you acknowledge you have read and agree to this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

Website & Contact Forms

  • Name, email address, phone number when you contact us via website forms, email, or customer service
  • Message content when you submit inquiries or feedback
  • IP address, browser type, pages visited for analytics purposes (via Squarespace)

Account Registration

When you create an account on the App, we collect:

  • Email address (used for login and account recovery)
  • Password (hashed and encrypted; never stored in plain text)
  • Full name (optional for account setup)
  • Phone number (optional; used for SMS notifications if enabled)

Worksheet & Document Completion

When you use the Service to complete estate planning worksheets, we collect:

  • Legal File Information: Executor names, beneficiary names and contact details, asset locations, will/trust preferences, guardianship preferences for minor children
  • Insurance File Information: Insurance provider names, policy numbers, coverage amounts, beneficiary designations, coverage types
  • Letters File Information: Personal messages, ethical wills, family letters, life stories, biographical information, photographs (optional)
  • Legacy File Information: Life narrative, digital asset information, philanthropic preferences, personal values and wishes

Healthcare & Medical Information

When you complete advance care planning worksheets, we collect:

  • Healthcare directives: End-of-life preferences, organ donation wishes, burial/cremation preferences
  • Medical proxy information: Designated healthcare decision-maker name and contact details
  • Medical conditions & medications (optional; for context in advance directive completion)
  • Allergies and medical alerts (if provided)

Important: This information is sensitive health information. We treat it with the highest level of care and encryption.

Payment & Subscription Information

When you purchase a subscription, annual membership, or Founding Circle membership:

  • Billing name, address, and email are collected by our payment processor
  • Payment card information (credit card, debit card) is NOT stored by The After Files; it is processed securely by our third-party payment processor, which complies with PCI-DSS standards
  • Transaction history and order records are retained for billing and customer service purposes
  • Subscription status and renewal dates are stored for membership management

Founding Circle & Membership Program

If you enroll in the Founding Circle or other membership programs:

  • Full name (displayed on the Founders' Wall with your consent)
  • Photo or avatar (optional; for Founders' Wall display)
  • Testimonial or bio (if provided for marketing purposes)
  • Membership tier and purchase date

JodAI Assistant Conversations

When you interact with JodAI (our AI-powered assistant):

  • Conversational inputs: Text and audio questions, responses, and session context
  • Intake data: Information provided during conversational intake sessions
  • Session metadata: Timestamp, duration, feature accessed, device type
  • Audio recordings (if voice input is used)

2.2 Information Collected Automatically

Device & Browser Information

  • Device identifiers: Device type (mobile, desktop, tablet), operating system, browser type and version
  • IP address and approximate geographic location (derived from IP)
  • Cookies and similar tracking technologies (see Section 2.6 below)
  • User agent string and hardware information (limited)

Usage & Interaction Data

  • Pages visited and time spent on each page or worksheet
  • Features accessed: Which worksheets completed, which sections skipped, feature usage patterns
  • Clicks, scrolls, form interactions (limited, privacy-conscious tracking)
  • Search queries if you use in-app search
  • Error logs if you encounter technical issues

Hosted Infrastructure Data

Our hosting provider (Vercel) and database provider (Supabase) automatically log:

  • HTTP request logs: timestamp, IP address, page requested, HTTP status code
  • Server performance data for uptime and debugging
  • Aggregate analytics (non-identifying usage trends)

2.3 Information from Third Parties

Email Service Provider (Kit/ConvertKit)

If you subscribe to our email newsletter:

  • Email engagement data: Opens, clicks, unsubscribe actions
  • Subscription status and preferences

Payment Processor

  • Billing transaction records passed securely to Stripe, Square, or PayPal (depending on processor)
  • Transaction outcomes (success, decline, chargeback notifications)

Integrations with External Services

If you authorize integration with third-party services (e.g., document signing platforms):

  • Data exchanged is limited to what you authorize in the integration flow

Analytics Providers

  • Squarespace analytics: Website traffic, referral sources, device type

2.4 Information You Do NOT Provide (We Do Not Collect)

We explicitly do NOT collect or ask for:

  • Full credit card numbers (payment processor handles this)
  • Bank account numbers or routing numbers
  • Social Security numbers (unless legally required and explicitly disclosed)
  • Government-issued ID numbers (except as required for legal compliance)
  • Passwords to other accounts (e.g., email, bank accounts)
  • Biometric data (fingerprints, facial recognition)
  • Video surveillance (unless user records video messages for legacy content)

2.5 Cookies & Tracking Technologies

Types of Cookies We Use

Essential Cookies:

