Your data, treated with care.

Our Commitment to You

untilThen was built to help families preserve memories across time. We take the trust you place in us — especially when it involves the people you love — with the utmost seriousness. This Privacy Policy explains what we collect, how we use it, and how we protect it.

We will never sell your data. We will never use your recipients’ information for advertising. We will never share your memories with anyone who isn’t you.

If you have questions about this policy, contact us at hello@untilthenapp.io.

1. Who We Are

untilThen is operated by Untilthenapp, LLC (“we”, “us”, “our”). Our registered address is 1200 Camellia Blvd STE 203, Lafayette, LA 70508.

2. What Information We Collect

2.1 Account Information

When you create an account we collect:

• Your name and email address
• Your password (stored encrypted — we never see it in plain text)
• Your phone number (optional, for launch notifications only)
• Your date of birth (optional, for demographic purposes only)

2.2 Time Capsule Recipient Information

When you create a Time Capsule we collect:

• The recipient’s first name
• The recipient’s date of birth (optional)
• The Time Capsule’s reveal date

We collect the absolute minimum information necessary about recipients. We do not collect recipients’ email addresses, phone numbers, photos of recipients’ faces for identification purposes, or any biometric data. Names and birthdays are stored solely to personalise the Time Capsule experience.

2.3 Content You Create

We store everything you write, record, upload, or create within the app:

• Letters and written entries
• Voice recordings
• Photos and videos
• Collection titles and descriptions

This content belongs to you. We store it to deliver the service. We do not read, analyse, or use your content for any purpose other than storing it and delivering it to you and your designated recipients.

2.4 Gift Capsule Recipients

For Gift Capsules, we collect the recipient’s name and email address to deliver the capsule on the reveal date. Recipients who create accounts to save their capsule are subject to this Privacy Policy.

2.6 Payment Information

Payment processing is handled by Square. We do not store your credit card number, CVV, or full payment details. We store only a payment reference ID from Square and your subscription status. Square’s privacy policy applies to payment data.

2.7 Usage Data

We collect anonymised usage data through PostHog analytics including:

• Pages visited
• Features used
• Session recordings (with all text inputs masked — we cannot see what you write)
• Browser type and device type

We use this data to improve the product. It is never linked to a recipient’s identity.

2.8 Technical Data

• IP address (for security and fraud prevention)
• Cookies and session tokens (for keeping you logged in)
• Error logs (to fix bugs)

3. Children’s Privacy — Our Strongest Commitment

Time Capsule recipients can be anyone — yourself, a partner, a parent, a friend, or a child. When a recipient is under 13, we apply the additional protections described in this section.

3.1 COPPA Compliance

untilThen complies with the Children’s Online Privacy Protection Act (COPPA). We do not knowingly collect personal information directly from children under 13 for the purpose of creating accounts.

Account creators — Vault owners, contributors, and Gift Capsule organisers — must be 18 or older. They create and manage Time Capsules on behalf of recipients.

Recipients — receive Time Capsules at whatever age the Vault owner designates as the reveal date. There is no minimum age for receiving a Time Capsule. When a recipient creates an account to access their Time Capsule at reveal, they do so at the age the Vault owner has chosen. If that age is under 13, the parent or guardian should assist with account creation and the parent remains responsible for the child’s use of the service in accordance with COPPA.

3.2 Recipient Account Creation

Recipients only create untilThen accounts when their Time Capsule reveal date arrives. At no point do we solicit personal information from children to create accounts before they are of appropriate age.

3.3 What We Store About Recipients

We store only:

• First name (as entered by the Vault owner)
• Date of birth (optional, entered by the Vault owner)
• Reveal date (set by the Vault owner)

We do not store recipients’ phone numbers, addresses, school information, photographs for identification purposes, or any other sensitive personal data.

3.4 Time Capsule Content

Photos, videos, and voice recordings uploaded to a Time Capsule are stored securely and are never accessible to anyone other than the Vault owner, approved contributors, and the recipient themselves after the reveal date.

3.5 No Advertising to Children

We do not serve advertising of any kind. We do not use children’s data for any commercial purpose. We do not share children’s data with advertisers, data brokers, or third-party marketing platforms. Ever.

