Afterroll
Privacy Policy
1. Controller
Matthias Schönborn
Wilhelmstraße 28
44137 Dortmund
Germany
Email: dev@afterroll.app
2. Overview
Afterroll is a private photo network for close friends. This Privacy Policy explains how personal data is processed in the web app, mobile app, and related backend services.
3. Data we process
Depending on how you use Afterroll, we may process account data such as email address, display name, profile image, authentication and session data, friendships, Collections, photos, reactions, comments, reports, feedback, support requests, upload metadata, push tokens, device and app information, timestamps, and language settings.
4. Purposes and legal bases
We process data to provide Afterroll, including login, private friend and Collection features, photo uploads, reveal timing, moderation, support, security, and abuse prevention. Legal bases include contract performance, legitimate interests, and consent where required.
5. Photos and private content
Photos and related metadata are processed to provide daily Rolls, Collections, reveal logic, and private sharing. Content is shown only according to product logic and your relationships in the app. Please do not upload content unless you have the necessary rights and permissions.
6. Hosting, backend, and storage
The web app may be hosted on Vercel. Product data is processed through Convex. Photo uploads and media delivery may use Cloudflare R2 or related Cloudflare services. Technically necessary access data such as IP address, timestamp, user agent, and requested resources may be processed.
7. Authentication and payments
We use Better Auth and supported identity providers such as Apple or Google for login. RevenueCat may be used for in-app purchases and purchase or subscription status. The data required for login, session management, purchase verification, and enabling purchased features is processed for those purposes.
8. Support, feedback, and moderation
When you send feedback, request support, or report content, we store the information you provide and process it in the admin dashboard. This helps us answer your request, improve the product, and protect other users.
9. Cookies and local storage
Cookies or comparable storage technologies may be used for login, session management, language settings, and technical features. Technically necessary storage is based on contract performance or legitimate interests.
10. Recipients and international transfers
We use technical service providers including Convex, Cloudflare, Vercel, Better Auth, Apple, Google, and RevenueCat. Where data is transferred to third countries, especially the United States, this is based on appropriate safeguards such as standard contractual clauses or adequacy decisions.
11. Retention
Personal data is deleted when it is no longer required for the stated purposes, when you request deletion, or when legal obligations no longer require retention. Security, support, and moderation data may be retained for a limited time to investigate abuse and handle requests.
12. Your rights
You may have rights to access, correction, deletion, restriction of processing, data portability, objection, and withdrawal of consent. You also have the right to lodge a complaint with a data protection supervisory authority.
13. Minors
Afterroll is not intentionally directed at children under 16. If you believe a child has provided us with personal data without required permission, please contact us.
14. Supervisory authority
The competent supervisory authority is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Postfach 20 04 44, 40102 Düsseldorf, www.ldi.nrw.de.
15. Changes
This Privacy Policy may be updated. The current version is always available on this page.
Last updated: May 2026