How we collect, use, and share information. We don't sell your data and we don't train AI models on what you save. Your library is yours.
This Privacy Policy describes how Afterthought AI, Inc. ("Afterthought," "we," "us") collects, uses, and shares personal information when you use the Afterthought AI website, browser extension, mobile applications, desktop applications, and related services (the "Service").
We do not sell your personal information. We do not use your content to train AI models. Your data is yours.
If you have questions, email privacy@afterthoughtai.com.
This Policy applies to personal information we collect through the Service. It does not apply to third-party websites, services, or content you access through the Service, which are governed by their own privacy policies.
The Service is currently offered in beta. Features and data practices may change as the Service evolves; we will update this Policy and provide notice of material changes as described in Section 12.
We use personal information to:
We do not use your User Content (saved items, notes, prompts, or AI conversations) to train AI models, our own or third-parties'.
If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR:
We share personal information only as described below. We do not sell it.
We share information with vendors that process data on our behalf under written agreements requiring confidentiality and appropriate safeguards. Our service providers fall into the following categories:
| Category | Purpose | Data shared |
|---|---|---|
| Cloud infrastructure and hosting | Authentication, database, file storage, edge compute, content delivery, and related infrastructure | Account information, User Content, server logs, technical metadata |
| AI and machine-learning providers | Generating AI assistant responses, producing embeddings for semantic search, and AI quality monitoring | AI prompts, relevant excerpts of your User Content |
| Product analytics | Understanding aggregate usage to improve the Service | Pseudonymous event data, device metadata |
| Error monitoring and operations | Detecting and resolving bugs, outages, and abuse | Error logs, device metadata, limited contextual data |
| Authentication providers | Sign-in if you choose to use Google or Apple OAuth | Basic profile information |
| Payment processing | Processing subscription payments, if you opt into a paid plan in the future | Billing metadata |
We have configured our AI providers so that data we send is not used to train their general models. Each provider is bound by its own contractual and regulatory commitments and has its own privacy practices governed by its own policy.
A current list of the specific sub-processors we use is available at afterthought.com/subprocessors and on request from privacy@afterthoughtai.com. We will provide notice of material changes to our sub-processor list as described in Section 12.
We may disclose information when we believe in good faith that disclosure is necessary to (a) comply with a law, regulation, subpoena, court order, or other legal process, (b) protect the rights, property, or safety of Afterthought, our users, or the public, (c) detect, prevent, or address fraud, abuse, or security incidents, or (d) enforce our Terms of Service. Where legally permitted, we will notify you of legal demands for your information.
If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will require the recipient to honor this Policy or notify you so you can choose how to respond.
We will share your information for any other purpose with your consent.
We may share aggregated or de-identified information that cannot reasonably be used to identify you.
We are based in the United States, and our service providers are located in the United States and other countries. If you use the Service from outside the United States, your information will be transferred to and processed in countries that may have data protection laws different from those in your country.
For transfers from the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (or equivalent UK and Swiss mechanisms) and require providers participating in the EU-U.S. Data Privacy Framework to maintain that certification, where applicable. You may request a copy of the relevant transfer mechanism by contacting privacy@afterthoughtai.com.
We retain personal information for as long as your account is active or as needed to provide the Service. When you delete your account or request deletion of your data, we will delete or anonymize it within 30 days, subject to:
| Data | Retention period |
|---|---|
| Account profile and User Content | While account is active; deleted within 30 days of an account-deletion request |
| AI prompts and conversations | Until you delete them or your account |
| Encrypted backups | Up to 90 days from creation, after which they are overwritten on a normal cycle |
| Server logs | Up to 90 days |
| Analytics events | Up to 24 months in aggregated form |
| Records required by law (e.g., tax, fraud, legal holds) | As required by applicable law |
| Suppression lists (to honor your deletion or unsubscribe requests) | Indefinitely, in minimal form |
We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS) and at rest, access controls, principle-of-least-privilege for personnel access, and security monitoring. No system is perfectly secure, and we cannot guarantee absolute security. If we discover a security incident affecting your personal information, we will notify you and any required authorities as required by applicable law.
The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16 without parental consent (where required), we will delete it. If you believe a child has provided personal information to us, contact privacy@afterthoughtai.com.
You have certain rights regarding your personal information. We honor these rights regardless of where you live, except where we are legally required to apply different rules.
You may:
To exercise these rights, email privacy@afterthoughtai.com from the email address associated with your account, or use in-app controls where available. We will respond within the time required by applicable law (generally within 30–45 days). We may need to verify your identity before completing a request.
We do not send marketing emails without consent. If we do, you can unsubscribe at any time using the link in the message or by contacting us. Service-related communications (security alerts, account notices) cannot be opted out of.
You can control cookies through your browser settings. On iOS, applications must request your permission via Apple's App Tracking Transparency (ATT) framework before tracking you across apps and websites operated by other companies. Where ATT applies to our Service, we will request your permission as required; you can change your choice at any time in iOS Settings. Disabling cookies or tracking may affect Service functionality.
We do not respond to "Do Not Track" browser signals at this time, as there is no consensus industry standard for honoring them. We do not engage in cross-context behavioral advertising, and we do not share personal information for that purpose.
If you are a California resident, you have the right to:
We do not solicit "sensitive personal information" as defined by the CPRA, and we do not knowingly collect it from sign-up forms or our own collection mechanisms. You may, however, choose to save content (such as articles or notes about health, religion, or other sensitive topics) that incidentally contains such information. In that case, the information is provided voluntarily as part of your User Content and is processed only to provide the Service to you, which is permitted under California law without further consent or right-to-limit. Categories of personal information we have collected, sources, and disclosure recipients in the past 12 months are described in Sections 2 and 4.
To exercise California rights, email privacy@afterthoughtai.com. You may also designate an authorized agent; we will require proof of authorization.
If you are a resident of a U.S. state with a comprehensive privacy law, you have rights similar to those described above, including the rights to access, correct, delete, and obtain a portable copy of your personal information, and to opt out of targeted advertising, sale of personal information, and certain profiling. We do not engage in targeted advertising, sell personal information, or conduct profiling that produces legal or similarly significant effects. To exercise these rights, email privacy@afterthoughtai.com.
If we deny your request, you may have the right to appeal. To appeal, reply to our denial or contact privacy@afterthoughtai.com with the subject "Privacy Appeal." Depending on your state, you may also have the right to lodge a complaint with your state attorney general.
If you are in the EEA, UK, or Switzerland, you have the rights described in this Section 9 plus the rights to (a) restrict or object to processing, (b) withdraw consent where we rely on it, and (c) lodge a complaint with your local data protection authority. To exercise these rights, email privacy@afterthoughtai.com.
The data controller is Afterthought AI, Inc., [address].
We do not use automated decision-making that produces legal or similarly significant effects on you. The AI features generate outputs at your request to help you interact with content you have saved; they do not make decisions about you.
The Service may display content from, or link to, third-party websites and services. Those third parties have their own privacy practices, and we are not responsible for them. Review their policies before providing them with personal information.
We may update this Policy from time to time. If we make material changes, we will provide notice (by email or in-app notification) at least 15 days before the change takes effect. The "Last Updated" date at the top of this Policy reflects when it was most recently revised. Your continued use of the Service after the effective date of an updated Policy constitutes acceptance.
For privacy questions, requests, or complaints:
Email: privacy@afterthoughtai.com Mailing address: 548 Market St #93142, San Francisco, CA 94104, USA