Ready to receive
your first letter?
We built Thereafter around trust. Here is exactly what we collect, what we don't, and why.
Last updated: March 12, 2026
Thereafter is a daily letter app built around a simple idea: a quiet, personal space in your day. Each day, a letter from an anonymous friend known as The Writer is delivered to you at a time you choose. You can save the letters that resonate with you, write time capsules to your future self, and exchange anonymous letters with other users through a feature called Echoes.
This Privacy Policy explains how Thereafter ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our app. It also describes your rights and the choices available to you. By creating an account, you agree to the practices described in this policy. We encourage you to read it carefully.
When you sign in to Thereafter using Google or Apple, we receive your name and email address from your sign-in provider. If you choose to sign in with Apple and elect to hide your email, we receive a private relay address rather than your personal email. This information is used solely to create and authenticate your account.
Once your account is created, you may provide additional profile information such as a display name, date of birth, and an avatar selection. Your date of birth is collected to verify that you meet our minimum age requirement of 18 and is stored securely on our servers. Your display name is used as your anonymous identity in Echoes conversations. Other participants see only this display name and never your real name or email. We also store your app preferences, including your chosen letter delivery time, stationery theme, and dark mode setting.
As you use Thereafter, we store the content you create. This includes letters you have favorited, afterthoughts you have written on daily letters, time capsules and reflections you have written, and any anonymous letters you send or receive through Echoes. Time capsules and reflections are entirely private to you. Anonymous letters are delivered to other users without any identifying information attached. When you reply to an Echo and begin a conversation, we store the messages exchanged within that thread. Each conversation uses only the anonymous display name you chose during setup, and your real identity is never revealed to the other participant.
We record which dates you open your daily letter in order to calculate your reading streak and display your reading stats. This information is visible only to you and is never shared with other users or third parties.
To operate the app reliably, we collect certain device and technical information: your timezone, used to deliver your letter at the correct time; your push notification token, used to send delivery notifications you have opted into; and error and crash data, collected through Sentry to diagnose and fix issues. Sentry is disabled during development and samples a percentage of sessions in production. Error logs contain minimal device context and are configured to exclude the content of your letters or messages.
If you choose to set up a PIN for app security, we store a one-way cryptographic hash of your PIN on our servers and securely on your device (for offline lock screen access). We never store the PIN itself, and the hash cannot be reversed to recover it. If you enable biometric unlock such as Face ID or Fingerprint, we store only a simple boolean preference indicating that the feature is turned on. We do not collect, store, or process your actual biometric data. All biometric authentication is handled entirely on your device by your operating system, and your biometric templates never leave your device.
Subscriptions to Thereafter Premium are processed through Apple's App Store or Google Play. We do not collect or store any of your payment details. RevenueCat, our subscription management provider, receives an anonymous user identifier to track your subscription status on our behalf.
When you take safety actions within the app, we store the relevant records. If you block a user in a conversation, we store a record of that block so we can enforce it. If you archive a conversation, we store that preference. If you report a conversation for a potential violation, we store the report including the reason you selected, any additional details you chose to provide, and a reference to the relevant thread or message. These records are used solely for enforcing safety measures and reviewing potential violations.
We use the information we collect for the following purposes: delivering your daily letter at your chosen time; storing and displaying your favorites, afterthoughts, time capsules, and reflections; delivering and receiving anonymous Echoes; calculating and displaying your reading streak and stats; sending push notifications you have opted into; managing your subscription status; enforcing blocks and processing reports for user safety; and diagnosing bugs and improving app stability.
We do not use your information for advertising, behavioral profiling, targeted marketing, or any purpose beyond operating and improving Thereafter.
We do not sell, rent, or trade your personal data. We have never sold personal information and do not intend to. We do not run ads or share data with advertising networks.
We share information only with the service providers necessary to operate the app. Supabase provides our database, authentication, and real-time messaging infrastructure and processes your account data, content, and profile information. RevenueCat manages subscriptions and receives only an anonymous user identifier and your subscription status. Sentry handles error tracking and crash reporting and receives device information and error logs with minimal context. Expo provides push notification delivery and receives your push token and notification content. Apple and Google handle authentication and payment processing through their respective platforms. Uploadcare hosts avatar images used within the app.
Each of these providers processes data only as necessary to deliver their services to us and is bound by their own privacy policies and data protection commitments. We maintain data processing agreements with our service providers where required by applicable law, ensuring they process your data only as instructed and with appropriate safeguards in place.
Your data is stored on servers operated by Supabase. Depending on your region, this may involve transferring your data to servers located in the United States or other countries where data protection laws may differ from those in your jurisdiction. We rely on our service providers' safeguards, including Standard Contractual Clauses where applicable, to ensure that your data receives an adequate level of protection when transferred internationally. By using Thereafter, you acknowledge and consent to the transfer and processing of your data in accordance with this policy.