  • Session cookies: Allow you to log in and maintain your account session
  • Security cookies: CSRF tokens, anti-fraud measures
  • Functional cookies: Remember your preferences, language selection, font size

Analytics Cookies:

  • Google Analytics (on Website): Track aggregate usage patterns, referral sources, user demographics
  • Vercel Analytics (on App): Monitor app performance, user experience metrics

Marketing Cookies:

  • Email tracking pixels (in Kit emails): Track email opens and clicks
  • Retargeting pixels: If you leave our site, we may display ads on other websites via Google Ads or Facebook

Your Cookie Choices

  • Browser Controls: Most browsers allow you to refuse cookies or alert you when cookies are being set. Instructions are typically found in your browser's "Help" or "Settings" menu.
  • Opt-Out of Analytics: You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
  • Cookie Consent Banner: When you first visit our website, a cookie consent banner will appear allowing you to accept or reject non-essential cookies.
  • Email Opt-Out: You can unsubscribe from email marketing by clicking the "Unsubscribe" link in any email from us.

Note: If you disable all cookies, some features of the Service may not function properly (e.g., account login, worksheet progress saving).

2.6 Do Not Track (DNT)

Some browsers include a "Do Not Track" (DNT) feature. Currently, there is no industry standard for recognizing DNT signals, and The After Files does not respond to DNT browser signals. However, you can use the privacy controls described above to limit tracking.

3. How We Use Your Information

3.1 Primary Purposes

We use the information collected for the following core purposes:

Service Delivery & Account Management

  • Creating and maintaining your account
  • Processing your subscription and payments
  • Providing customer support via email or in-app messaging
  • Saving your worksheet progress so you can return where you left off
  • Exporting and generating your estate documents
  • Sending transactional emails (account confirmation, password reset, receipt, subscription renewal reminders)

Personalization & Experience

  • Remembering your preferences (font size, color theme, language)
  • Showing relevant worksheet sections based on your situation (e.g., if you have children, showing guardianship section)
  • Recommending next steps based on completion progress
  • Personalizing JodAI responses based on your earlier answers in worksheets

JodAI (AI Assistant)

  • Processing your conversational inputs to provide estate planning guidance
  • Training and improving JodAI's responses (see Section 3.2 below for AI training disclosure)
  • Analyzing conversation patterns to improve service quality (anonymized)

Product Improvement & Analytics

  • Understanding how users interact with the Service
  • Identifying bugs, errors, or technical issues
  • Analyzing feature usage to prioritize improvements
  • A/B testing new features to determine effectiveness
  • Aggregate analytics (non-identifying usage trends)

Legal & Compliance

  • Responding to legal requests (subpoenas, court orders, law enforcement)
  • Enforcing our Terms of Service and other agreements
  • Detecting and preventing fraud, abuse, or unauthorized access
  • Compliance with applicable laws (tax, health information rules, consumer privacy laws)

Marketing & Communication

  • Sending promotional emails about new features, updates, or special offers (with your consent)
  • Surveying customer satisfaction and collecting feedback
  • Featuring your testimonial on our website or marketing materials (with your written permission)
  • Listing your name on the Founders' Wall (Founding Circle members who opt in)

Security & Fraud Prevention

  • Detecting unauthorized account access
  • Preventing account takeover or credential stuffing attacks
  • Monitoring for suspicious billing activity or chargebacks
  • Maintaining audit logs for security investigations

3.2 AI Training & Anthropic Data Processing

How JodAI Works

The JodAI assistant is powered by Claude (an AI language model created by Anthropic). When you interact with JodAI:

  1. Your input (questions, responses, messages) is sent to Anthropic's API servers
  2. Anthropic processes your input using their language model
  3. JodAI generates a response and sends it back to you
  4. The conversation is stored in our Supabase database for your record

Data Shared with Anthropic

  • Conversational text and audio you provide to JodAI
  • Intake session context (e.g., family situation, estate size, concerns)
  • Session metadata (timestamp, duration, device type—no IP address)

Important: We do NOT send your full estate planning documents, financial accounts, or sensitive personal details to Anthropic unless you explicitly mention them in conversation.

AI Training & Opt-Out

By default, Anthropic may use your conversation data to improve their Claude model (following Anthropic's privacy practices).

You have the right to opt out of AI training. To disable AI training:

  • Go to Settings > Privacy > "Opt-out of AI model training"
  • Or email us at privacy@theafterfiles.com with "AI Training Opt-Out" in the subject line

If you opt out, your new conversations will not be used for AI training, though past conversations may have already been included.

