Privacy Notice

The Space After is operated by Lucie DeLaney (“we”, “us”, “our”), acting as the data controller for the personal data described in this notice. You can reach us at hello@deluga.co.

• Account data: email address, password (stored hashed), display name if you provide one.
• Purchase data: product purchased, transaction ID, amount, currency, and the email used at checkout. Payment card details are handled by Paddle (our payment provider and Merchant of Record) and never reach us.
• Content you create: journal entries, prompt answers, and reflections. These are stored privately under your account.
• Technical data: IP address, device and browser information, basic usage logs (so we can keep the service secure and working).

We do not sell your personal data.

• To create your account and provide the Service (legal basis: contract).
• To process and protect your purchase (legal basis: contract, legal obligation).
• To respond to support requests (legal basis: contract, legitimate interests).
• To keep the Service secure and prevent abuse (legal basis: legitimate interests).
• To send essential service emails (e.g. password reset). We do not send marketing emails without your consent.

We share personal data only with the parties needed to run the Service:

• Paddle (our payment provider and Merchant of Record) — for payments, invoicing, tax compliance, and refund handling. Their support portal is paddle.net.
• Hosting & infrastructure providers (e.g. Lovable Cloud / Supabase) — to host the application and database.
• Authorities — only where we are legally required to do so.

We do not sell your personal data. Ever.

Anything you write inside the app is treated as private. We do not read it, mine it for training data, or share it. Access is technically restricted to you via row-level security in our database.

Your data may be processed in countries outside your own (including the United States and the European Union), depending on the location of our service providers. Where data leaves the UK or the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

We keep your account and content for as long as your account is active. You can delete your account at any time from Account → Danger zone. Deletion is finalized after a 14-day grace period (which you can cancel at any time by signing back in). After finalization, we erase your account and associated data, except where we must keep records for legal, tax, or fraud-prevention purposes (e.g. anonymized purchase records).

Depending on where you live, you may have the right to:

• access the personal data we hold about you;
• correct it if it's wrong;
• delete it (“right to be forgotten”);
• restrict or object to certain processing;
• receive your data in a portable format;
• withdraw consent where processing is based on consent;
• complain to your local data protection authority.

To exercise any of these rights, email hello@deluga.co. We aim to respond within 30 days.

We use appropriate technical and organisational measures to protect your data, including encryption in transit, hashed passwords, and database-level access controls. No method of transmission over the internet is 100% secure, but we work to keep your data safe.

We use a small number of essential cookies and similar technologies to keep you signed in and to remember your preferences (such as your language and theme). We do not use third-party advertising cookies.

We may update this notice. The “Last updated” date at the top reflects the latest version. For material changes, we will let you know in the app or by email.