EEA and UK Users (GDPR). If you are located in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases. Processing necessary to provide you with the Thereafter service, including delivering letters, storing your content, and managing your account, is carried out on the basis of our contractual obligation to you. Error tracking, crash reporting, and the processing of safety reports are carried out on the basis of our legitimate interest in maintaining a stable and safe service. Push notifications and optional features such as reading streak tracking are based on your consent, which you may withdraw at any time through your device settings or by deleting your account.
California Users (CCPA/CPRA). If you are a California resident, you have the right to know what personal information we collect and how it is used, to request correction of inaccurate personal information, to request deletion of your personal information, and to not be discriminated against for exercising your privacy rights. We do not sell your personal information and have not done so in the preceding 12 months. We do not share your personal information for cross-context behavioral advertising.
Canadian Users (PIPEDA). If you are a Canadian resident, we collect, use, and disclose your personal information only with your meaningful consent and for purposes that a reasonable person would consider appropriate. You have the right to access the personal information we hold about you, to challenge its accuracy, and to withdraw your consent to its continued use. You may also file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated. To exercise any of these rights, contact us using the information provided at the end of this policy.
Anonymous letters sent through Echoes are checked against an automated content filter before delivery. This filter runs automatically to help keep Echoes a safe and respectful space. Follow-up messages within Echo conversations are not automatically screened; if you encounter harmful content in a chat, please use the in-app report feature. We never review your private content unless a report is submitted by another user regarding a specific conversation. Content that is blocked by the filter is not stored or delivered.
Your data is kept for as long as you maintain an active account with Thereafter. If your account remains inactive for an extended period, we may contact you at the email associated with your account before taking any action regarding your data.
If you choose to delete your account — which you can do at any time from the Profile screen within the app — your data is removed from our active database immediately. This includes your profile, favorites, time capsules, reflections, echoes, conversations, reading history, reports you have submitted, and any block or archive records. Residual copies may persist in encrypted automated backups for a limited period (up to 30 days) before being permanently overwritten, during which time they are not accessible or used for any purpose.
Anonymous letters you have sent that were already delivered to other users will have their content replaced with a placeholder indicating the content is no longer available. Conversation threads involving a deleted account are preserved for the remaining participant, but all message content from the deleted user is replaced with a placeholder. The remaining participant will see that the other person has left Thereafter, but no identifying information about the deleted account is retained.
All Users. All users of Thereafter can access their profile information, favorites, afterthoughts, time capsules, and reading stats directly within the app; update their display name, avatar, delivery time, and preferences from the profile screen; permanently delete their account and all associated data from the Profile screen; and enable or disable push notifications through device settings or within the app.
EEA and UK Users (GDPR). In addition to the above, you have the right to request a copy of your personal data in a portable format; request that we restrict or limit how we process your data; object to processing carried out on the basis of legitimate interest; request the erasure of your personal data; and withdraw your consent where processing is based on consent. To exercise any of these rights, contact us at the address provided below and we will respond within 30 days.
California and Canadian Users. If you are a California resident, your rights under the CCPA/CPRA are described in the Legal Basis for Processing section above. If you are a Canadian resident, your rights under PIPEDA are also described in that section.
Filing a Complaint. If you believe your privacy rights have been violated, you have the right to lodge a complaint with your local data protection authority. For EEA users, this is your national supervisory authority. For UK users, this is the Information Commissioner's Office. For Canadian users, this is the Office of the Privacy Commissioner of Canada.
We take reasonable and appropriate measures to protect your personal information, including encrypted connections (HTTPS/TLS) for all data in transit between the app and our servers; row-level security on our database, ensuring each user can only access their own data; one-way cryptographic hashing (SHA-256) for PIN storage, meaning PINs cannot be reversed or recovered; and on-device biometric processing with no biometric data ever transmitted to or stored on our servers.
No method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security. However, we continuously review and improve our security practices to protect your information to the best of our ability.
In the event of a data breach that compromises your personal information, we will notify affected users without undue delay and in accordance with applicable law. Where required by GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Notifications will include the nature of the breach, the types of data affected, and the steps we are taking in response.
Thereafter is not intended for anyone under the age of 18. We verify age during the onboarding process and do not knowingly collect personal information from children under 18. If we learn that we have inadvertently collected data from a child under 18, we will delete that account and all of its associated data promptly. If you believe that a child under 18 is using Thereafter, please contact us so we can take appropriate action.
The app may contain links to external websites, such as our Terms of Service or other resources. These websites operate independently from Thereafter, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party websites you visit.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the features of Thereafter. If we make meaningful changes, we will notify you via the email address associated with your account. The "Last updated" date at the top of this policy will always reflect the most recent version. Your continued use of Thereafter after any changes to this policy constitutes your acceptance of the updated terms.
If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how your data is handled, please contact us at privacy@thereafterapp.com.