Anthropic's Privacy Policy

Anthropic's privacy practices are governed by their Privacy Policy: https://www.anthropic.com/privacy. We recommend reviewing their policy for details on data retention, deletion requests, and how they use conversation data.

3.3 What We Do NOT Do with Your Data

We explicitly commit that we:

  • Do NOT sell your personal data to third parties (as defined under CCPA)
  • Do NOT share your data with unaffiliated marketing companies or data brokers
  • Do NOT use your health information for insurance underwriting or denial of services
  • Do NOT use your documents to provide legal or medical advice (we provide educational guidance only)
  • Do NOT share your documents with other users unless you explicitly authorize sharing
  • Do NOT disclose your information to law enforcement except under valid legal process

4. Information Sharing & Third Parties

4.1 When We Share Your Information

We may disclose your information in these limited circumstances:

Service Providers & Vendors

We share information with third-party vendors who help us operate the Service under data processing agreements that restrict how they use your data:

VendorPurposeData SharedRestrictions
SupabaseDatabase hostingAll account data (encrypted)DPA in place; data residency US
VercelApp hostingSession data, IP addressDPA; CDN caching
Anthropic (Claude API)JodAI processingConversational input, session contextAPI DPA; see Section 3.2
ElevenLabsVoice synthesisText for voice generationDPA; audio not stored long-term
HeyGenAvatar generationVideo/image data (if enabled)DPA; video not stored long-term
Kit (ConvertKit)Email marketingEmail, name, engagement dataDPA; CCPA compliant
Payment Processor (Stripe/Square/PayPal)Payment processingBilling name, address, card dataPCI-DSS compliant; encrypted
Google WorkspaceInternal emailTeam email communicationsDPA; internal use only
SquarespaceWebsite hostingWebsite analytics, contact submissionsDPA; website-only data

All service providers are contractually bound to:

  • Use data only for the purposes we specify
  • Maintain appropriate security measures
  • Delete data when requested or no longer needed
  • Notify us of any data breaches

Your Explicit Consent

  • Sharing with beneficiaries: If you enable sharing, your documents can be shared with beneficiaries or family members you designate
  • Public testimonials: If you consent to testimonials for marketing, your name and quote will be published
  • Founders' Wall listing: If you're a Founding Circle member, your name may appear publicly (with your consent)

Legal Requirements

We may disclose information if required by law or legal process:

  • Subpoenas or court orders from law enforcement or courts
  • Government agency requests (tax authorities, regulatory bodies)
  • Protection of rights: To enforce our Terms of Service or other agreements
  • Safety concerns: To prevent harm, fraud, or illegal activity

We will notify you of legal requests unless legally prohibited from doing so.

Business Transitions

If The After Files is acquired, merges with another company, or undergoes bankruptcy:

  • Customer information may be transferred as part of the transaction
  • You will be notified of material changes to this Privacy Policy
  • You may opt out of data transfer in some circumstances

Aggregate & Anonymized Data

We may publicly share aggregate, anonymized data that does not identify you:

  • "75% of users have beneficiary designations in place"
  • "Average estate planning completion time is 8 weeks"
  • Usage trends and demographics (in anonymized form)

4.2 International Data Transfers

The After Files operates in the United States. All data is hosted on U.S.-based servers (Vercel, Supabase).

If you are located outside the US:

  • Your data will be transferred to and processed in the United States
  • The US does not have the same data protection laws as some countries (e.g., EU)
  • By using the Service, you consent to this transfer

For EU/UK users: While we do not specifically target EU residents, if you use the Service:

  • We comply with GDPR requirements to the extent you are a data subject
  • You have rights to data access, rectification, erasure, and portability (see Section 6 below)
  • We rely on Standard Contractual Clauses for US data transfers

5. Data Security & Encryption

5.1 Security Measures

We implement comprehensive technical and organizational safeguards to protect your information:

Encryption

  • In Transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
  • At Rest: Sensitive data (passwords, health information, documents) is encrypted in our Supabase database using AES-256 encryption
  • Passwords: User passwords are hashed using bcrypt; we cannot recover or read your password

Access Controls

  • Role-based access: Only employees with a specific business need can access customer data
  • Authentication: Our team uses multi-factor authentication (MFA) to access internal systems
  • Audit logs: All access to customer data is logged and monitored

Infrastructure Security

  • Firewalls: Network-level protection against unauthorized access
  • DDoS protection: Vercel provides DDoS mitigation
  • Intrusion detection: Monitoring for suspicious activity
  • Secure development: Code reviews and security testing before deployment