3.6 Vault-Owner Control

Vault owners have full control over their Time Capsules at all times:

• Delete individual entries
• Delete the entire Time Capsule
• Transfer Vault ownership to a designated trustee
• Request complete data deletion

4. Absolute Prohibitions — Zero Tolerance

The following are strictly prohibited on untilThen and will result in immediate account termination, reporting to law enforcement, and vigorous legal action:

4.1 Child Sexual Abuse Material (CSAM)

The upload, storage, sharing, or distribution of any sexually explicit material involving minors is absolutely prohibited. This includes photographs, videos, illustrations, or any other media.

Any such content discovered on our platform will be:

1. Immediately removed
2. Reported to the National Center for Missing and Exploited Children (NCMEC) as required by law
3. Reported to the FBI and relevant law enforcement agencies
4. Subject to the fullest civil and criminal legal action available

We take this with absolute seriousness. There are no warnings, no second chances, and no exceptions.

4.2 Grooming or Exploitation

Using untilThen to groom, exploit, manipulate, or gain inappropriate access to minors is strictly prohibited and will be reported to law enforcement immediately.

4.3 Misrepresentation

Creating accounts with false identities to gain access to a Time Capsule or to deceive contributors or recipients is prohibited.

4.4 Unauthorised Access

Attempting to access sealed Time Capsule content before the reveal date through any technical means is prohibited.

5. How We Use Your Information

We use the information we collect to:

• Provide and improve the untilThen service
• Send emails you’ve requested (confirmation emails, contributor invites, reveal day emails)
• Send occasional product updates (maximum once per month — you can unsubscribe at any time)
• Detect and prevent fraud and abuse
• Comply with legal obligations
• Respond to your support requests

We do not use your information for:

• Advertising or marketing to third parties
• Selling to data brokers
• Training AI models
• Any purpose not listed above

6. How We Share Your Information

We share your information only in these limited circumstances:

6.1 Service Providers

We use trusted third-party services to operate untilThen:

• Clerk — authentication and account management
• Railway — hosting and database
• Cloudflare — media storage and DNS
• Resend — email delivery
• Square — payment processing
• PostHog — anonymised analytics

Each provider is bound by their own privacy policies and data processing agreements. We share only the minimum data necessary for each provider to perform their service.

6.2 Legal Requirements

We may disclose information if required by law, court order, or to protect the safety of our users or the public. We will notify you of any such disclosure where legally permitted to do so.

6.3 Business Transfer

If untilThen is acquired or merged, your data may transfer to the new entity. We will notify you before any such transfer and give you the opportunity to delete your account.

We do not sell your personal information. Ever.

7. Data Storage and Security

7.1 Where We Store Data

Your data is stored on servers located in the United States. If you are located outside the United States, your data is transferred to and processed in the United States.

7.2 How We Protect Your Data

• All data is encrypted in transit (TLS/HTTPS).
• Database storage volumes and media files are encrypted at rest by our infrastructure providers (Railway-managed Postgres and Cloudflare R2).
• Media files are served through signed, time-limited URLs — the underlying objects in storage are never publicly addressable.
• Sealed Time Capsule content is never transmitted to a recipient’s device until the reveal date.
• Authentication is managed by Clerk; passwords are never stored by untilThen, and PINs you set on your vault are hashed with scrypt and never stored in plain text.
• Access to production systems is restricted to authorised personnel, and administrative actions on user data are recorded in an internal audit log.
• We do not currently apply application-level encryption to the content of letters, contributions, or media (beyond the infrastructure-level encryption described above). This means that authorised untilThen personnel with database access could technically read this content in the course of operating the service or responding to abuse reports. We are evaluating per-account encryption for a future release; this notice will be updated when that work ships.

7.3 Data Retention

• Active accounts: Data retained for as long as your subscription is active
• Cancelled subscriptions: Entries preserved for 12 months after cancellation, then deleted with 30 days notice
• Gift Capsule drafts: Deleted after 7 days if not activated
• Deleted accounts: Data purged within 30 days of account deletion request
• Legal holds: Data retained as required by law

8. Your Rights

Depending on your location, you may have the following rights:

8.1 Access

You can request a copy of all personal data we hold about you by emailing hello@untilthenapp.io.

8.2 Correction

You can update your personal information at any time from your account settings.

8.3 Deletion

You can request deletion of your account and all associated data from your account settings or by emailing hello@untilthenapp.io. We will process deletion requests within 30 days.

8.4 Data Export

You can request a full export of your Vault contents — letters, photos, voice notes, and videos — by emailing hello@untilthenapp.io.

8.5 Opt-out of Communications

You can unsubscribe from all non-essential emails at any time using the unsubscribe link in any email or from your account notification settings.

