Privacy Policy - Afterglow

This Privacy Policy explains how Afterglow ("we," "our," or "us") collects, uses, and protects your information when you use afterglow.app (the "Service").

1. Information we collect

Category	Examples
Account info	Email address from Stripe Checkout
User Inputs	Prompts, names, settings, premises
Payment info	Card data (handled by Stripe)
Usage data	IP address, browser type, interaction logs

We do not knowingly collect data from children under 18.

2. How we use your information

Provide, maintain, and improve the Service
Train and fine‑tune AI models (prompts may be used in de‑identified form)
Communicate with you (receipts, support)
Marketing and promotional activities
Detect and prevent fraud or misuse
Comply with legal obligations

3. Sharing of information

We share data only with:

Stripe – payment processing (PCI DSS compliant)
Infrastructure providers – Vercel (hosting), Supabase (database), Venice AI (model inference)
Advertising and marketing partners – Google Ads, Meta, TikTok
Law enforcement or regulators when legally required

4. Cookies & tracking

Type	Examples	Purpose	Legal basis
Essential	Session cookie, Stripe cookie	Site operation, fraud prevention	Contractual necessity
Analytics	Vercel Analytics cookie	Product improvement	Legitimate interest or consent (EEA)
Advertising	Google Ads gclid, Meta Pixel, TikTok Pixel	Measure & optimise campaigns, show relevant ads	Consent (opt‑in in EEA) / Opt‑out (CCPA)

Your choices

A cookie banner allows Accept All, Reject All, or Customize. Advertising cookies are off until you opt in where required.
You can delete or block cookies in your browser.
Opt‑out links: Google Ads settings, Meta ad preferences.
We honour the Global Privacy Control (GPC) signal.

5. Data retention

Data	Retention
Payment records	7 years (tax & accounting)
User Inputs & Generated Content	Indefinitely, unless you request deletion
Server logs	30 days, unless needed for security

6. Your rights

Depending on your jurisdiction you may have rights to access, correct, delete, or port your data, and to object to or restrict processing.
Email readafterglow@gmail.com to exercise these rights; we will verify your identity before responding.

7. Security

Data is encrypted in transit (TLS) and at rest. Access to production systems is restricted and protected by MFA.

8. International transfers

Your data may be processed in the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

9. Changes to this Policy

We may update this Policy. Material changes will be announced on the Service and reflected by a new "Last updated" date.

10. Contact

Privacy questions? Email readafterglow@gmail.com.

Afterglow — Privacy Policy