Third-Party Security

  • Data Processing Agreements: Require vendors to maintain appropriate security
  • Annual audits: We verify vendor compliance with SOC 2 or ISO 27001 standards where available

5.2 Limitations & Risks

Despite our security measures, no system is completely secure. We cannot guarantee absolute protection against:

  • Hacking or sophisticated cyberattacks
  • Insider threats or employee misconduct
  • Zero-day vulnerabilities in software
  • Physical theft or natural disasters

5.3 Your Responsibility

You are responsible for:

  • Protecting your password: Do not share your login credentials
  • Logging out: Always log out, especially on shared devices
  • Reporting suspicious activity: Contact us immediately if you suspect unauthorized access
  • Keeping contact information updated: So we can notify you of security incidents

6. Your Privacy Rights & Data Subject Requests

6.1 General Access & Deletion Rights

You have the right to:

Access Your Information

  • Request a copy of all personal information we hold about you
  • Review your worksheet responses within your account dashboard at any time
  • Export your documents in PDF or Word format

Correct or Update Information

  • Modify your account information (name, email, phone) in account Settings
  • Edit worksheet responses at any time
  • Request correction of inaccurate information by emailing privacy@theafterfiles.com

Delete Your Information

  • Delete your account at any time via Settings > Account > Delete Account
  • Request deletion of specific data (e.g., a worksheet section)
  • Account deletion will remove:
    • Your account login and password
    • All worksheet responses and documents
    • All JodAI conversation history
    • Payment records (except minimum info required for legal compliance, retained 7 years for tax purposes)

Note: Deletion is permanent and cannot be undone. We recommend exporting your documents before deleting your account.

Data Portability

  • Request your data in portable format (e.g., CSV, JSON) suitable for import to another service
  • Export your worksheets and documents in PDF or Word format

Opt-Out of Marketing

  • Unsubscribe from promotional emails by clicking "Unsubscribe" in any email
  • Opt out of cookies via cookie consent banner on the website
  • Opt out of AI training (see Section 3.2 above)

6.2 California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you have additional rights under the CCPA:

Right to Know

  • You can request what personal information we collect about you

Right to Delete

  • You can request deletion of personal information we hold (with certain exceptions, such as to comply with legal obligations)

Right to Opt-Out of "Sale or Sharing"

  • The CCPA defines "sale" as selling data for a business purpose to a third party
  • We do NOT sell your personal information to third parties
  • However, if we share data with vendors for targeted advertising (e.g., retargeting pixels), this may constitute "sharing" under CCPA
  • You can opt out of data sharing for targeted advertising by:

Right to Non-Discrimination

  • We will NOT discriminate against you for exercising your CCPA rights (e.g., no price increase, no service denial)

How to Submit Requests

  1. Email: privacy@theafterfiles.com with "CCPA Request [Access/Delete/Opt-Out]" in the subject line
  2. Verification: We will verify your identity by confirming your email and account details
  3. Response time: We will respond within 45 days (California law requirement)

6.3 General Data Protection Regulation (GDPR) Rights

If you are located in the European Union or United Kingdom, you have GDPR rights:

Right to Access

  • Request all personal data we hold about you in a portable format

Right to Rectification

  • Correct inaccurate personal data

Right to Erasure ("Right to be Forgotten")

  • Request deletion of your data (with exceptions for legal obligations)

Right to Restrict Processing

  • Request that we stop processing your data for certain purposes (e.g., marketing)

Right to Data Portability

  • Request your data in a machine-readable format suitable for transfer to another service

Right to Object

  • Object to processing of your data for marketing or analytics purposes

How to Submit GDPR Requests

  • Email: privacy@theafterfiles.com with "GDPR Request [Type]" in the subject line
  • We will respond within 30 days (GDPR requirement)

6.4 Vermont & Other State Privacy Laws

Additional state privacy laws (Vermont Act on Data Privacy, Virginia VCDPA, Colorado CPA, etc.) may grant you similar rights. We treat all privacy rights requests consistently regardless of state.

