Tell Them Later

Privacy Policy

Version 1.0Effective Date: February 10, 2026

Tell Them Later ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website, applications, and services (collectively, the "Service"). By using the Service, you consent to the practices described in this Privacy Policy.

1. Information We Collect

We collect the following categories of information:

1a. Account Information

When you create an account, we collect your display name, email address, password (stored as a cryptographic hash, never in plain text), phone number (optional), preferred language, and mailing address (optional, required for physical delivery).

1b. Identity Verification Information

To facilitate the death verification process, you may provide your full legal name, date of birth, and place of birth. This information is used solely for matching against death certificates and is only visible to your designated Executor and our verification team.

1c. Content You Create

We store the video messages, written letters, and other content you create using the Service. This content is stored securely and is only delivered to your designated Recipients after your passing has been verified.

1d. Death Certificates

When an Executor submits a death certificate, we collect and store the certificate image, certificate number, issuing authority, and date of death. Death certificates are treated as highly sensitive documents and are stored securely. They are used solely for the purpose of verifying a Creator's passing and are retained as legal evidence of the verification process.

1e. Payment Information

We use Stripe to process payments. Your payment card details (card number, expiration date, CVC) are collected and processed directly by Stripe and are never stored on our servers. We receive and store only a tokenized reference, the last four digits of your card, the card brand, and the expiration date for display purposes.

1f. Recipient and Executor Information

When you designate Recipients and Executors, we collect their names, email addresses, phone numbers (optional), mailing addresses (optional), and relationship to you. If a Recipient or Executor does not have an account on Tell Them Later, we store this information as a "shadow" record until they create an account or access their messages.

1g. Automatically Collected Information

We automatically collect certain information when you use the Service, including your IP address, browser type and version, operating system, referring URLs, pages visited, and timestamps. This information is used for security, analytics, and improving the Service.

2. How We Use Your Information

We use your information for the following purposes:

  • To provide, maintain, and improve the Service, including storing and delivering your messages.
  • To process payments and manage your subscription and credit balance.
  • To verify death certificates and release messages to designated Recipients.
  • To send you transactional emails (account verification, recipient invitations, executor notifications).
  • To detect, prevent, and address fraud, abuse, and security issues.
  • To comply with legal obligations and respond to lawful requests from public authorities.
  • To enforce our Terms of Service and protect our rights and the rights of our users.

3. Lawful Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data under the following lawful bases:

  • Contract Performance: Processing necessary to provide the Service you have subscribed to, including storing your messages, processing payments, and delivering content to Recipients.
  • Consent: Where you have given explicit consent, such as when you accept these Terms and Privacy Policy at registration. You may withdraw consent at any time, but this will not affect the lawfulness of processing before withdrawal.
  • Legitimate Interest: Processing necessary for our legitimate interests, such as fraud prevention, security, and improving the Service, where these interests are not overridden by your rights.
  • Legal Obligation: Processing necessary to comply with legal requirements, such as retaining transaction records and responding to lawful data requests.

4. Data Retention

We retain your information for the following periods:

  • Content (messages, videos, letters): Stored for a minimum of 15 years from creation, subject to your account remaining in good standing. Content may be deleted earlier if your subscription lapses and you do not have sufficient purchased credits (see our Terms of Service for details).
  • Account information: Retained for as long as your account is active. Upon account deletion, personal information is scrubbed (soft-delete), but the account record is retained in a de-identified form.
  • Transaction history and audit logs: Retained indefinitely for legal and financial compliance purposes, even after account deletion.
  • Death certificates: Retained indefinitely as legal evidence of the verification process.
  • Automatically collected data (logs, IP addresses): Retained for up to 2 years for security and analytics purposes.

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We share your information only in the following circumstances:

5a. Service Providers

We use the following third-party service providers to operate the Service:

  • Amazon Web Services (AWS): Cloud infrastructure and data storage. Data is stored in the us-east-1 (N. Virginia) region.
  • Stripe: Payment processing. Stripe receives your payment card details directly and is PCI DSS compliant.
  • Resend: Transactional email delivery. Resend receives recipient email addresses and email content for the purpose of sending emails on our behalf.
  • Cloudflare: Bot protection and security (Turnstile). Cloudflare may receive your IP address and browser information for security verification.

5b. Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

5c. Business Transfers

If Tell Them Later is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information becomes subject to a different privacy policy.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right of Rectification: You may request that we correct inaccurate or incomplete personal data.
  • Right of Deletion: You may request that we delete your personal data. Please note that account deletion results in a soft-delete with data scrub, as described in our Terms of Service. Certain data (transaction history, audit logs) is retained for legal compliance.
  • Right of Data Portability: You may request that we provide your personal data in a structured, commonly used, machine-readable format.
  • Right to Restrict Processing: You may request that we restrict the processing of your personal data in certain circumstances.
  • Right to Object: You may object to the processing of your personal data based on our legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, please contact us at privacy@tellthemlater.com. We will respond to your request within 30 days (or within the timeframe required by applicable law).

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • We do not sell your personal information. We have not sold personal information in the preceding 12 months and do not intend to do so.
  • Right to Know: You may request that we disclose what personal information we collect, use, and share about you.
  • Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, please contact us at privacy@tellthemlater.com or use the "Delete Account" feature in your account settings.

8. International Data Transfers

Your information is stored and processed in the United States, specifically in the AWS us-east-1 (Northern Virginia) region. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. For users in the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for transferring personal data outside the EEA.

9. Cookies and Tracking

The Service uses only essential session cookies required for authentication and maintaining your logged-in state. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We use Cloudflare Turnstile for bot protection, which may set a cookie for security verification purposes.

10. Data Security

We implement industry-standard security measures to protect your personal information, including encryption in transit (TLS/HTTPS), secure credential storage (cryptographic hashing), access controls, and regular security reviews. While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

The Service is not intended for use by anyone under the age of 18 (or 16 in jurisdictions where GDPR applies). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at privacy@tellthemlater.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the version number and effective date at the top of this page. Your continued use of the Service after receiving notice of changes constitutes acceptance of the updated Privacy Policy.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@tellthemlater.com

Legal inquiries: legal@tellthemlater.com

Tell Them Later, Inc.

For GDPR-related inquiries, you may also contact our Data Protection representative at dpo@tellthemlater.com.