®Guiding you through life's hardest admin
Privacy Policy
Last updated: May 2026
Who we are
AfterLoss is a service that helps you manage the practical tasks that follow a bereavement. AfterLoss is operated by Steve Scott (trading as AfterLoss), who is the data controller for the personal information you provide when using our service.
For privacy enquiries, contact us at support@afterloss.uk
What data we collect
We collect the following categories of personal data:
| Category | Examples |
|---|---|
| Account data | Email address, password, name |
| Case data | Deceased person's name, date of death, jurisdiction |
| Task data | Completed steps, notes, progress |
| Documents | Files you upload (certificates, wills, correspondence) |
| Contacts | Names, relationships, and contact details of professionals and family |
| Communications | Records of your interactions with organisations |
| Whereabouts | Locations of important items and documents |
| Digital accounts | Online account information for the deceased |
| Usage data | How you interact with the service |
Why we collect it
We process your data under two legal bases:
- Contract: Processing necessary to provide the service you signed up for. This covers account data, case data, tasks, documents, contacts, communications, whereabouts, and digital accounts.
- Legitimate interests: Processing to improve and secure the service. This covers usage data and analytics.
Special category data: Some information you choose to enter may reveal sensitive details such as religious beliefs (for example, funeral arrangements) or health conditions. We process this only to provide the features you are using. Our legal basis is your explicit consent, which you give by choosing to enter this information. You are not required to provide it, and you can withdraw consent at any time by removing the information or closing your account.
How we use your data
- To provide and maintain the AfterLoss service
- To track your progress through bereavement administration tasks
- To store and organise your documents and records
- To enable collaboration with family members or professionals you invite
- To generate summaries and exports of your case information
- To improve the service based on how it is used
- To ensure the security and integrity of your data
Who we share data with
We do not sell your personal data. We share it only with the service providers (sub-processors) we use to run AfterLoss:
| Recipient | Purpose | Data shared | Safeguards |
|---|---|---|---|
| Supabase Inc. (US) | Database hosting, authentication, and file storage | All case and account data you store | Standard Contractual Clauses, SOC 2 certified |
| Resend (US) | Sending service and notification emails | Your name and email address | Standard Contractual Clauses |
| Google (Places & Geocoding APIs) | Finding local services near a location you search | The postcode or location you enter | Standard Contractual Clauses |
| OpenRouter, Inc. (US) and the AI model provider it routes to | Powering the optional "Ask AfterLoss" assistant, when you use it | The questions you ask and relevant case context (such as jurisdiction, role, and progress) | Standard Contractual Clauses |
International transfers: Some of these providers store or process data in the United States. Where data leaves the UK, we rely on Standard Contractual Clauses (SCCs) as the lawful transfer mechanism under UK GDPR.
If we add or change a service provider, we will update this policy and, where the change is significant, notify you.
The AI assistant
AfterLoss includes an optional assistant, "Ask AfterLoss", that can answer questions about bereavement administration. It is only used when you choose to open it and send a message.
- When you use it, your question and relevant context about your case (such as jurisdiction, your role, and your progress) are sent to our AI provider to generate a reply.
- We do not use your conversations to train AI models, and our providers process this data only to return a response to you.
- The assistant provides general guidance only. It is not legal, tax, or financial advice.
Cookies and analytics
We keep our use of cookies and tracking to a minimum:
- Essential cookies: Required to sign you in and keep your session secure. The service cannot work without these.
- Privacy-friendly analytics: We record basic, aggregated usage (such as which pages are visited) in our own database to understand how the service is used and improve it. We do not use third-party advertising cookies or cross-site tracking.
Marketing and communications
Service messages: We send emails that are necessary to provide the service, such as account confirmations, invitations, security alerts, and important updates about the service. These are not marketing, and you cannot opt out of them while you have an account.
Free checklist and tools: If you ask us to email our free bereavement checklist (from the homepage, the probate checker, or the inheritance tax checker), we collect the email address you provide and use it to send you the checklist you requested. Where you tick the optional box to also receive occasional AfterLoss tips, we treat that as your consent to send marketing emails. You can unsubscribe at any time using the link in any such email.
Marketing and product updates: We will only send you optional emails about new features, tips, or offers where you have given your consent, or where we are otherwise permitted to do so by law. You can withdraw your consent or opt out at any time using the unsubscribe link in any such email, by visiting your email preferences, or by emailing support@afterloss.uk. Opting out of marketing does not affect the service messages described above.
How long we keep your data
| Situation | Retention period |
|---|---|
| Active account | For the life of your account |
| After account closure | 2 years, then permanently deleted |
After the 2-year grace period following account closure, all your personal data is permanently deleted. You can request earlier deletion at any time.
Your rights
Under UK GDPR, you have the right to:
- Access – Request a copy of your personal data
- Rectification – Correct inaccurate or incomplete data
- Erasure – Request deletion of your data
- Restriction – Limit how we process your data
- Portability – Receive your data in a portable format
- Object – Object to processing based on legitimate interests
- Withdraw consent – Where consent is the legal basis
To exercise any of these rights, email support@afterloss.uk. We will respond within one month.
If you are unhappy with how we handle your data, you can complain to the Information Commissioner's Office (ICO).
Security
We protect your data with:
- Encryption in transit (TLS) and at rest
- Row-level security ensuring you only see your own data
- Secure authentication with password and magic link options
- Access controls limiting who can access production systems
Children
AfterLoss is not intended for users under 18. We do not knowingly collect personal data from children.
Changes to this policy
We may update this policy from time to time. We will notify you of significant changes by email or through the service.
Contact
For any questions about this privacy policy or your personal data, contact us at support@afterloss.uk