Back

Privacy Notice

Last updated: April 24, 2026

This Privacy Notice describes how After Rehab ("we", "us", "our") collects, uses, and shares your personal data when you use the After Rehab app and related services (the "Service"). We take your privacy especially seriously because of the sensitive nature of recovery data.

1. Who we are

After Rehab acts as the data controller for the personal data we process about you in connection with the Service. You can contact support.

2. What we collect

  • Account data — your email address, password (hashed), and (if you sign in with Google or Apple) the basic profile information returned by that provider.
  • Recovery data — information you choose to enter, such as your sober start date, addiction type, daily check-ins, mood, triggers, and reflections.
  • Community content — posts, comments, and reactions you share in the community, along with a pseudonymous handle.
  • Support messages — emails or messages you send to our support team.
  • Usage and device data — basic technical information such as IP address, browser type, device identifiers, and product telemetry needed to operate and improve the Service.

We do not collect or store your payment card details. Card details are handled directly by Paddle, our Merchant of Record.

3. Why we use your data and our legal basis

  • To provide the Service (account creation, sober tracking, community, premium features) — performance of our contract with you.
  • To process subscriptions — performance of our contract with you, via Paddle (see Section 5).
  • To send transactional emails (verification, password reset, subscription updates, important notices) — performance of our contract with you.
  • To moderate community content and keep the community safe — legitimate interest in providing a safe service for vulnerable users.
  • To improve the Service through aggregated analytics — legitimate interest, with the ability to opt out in your settings.
  • To meet legal obligations — where required by law.

4. Automated content moderation

We use automated systems to scan community posts and comments for content that may violate our Community Guidelines (for example, content encouraging substance use). Posts flagged by the system, or reported by other members, may be hidden automatically. You can contact us if you believe a moderation decision was incorrect.

5. Sharing your data

We share your personal data only with the following categories of recipients:

  • Service providers (subprocessors) — including our hosting, database, and email delivery providers, who process data on our behalf under contractual obligations.
  • Paddle — our Merchant of Record, which handles checkout, subscription management, payments, tax compliance, invoicing, and refunds. Paddle's privacy practices are described in their Privacy Policy.
  • Professional advisers (legal, accounting) — where reasonably necessary and under confidentiality obligations.
  • Authorities — where required by law, court order, or to protect the safety of users.

We do not sell your personal data, and we do not use your recovery data for advertising.

6. International transfers

Some of our service providers operate outside your country of residence. Where we transfer personal data outside the UK or the European Economic Area, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

7. Data retention

We keep your personal data for as long as your account is active and as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within a reasonable period, except where we are required to keep certain records for legal, accounting, or fraud-prevention purposes.

8. Your rights

Depending on your country, you may have the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate or incomplete data;
  • Request deletion of your data ("right to be forgotten");
  • Restrict or object to certain processing;
  • Receive a portable copy of your data;
  • Withdraw consent where processing is based on consent;
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact support. We aim to respond within one month.

9. Security

We use appropriate technical and organisational measures to protect your personal data, including encryption in transit, access controls, and security monitoring. No system can be guaranteed 100% secure, but we work continuously to reduce risk.

10. Cookies and similar technologies

We use a small number of essential cookies and local storage entries that are necessary for the Service to work (such as keeping you signed in and remembering your preferences). We do not use third-party advertising cookies.

11. Children

The Service is not intended for children under 16. If you believe a child has provided us with personal data, please contact us and we will take appropriate action.

12. Changes to this notice

We may update this Privacy Notice from time to time. If we make material changes, we will notify you in-app or by email. The "Last updated" date at the top reflects the latest revision.

13. Contact

Questions, concerns, or rights requests? Contact support.

TermsRefundsPrivacySupport