Legal
Privacy Policy
InfoAfterMe (“we”, “us”, or “our”) operates the InfoAfterMe mobile application and related services at infoafterme.com and api.infoafterme.com. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It is intended to meet the disclosure requirements of the Google Play Store, Apple App Store, and applicable privacy laws.
1. Summary
- Vault contents (contacts, assets, descriptions) are encrypted on your device before being stored on our servers.
- We do not sell your personal information.
- We do not use your data for advertising or cross-app tracking.
- You can delete your account and associated data from within the app.
2. Information we collect
2.1 Account information
When you create or use an account, we may collect:
- Email address — used for sign-in (one-time password), account identification, and service-related messages.
- Name (optional) — if you choose to provide it during setup or in your profile.
- Phone number or photo URL (optional) — only if you add them to your profile.
- Timezone — to support reminders and time-based features.
- Last login time — for security and inactivity-related features.
2.2 Encrypted vault data
Contacts, assets, descriptions, and linking rules you save in the app are encrypted on your device using keys derived from your app PIN. We store the resulting ciphertext on our servers. We cannot read the plaintext content of your vault without your app PIN.
We also store cryptographic material needed for your account to function, including:
- A salted hash used to verify PIN changes (not your PIN itself).
- An encrypted data-encryption key (DEK) that is only usable with your app PIN on your device.
2.3 Contact routing data
To notify trusted contacts and allow them to access shared items, we process contact email addresses using privacy-preserving techniques, including blind indexes and server-side sealed encryption for delivery. Contact names and details inside your vault remain encrypted with your keys.
2.4 Device and push notifications
If you enable push notifications, we collect:
- Push notification token (FCM on Android / APNs on iOS) — to deliver alerts you request, such as shared-asset notifications.
- Device platform — to route notifications correctly.
You can disable notifications in your device settings at any time.
2.5 Purchases and subscriptions
If you buy a paid plan, payment is processed by Google Play or the Apple App Store. We receive purchase-related identifiers (such as product ID, purchase token, and subscription status) to activate your plan. We do not receive or store your full payment card details.
2.6 Technical and security data
Our servers may automatically collect limited technical information, such as:
- IP address and request timestamps (standard web server logs).
- Authentication tokens (JWT) stored securely on your device.
- Error and security events needed to operate and protect the service.
2.7 Information stored on your device
The app may store locally on your device:
- Session and authentication tokens.
- Login PIN or pattern verification data (hashed on device).
- Encryption keys while your vault is unlocked (cleared when the app is locked or closed).
- Recovery phrase configuration (used only on your device to reset your app PIN).
3. How we use your information
We use the information described above to:
- Provide, maintain, and improve the InfoAfterMe service.
- Authenticate you and secure your account.
- Store and sync your encrypted vault data across your sessions.
- Send one-time passwords, service emails, and contact notifications you initiate.
- Deliver push notifications you have enabled.
- Manage subscription plans and enforce usage limits.
- Detect abuse, fraud, and security incidents.
- Comply with legal obligations.
4. What we do not do
- We do not sell or rent your personal information.
- We do not use your vault contents for advertising.
- We do not track you across third-party apps or websites for targeted advertising.
- We do not knowingly collect information from children under 13 (or the minimum age required in your country).
5. How we share information
We share information only in these limited circumstances:
- With contacts you choose — when you link assets to contacts and trigger sharing, those contacts receive only the encrypted items and access keys needed to view what you shared.
- Service providers — we use trusted providers to operate the service, such as cloud hosting, email delivery, and push notification services (e.g. Firebase Cloud Messaging). They process data on our behalf under contractual safeguards.
- App stores — Google and Apple process payments and may collect data according to their own privacy policies when you make a purchase.
- Legal requirements — we may disclose information if required by law, court order, or to protect the rights, safety, and security of users and the public.
- Business transfers — if we are involved in a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction, subject to this policy.
6. Data retention
We retain your account and encrypted vault data for as long as your account is active. If you delete your account from the Security settings in the app, we delete your account, contacts, vault items, and associated server data, subject to limited backup retention and legal hold requirements.
Purchase records may be retained as needed for billing, tax, and fraud-prevention purposes. Server logs are retained for a limited period for security and operations.
7. Security
We use industry-standard safeguards including encryption in transit (HTTPS/TLS), encryption at rest for sensitive fields, access controls, and secure key management. Vault content uses AES-256-GCM encryption on your device. No method of transmission or storage is 100% secure; please use a strong app PIN and keep your device secure.
8. International data transfers
Your information may be processed and stored on servers located outside your country. Where required, we take steps designed to ensure appropriate protections for cross-border data transfers.
9. Your rights and choices
Depending on your location, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate account information in the app.
- Delete your account and associated data.
- Withdraw consent where processing is based on consent (e.g. push notifications via device settings).
- Object to or restrict certain processing, where applicable by law.
- Lodge a complaint with your local data protection authority.
To exercise these rights, contact us at support@infoafterme.com. We will respond within a reasonable timeframe as required by applicable law.
10. California privacy rights (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To make a request, email support@infoafterme.com.
11. European privacy rights (GDPR)
If you are in the European Economic Area or UK, our legal bases for processing may include contract performance (providing the app), legitimate interests (security and fraud prevention), and consent (where applicable, such as optional notifications). You have the rights listed in Section 9 and may contact us to exercise them.
12. India
If you are in India, we process personal data in accordance with applicable Indian law, including the Digital Personal Data Protection Act, 2023 where it applies. You may contact us to access, correct, or erase your personal data, or to raise grievances regarding our processing.
13. Third-party links and services
The app may link to third-party services (such as app stores). Their privacy practices are governed by their own policies. We encourage you to review:
14. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the effective date above. Material changes may also be communicated through the app or by email where appropriate. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
15. Contact us
If you have questions about this Privacy Policy or our data practices, contact us at:
InfoAfterMe
Email: support@infoafterme.com
Website: https://infoafterme.com