Privacy Policy

Dear Tomorrow Project ("we", "us", "our") provides a private digital vault for families to preserve stories, recipes, voices, photographs, and traditions. This Privacy Policy describes how we collect, use, store, and share information when you use our website at deartomorrowproject.com and our application at app.deartomorrowproject.com (together, the "Service").

We collect only the information needed to operate the Service:

• Account information — name, email address, and password (hashed).
• Vault content — the memories, photographs, audio recordings, recipes, family-tree entries, and other content you choose to upload.
• Family invitations — names and email addresses of people you invite, and their relationship to your vault.
• Billing information — handled by Stripe; we never receive or store full payment card numbers.
• Usage data — basic logs (IP address, browser type, pages visited) used to operate, secure, and improve the Service.

• To provide and operate the Service (storing your vault, delivering invitations, sending prompt emails you've opted into).
• To process subscription payments via Stripe.
• To send transactional emails (account confirmations, security notices, billing receipts).
• To improve, secure, and troubleshoot the Service.
• To comply with legal obligations.

We do not sell your data. We do not show advertising. We do not use your vault content to train machine-learning models.

Vault content is visible only to the account owner and the family members the owner has explicitly invited. Our staff does not access vault content except in narrow, documented cases: troubleshooting at your request, responding to a valid legal process, or investigating abuse.

We rely on a small set of trusted vendors to run the Service:

• Supabase — database, authentication, and file storage.
• Stripe — subscription billing.
• Resend (or similar) — transactional email delivery.
• Cloudflare — content delivery and security.

We retain your vault content for as long as your account is active. If you cancel, you retain access through the end of your billing period and may export your vault at any time. After account deletion, we remove your content within 30 days, except where law requires longer retention.

You can, at any time:

• Access and download your vault content (export).
• Correct or delete information in your account.
• Delete your account entirely.
• Request a copy of the personal data we hold about you.

To exercise any of these rights, email support@deartomorrowproject.com.

The Service is not directed at children under 13. Family members may add memories that describe children — those memories are owned and controlled by the account owner, never by a child.

Your data may be processed in the United States and other countries where our vendors operate. We use commercially reasonable safeguards consistent with applicable law.

We may update this policy from time to time. If we make material changes, we will notify account holders by email and post the updated policy here with a new "Last updated" date.

Privacy questions or requests: support@deartomorrowproject.com.