Privacy Policy

Effective Date: 15 February 2026

Last Updated: 15 February 2026

1. Who We Are

Dear Tomorrow is operated by Billy's App Studio.

If you have any questions or concerns about this Privacy Policy or your personal data, you can contact us at:

2. What This Policy Covers

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Dear Tomorrow application ("the App"), available at deartomorrow.me. Dear Tomorrow is a letter-writing application that allows users to write letters to themselves or loved ones, scheduled for delivery at a future date.

This policy applies to all users of the App, including visitors, registered users, and letter recipients.

3. Age Requirements & Parental Consent

Dear Tomorrow is designed for users aged 13 and older. We do not knowingly collect personal information from children under the age of 13.

Users aged 13–17 are required to confirm they have parental or guardian consent before creating an account.
If we discover that we have collected personal information from a child under 13 without verified parental consent, we will delete that information promptly.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at billysappstudio@gmail.com so we can take appropriate action.

4. Information We Collect

4.1 Information You Provide Directly

Account Information: First name, last name, email address, date of birth, and password when you create an account.
Parental Consent Confirmation: Whether parental or guardian consent has been given (for users under 18).
Letter Content: The text content of letters you write, recipient email addresses, your chosen letter style, and your selected delivery date.
Contact Messages: Your name, email address, and message content when you use our contact form.
Payment Information: Payment details are collected and processed by Stripe. We do not store your full card details. We receive a payment intent ID and the amount paid.

4.2 Information Collected Automatically

Authentication Data: Session and authentication tokens managed by Clerk, our authentication provider.
Analytics Data: We use PostHog to collect anonymised usage data such as pages visited, feature interactions, and general usage patterns. This helps us improve the App.

5. How We Use Your Information

We use your personal information for the following purposes:

Purpose	Legal Basis (GDPR)
To create and manage your account	Performance of a contract
To store, schedule, and deliver your letters	Performance of a contract
To process payments for letters	Performance of a contract
To send transactional emails (letter delivery notifications, verification codes)	Performance of a contract
To respond to your contact form enquiries	Legitimate interest
To improve the App through analytics	Legitimate interest
To comply with legal obligations	Legal obligation
To prevent fraud and abuse	Legitimate interest

We will never use your information for marketing purposes without your explicit consent.

6. How We Store & Protect Your Information

Database: Your data is stored in Supabase, hosted in the EU (Frankfurt, eu-central-1). This means your data is stored within the European Economic Area.
Letter Content: Letter content is stored as plain text in our database. While we implement access controls and security measures at the application and database level, letter content is not encrypted at rest beyond the default encryption provided by our hosting infrastructure.
Payments: All payment processing is handled securely by Stripe. We never have access to your full card details.
Authentication: Passwords and authentication are managed by Clerk. We do not store your password directly.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission or storage is 100% secure.

7. Data Retention

Data Type	Retention Period
Letters (content, metadata, recipient information)	Retained indefinitely, unless you request deletion
User accounts	Deleted within 1 month of a deletion request
Contact messages	Retained indefinitely
Payment records	Retained as required by law and Stripe's policies

8. Data Sharing

We do not sell, rent, or trade your personal information to any third parties.

We share data only with the following service providers, solely for the purpose of operating the App:

Provider	Purpose	Data Shared	Privacy Policy
Clerk	Authentication & account management	Email, name, password (hashed)	clerk.com/privacy
Supabase	Database & data storage	All user and letter data	supabase.com/privacy
Stripe	Payment processing	Payment details, transaction metadata	stripe.com/privacy
Resend	Transactional email delivery	Recipient email addresses, sender name	resend.com/legal/privacy-policy
PostHog	Product analytics	Anonymised usage data	posthog.com/privacy

We may also disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to comply with legal proceedings, a court order, or a legal obligation.

9. International Data Transfers

Our primary database is hosted in the EU (Frankfurt). However, some of our service providers (Clerk, Stripe, Resend, PostHog) may process data in the United States or other countries outside the EEA.

Where data is transferred outside the EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or the service provider's participation in recognised data protection frameworks.

10. Your Rights

For All Users

You have the right to:

Access the personal data we hold about you.
Correct any inaccurate or incomplete personal data.
Delete your account and associated personal data.
Request a copy of your data in a portable format.

Additional Rights Under GDPR (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, you also have the right to:

Restrict processing of your personal data in certain circumstances.
Object to processing based on legitimate interests.
Withdraw consent at any time where processing is based on consent.
Lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

Additional Rights Under COPPA (US Users Under 13)

Parents or guardians of children under 13 have the right to:

Review the personal information collected from their child.
Request deletion of their child's personal information.
Refuse further collection of their child's information.

How to Exercise Your Rights

To exercise any of your rights, please contact us at billysappstudio@gmail.com. We will respond to your request within 30 days.

For account deletion requests, your account and personal data will be deleted within 1 month of your request. Please note that letters you have already sent may remain accessible to their recipients.

11. Cookies

Dear Tomorrow uses only essential cookies required for authentication and the functioning of the App (managed by Clerk). We do not use marketing, advertising, or non-essential tracking cookies.

12. Third-Party Links

Our App may contain links to third-party websites (such as blog posts or external resources). We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any third-party sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:

Update the "Last Updated" date at the top of this policy.
Notify users via email or a prominent notice within the App where appropriate.

We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Billy's App Studio 📧 Email: billysappstudio@gmail.com

This Privacy Policy was last updated on 15 February 2026.