1. Who We Are

Celtic Software Limited (Company No. 11137441), registered in England and Wales with a registered office at 58c Risca Road, Rogerstone, Newport, United Kingdom, NP10 9FZ, operates the Afterwords platform.

Celtic Software Limited is the Data Controller responsible for your personal data under UK GDPR.

If you have any questions about this Privacy Policy or your data, you can contact us at:
Email: support@afterwords.app

2. What Information We Collect

We collect the following categories of information:

• Account Information: Name, email address, login details.
• User-Provided Written and Spoken Data: Funeral plans, later life preferences, personal wishes, and any other content you choose to store or share.
• Optional Sensitive Information: You may choose to include information such as health details, religious beliefs, or other sensitive personal data within your content.
• Usage & Technical Data: Device information, interaction logs, and analytics data.
• Payment Information: Processed securely by Stripe. We do not store full payment card details.

3. Special Category Data

Some content you provide may include “special category data” under UK GDPR (such as health or religious information).

Where you choose to include such information, we process it based on your explicit consent, which you provide by voluntarily submitting and storing it within your account.

4. How We Use Your Information

• To provide and operate the Afterwords platform.
• To enable secure sharing with nominated users.
• To manage your account and respond to support requests.
• To process payments via Stripe.
• To improve platform performance and security.
• To comply with legal and regulatory obligations.

5. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

• Contractual Necessity: To provide the services you sign up for.
• Consent: Where you provide optional or special category data.
• Legitimate Interests: To operate, improve, and secure our services.
• Legal Obligation: Where we are required by law.

6. Data Sharing

We do not sell your personal data.

We may share your data with:

• Nominated Users: Individuals you explicitly choose to grant view-only access to.
• Service Providers:
  • Microsoft Azure (UK data centres)
  • Stripe (payment processing)
  • Zoho Mail (email services)
• Regulators or Authorities: Where legally required.

7. International Transfers

Your primary data is stored in Microsoft Azure UK data centres.

Some service providers (such as Stripe or Zoho) may process limited data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or equivalent mechanisms.

8. Data Security

We implement technical and organisational measures appropriate to the risk, including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of data at rest
• Additional application-level encryption of user-written content
• Strict access controls and role-based permissions
• Private network access to storage infrastructure
• Monitoring and logging of administrative actions

Access to your data is restricted to authenticated users through the application only. Staff access is limited, controlled, and logged.

9. Data Retention

• Account and personal data is deleted within 30 days of confirmed account deletion.
• System logs and analytics data are retained for up to 90 days.
• Shared access tokens expire automatically and cannot be reused.

Retention of Inactive Accounts

Accounts that have been inactive for 12 months (meaning no login activity during that period) may be flagged for review.

We will contact the account holder using their registered email address to confirm whether they wish to keep the account active.

a. If the user confirms that they wish to delete the account, the account will be closed and personal data deleted within 30 days.

b. If there is no response within 3 months of notification and where the account holder has nominated contacts, we may contact nominated contacts solely to confirm whether the account should remain active. If no response is received from nominated contacts within 3 months, or contacts confirm the account should be closed, the account will be closed and personal data deleted within 30 days.

10. Your Rights Under UK GDPR

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request erasure of your data
• Restrict or object to processing
• Request data portability
• Withdraw consent at any time

To exercise your rights, contact: support@afterwords.app

11. Complaints

If you believe we have not handled your data in accordance with data protection law, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner’s Office
Website: https://ico.org.uk
Telephone: 0303 123 1113

12. Marketing Communications

We may send service-related communications and, where permitted, marketing communications. You may opt out of marketing emails at any time using the unsubscribe link provided.

13. Children

Our services are not intended for individuals under the age of 18. We do not knowingly collect data from children.

14. Cookies

We use cookies and analytics tools to improve website functionality and performance. Non-essential cookies are only set with your consent. You may withdraw consent at any time via our cookie settings tool.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be notified through the platform or by email.