Privacy Policy
Last updated: March 2026
1. Who we are
Afterwards.app is a peer support community for breast cancer survivors, operated by an individual data controller based in the United Kingdom. We are not yet registered with the Information Commissioner's Office (ICO) but intend to complete registration shortly. For all data-related enquiries, contact us at hello@afterwards.app.
2. Special category data — health information
Membership of Afterwards implies that you are a breast cancer survivor or are currently in treatment for breast cancer. This constitutes special category data under UK GDPR (Article 9). The lawful basis for processing this information is your explicit consent, given via the self-declaration checkbox at registration.
You may withdraw this consent at any time by requesting account deletion. See Section 8 for how to do this.
We do not collect, store, or process your specific cancer type, diagnosis date, treatment history, or any other medical records. The only health-related data point we hold is your membership itself, which implies breast cancer survivor status.
3. What personal data we store
- First name
- Email address
- Postcode and region
- Hashed password (we cannot read your password)
- Event size preference (one-to-one, small group, or any)
- Photo consent preference
- Beacon status (whether you are currently available for a virtual coffee)
- Self-declaration confirmation (boolean — yes/no only)
- Account created date and last activity
We do not store: specific cancer type, treatment details, medical records, location beyond region/postcode, or payment information.
4. Why we collect this data and our lawful basis
| Purpose | Lawful basis |
|---|---|
| Creating and managing your account | Contract |
| Connecting you with local events and survivors | Contract / Legitimate interests |
| Processing breast cancer survivor status (special category) | Explicit consent (Article 9(2)(a)) |
| Sending transactional emails (verification, event updates) | Contract |
| Sharing anonymous group attendance counts with event sponsors | Legitimate interests |
5. Who we share data with
We do not sell your data. Ever. We do not share your personal data with third parties for marketing purposes.
Limited sharing occurs only in these circumstances:
- Event sponsors — receive only anonymous, aggregated attendance counts (e.g. "12 people attended"). No names, emails, or personal data are shared.
- Brevo — our email delivery provider, acting as a data processor under a data processing agreement. Brevo processes your email address solely to deliver transactional emails on our behalf. Brevo Privacy Policy.
6. Hosting and data location
Afterwards.app is hosted on infrastructure located within the EU/UK. Your data does not leave the UK/EEA except where Brevo's processing infrastructure is used, which is subject to appropriate safeguards.
7. Data retention
We retain your account data for as long as your account is active. Accounts that have been inactive for 24 months will be anonymised — your name and email will be removed, and any remaining data will be retained only in aggregate, non-identifiable form.
You may request deletion of your account at any time (see Section 8).
8. Your rights under UK GDPR
You have the following rights regarding your personal data:
- Right of access — request a copy of the data we hold about you
- Right to erasure — request deletion of your account and all associated personal data
- Right to portability — receive your data in a machine-readable format
- Right to rectification — correct inaccurate data we hold
- Right to withdraw consent — withdraw your self-declaration consent at any time (this will result in account closure)
- Right to object — object to processing based on legitimate interests
To exercise any of these rights, email us at hello@afterwards.app. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
9. Cookies
We use a single session cookie to keep you signed in. We do not use tracking cookies, advertising cookies, or analytics that identify you personally.
10. Changes to this policy
If we make material changes to this policy, we will notify registered members by email. The "last updated" date at the top of this page will always reflect the most recent version.
Questions? Email us at hello@afterwards.app.