For SMS messaging see Section 9 (SMS Messaging Program) below — reply STOP to any untilThen message to immediately end further messages, or reply HELP to receive support information.

8.6 CCPA Rights (California Residents)

California residents have additional rights under the California Consumer Privacy Act including the right to know, right to delete, and right to opt-out of sale (we do not sell data). Contact hello@untilthenapp.io to exercise these rights.

8.7 GDPR Rights (EU/UK Residents)

EU and UK residents have rights under GDPR including access, rectification, erasure, restriction, portability, and objection. Contact hello@untilthenapp.io to exercise these rights.

9. SMS Messaging Program

untilThen sends transactional SMS messages from a U.S. long code registered through the A2P 10DLC framework via our messaging provider, Twilio.

9.1 What Messages You May Receive

• Account verification codes (one-time passcodes used during sign-up or sign-in).
• Capsule activity updates — confirmation that a capsule has been activated, contributors have been invited, or a capsule has been saved by a recipient.
• Reveal-day alerts — on the day a capsule opens, the recipient may receive a single SMS notifying them their capsule is ready, with a magic link.
• Contributor invite reminders — if a capsule contributor provided a phone number through a wedding QR or guest flow and opted into SMS, they may receive up to two reminders before the contribution deadline.

9.2 How You Opt In

We collect SMS consent at three points, and the consent text + STOP/HELP language is shown directly at each opt-in:

• Account registration — users voluntarily provide a phone number while signing up at untilthenapp.io/sign-up and agree to receive transactional SMS as part of the service.
• Direct invite — when an organiser adds a contributor whose phone number is provided, the contributor may receive an SMS invite or reveal-day alert. Organisers confirm at submission that the recipient has consented.
• Wedding capsule opt-in — guests contributing to a wedding capsule via the public untilthenapp.io/wedding/… flow may provide their phone number to receive a reminder when the capsule is sealed and on the reveal date.

9.3 Message Frequency

Frequency varies by capsule activity. A typical capsule lifecycle produces between 1 and 5 SMS messages per recipientacross activation, reminders, and the reveal alert. Users who provide a phone number outside an active capsule (e.g. account verification only) typically receive between 1 and 2 messages per sign-in.

9.4 Message and Data Rates

Message and data rates may apply. Standard carrier rates from your mobile carrier apply to every message sent or received. untilThen does not charge a separate fee for SMS.

9.5 STOP and HELP

You may opt out of any further untilThen SMS at any time by replying STOP to any message we send. You will receive a single confirmation message and no further SMS unless you opt back in. Recognised opt-out keywords also include OPTOUT, CANCEL, END, QUIT, UNSUBSCRIBE, REVOKE, and STOPALL.

Reply HELP (or INFO) for support details. For account or messaging help, contact hello@untilthenapp.io.

9.6 Mobile Number Handling

We do not sell, rent, or share mobile numbers with third parties for marketing purposes. Phone numbers are used only to deliver the transactional SMS described above and to support account recovery. We share numbers only with the service providers strictly necessary to send the message (Twilio for SMS delivery; Clerk for authentication verification codes). See Section 6 (How We Share Your Information) for the full list of subprocessors.

If you remove your phone number from your account, we stop sending SMS to that number on the next request and delete the stored value within 30 days, except where required to retain it (e.g. fraud investigation, legal hold).

9.7 Carriers and Geographic Scope

Our SMS program is supported by major U.S. wireless carriers (AT&T, T-Mobile, Verizon, and most regional carriers). Messages are not currently sent to numbers outside the United States. Carriers are not liable for delayed or undelivered messages.

10. Cookies

We use cookies to:

• Keep you logged in (essential — cannot be disabled)
• Remember your preferences (functional)
• Understand how the product is used (analytics — PostHog)

You can control cookie settings through your browser. Disabling essential cookies may prevent the app from functioning correctly.

11. Changes to This Policy

We will notify you of material changes to this Privacy Policy by email and by posting a notice on the app. Your continued use of untilThen after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

Privacy inquiries: hello@untilthenapp.io
Child safety concerns: hello@untilthenapp.io
General support: hello@untilthenapp.io

To report child sexual abuse material or child exploitation, contact:

• NCMEC CyberTipline: www.missingkids.org/gethelpnow/cybertipline or 1-800-843-5678
• FBI: tips.fbi.gov
• Local law enforcement: 911

This Privacy Policy was last updated on April 15, 2026. A lawyer review is recommended before this policy is considered final for legal purposes.