7. Data Retention & Deletion

7.1 How Long We Keep Your Data

Data TypeRetention PeriodReason
Active Account DataWhile account is openService delivery
Inactive Account12 months after last loginUser may return; then deleted
Payment Records7 years after transactionTax, accounting, legal compliance
Email Communications1 year, or until issue resolvedCustomer service, dispute resolution
JodAI ConversationsWhile account is openYour personal reference; deleted with account
Website Analytics26 monthsGoogle Analytics retention policy
Backup/Archived DataUp to 90 days after deletionData recovery, system restoration
Legal HoldsAs long as requiredIn response to litigation/subpoena

7.2 Deletion Process

When you delete your account:

  1. Immediate removal: Your login and personal profile are deleted immediately
  2. Data purge: Worksheets, documents, and conversation history are removed from primary database
  3. Backup deletion: Backups are deleted within 90 days
  4. Payment records: Minimal info retained (amount, date, last 4 digits of card) for 7 years for legal/tax purposes
  5. Marketing list: Your email is removed from mailing list and CRM

7.3 Archived Data

We may retain anonymized, archived copies of data for:

  • Aggregate analytics (statistical trends, benchmarking)
  • Product improvement (patterns in user behavior)
  • Legal compliance (e.g., tax records, breach investigation reports)

This archived data cannot be used to identify you.

8. Children's Privacy

The After Files Service is not directed to children under 18 years old. We do not knowingly collect personal information from children.

  • Minimum age: Users must be 18 or older to create an account
  • Parental authority: Parents/guardians may create accounts on behalf of minors under their authority, with the understanding that they are responsible for the minor's use and data
  • Consent: If we discover we've collected information from a child under 18 without parental consent, we will delete it immediately

If you believe we have collected information from a child under 18, please email privacy@theafterfiles.com immediately.

9. Third-Party Links & Services

The After Files website may contain links to third-party websites, apps, and services (e.g., document signing platforms, legal research sites). We are not responsible for the privacy practices of these third parties.

  • Read their privacy policies: Each third-party site has its own privacy policy
  • Your responsibility: When you click a link and leave our site, your data is subject to their policies, not ours
  • Integrations: If you authorize integrations with third-party services, they will access only the data you authorize

10. Contact & Privacy Complaints

10.1 Contact Us About Privacy

If you have questions, concerns, or requests regarding this Privacy Policy:

Email: privacy@theafterfiles.com
Mailing Address:
The After Files, LLC
[Company Address]
[City, State ZIP Code]

We will respond to all privacy inquiries within 14 days.

10.2 Data Protection Authorities

If you are not satisfied with our response to a privacy concern:

California Residents:

EU/UK Residents:

  • Your data protection authority (e.g., UK Information Commissioner's Office at https://ico.org.uk/)

11. Policy Changes & Updates

We may update this Privacy Policy from time to time to reflect:

  • Changes in our business practices
  • New features or services
  • Legal or regulatory requirements
  • Improved privacy protections

How We Notify You

  • Non-material changes: Posted to this page with an updated "Last Updated" date
  • Material changes: We will email you at least 30 days before the change takes effect and request your consent to the updated policy

Continued Use = Acceptance

Your continued use of the Service after policy changes means you accept the updated Privacy Policy. If you disagree with changes, you may delete your account and stop using the Service.

12. International Considerations

12.1 Data Residency

All servers are located in the United States. Data is not transferred outside the US except:

  • To the extent third parties (e.g., Anthropic, ElevenLabs) process data outside the US as part of service delivery
  • All third-party processors have Data Processing Agreements in place

12.2 Jurisdiction-Specific Disclosures

California: Residents have CCPA rights (see Section 6.2)
EU/UK: Residents have GDPR rights (see Section 6.3)
Vermont: Residents have privacy rights under Act on Data Privacy
Virginia: Residents have VCDPA rights
Colorado: Residents have CPA rights

We offer consistent privacy rights to all users regardless of location.

13. Glossary of Key Terms

TermDefinition
Personal InformationAny information that identifies or could identify you (name, email, IP address, etc.)
Sensitive InformationHealth data, financial information, beneficiary names, documents
Data Processing Agreement (DPA)Contract requiring third parties to protect your data per privacy laws
Business Associate Agreement (BAA)HIPAA contract for handling protected health information
CCPACalifornia Consumer Privacy Act; grants CA residents privacy rights
GDPRGeneral Data Protection Regulation; EU privacy law
EncryptionConverting data into code to prevent unauthorized access
HashOne-way encryption; impossible to reverse (used for passwords)
Opt-outChoosing not to participate in a service or data use practice
De-identified/Anonymized DataData that cannot be used to identify you (e.g., aggregate statistics)

14. Contact for Accessibility

If you need this Privacy Policy in an alternative format (large print, audio, etc.), please email support@theafterfiles.com.

End of Privacy Policy

This Privacy Policy was last updated May 5, 2026 and is effective as of May 25, 2026. The most current version is always available at theafterfiles.com/privacy.