Privacy Policy

We collect information you provide directly, data generated automatically when you use the platform, and data from your interactions with other users. The categories below describe what we collect and why.

1.1 Account Information

When you register for an after18.org account, we collect:

• Full name — used to identify your account and personalize your experience
• Email address — used for authentication, account recovery, and notifications
• Username — your public profile identifier (e.g., after18.org/@username)
• Password — stored in hashed, non-reversible format; never stored in plain text
• Optional profile details — bio, profile photo, cover photo, and website link; visible on your public profile

1.2 Content You Post

When you create posts, we store the content you submit, including:

• Post title and description text
• Selected category
• Uploaded images (stored on Cloudflare R2 object storage)
• Timestamp of creation

Posts that pass review become publicly visible on the platform. You may delete your own posts at any time from My Posts in your account settings.

1.3 Interactions Data

We record your interactions with the platform, including:

• Posts you have liked or bookmarked
• Accounts you follow and accounts that follow you
• Private messages you send and receive
• Notifications sent to your account

1.4 Usage & Interaction Data

When you use the platform, we automatically collect data about your interactions, including:

• Pages visited and features accessed
• Search queries and category filter selections
• Browser type and version, operating system, and language settings
• IP address and approximate geographic location (city or region level)
• Session duration and frequency of visits
• Referring URL (the page you came from before visiting after18.org)

1.5 Support Communications

If you contact our support team by email or through the Help form, we retain the content of those communications — including your name, email address, and inquiry details — for quality assurance and compliance purposes.

1.6 Cookies & Automatically Collected Data

We use cookies and session tokens to maintain your authenticated session and to understand how users interact with the platform. See Section 5 for full details.

2.1 Service Delivery

We use the information we collect primarily to provide and operate the Services. This includes hosting and displaying your posts, managing your account, delivering notifications, and enabling interactions between users.

2.2 Account Management

We use your account information to authenticate you, manage your profile, provide account recovery, and respond to your support inquiries.

2.3 Notifications

We use your interaction data and notification preferences to send you alerts when someone likes your post, follows you, or sends you a message. You can configure notification preferences from your account settings.

2.4 Safety & Security

We analyze usage patterns and behavioral signals to detect and prevent unauthorized access, account takeover, fraudulent activity, spam, and platform abuse. This processing is necessary for the legitimate interest of protecting the platform and its users.

2.5 Content Moderation

We use information about your posts and account history to review content for compliance with our Terms of Service and to investigate reports submitted by other users.

2.6 Platform Improvement

We use aggregated and anonymized usage data to understand how the platform is used, identify performance issues, and guide the development of new features.

2.7 Legal & Regulatory Compliance

We process and retain certain data as required by applicable Indian law, including the Information Technology Act, 2000, the IT (SPDI) Rules, 2011, and the Digital Personal Data Protection Act, 2023.

2.8 Marketing Communications

With your explicit consent, we may send you product announcements and feature updates by email. You may withdraw consent at any time by clicking "unsubscribe" in any email or updating your account preferences.

3.1 Public Posts

All approved posts on after18.org are publicly visible. This means anyone — including visitors who are not registered users — can read your posts, view your profile, and see your post history. Do not post information you are not comfortable sharing publicly.

3.2 Your Public Profile

Your public profile at after18.org/@username displays your name, username, profile photo, bio, and active posts. This information is visible to all visitors.

3.3 Private Messages

Private messages between users are not publicly visible. They are accessible only to the sender and recipient. after18.org does not read private messages except when required for safety investigations or legal compliance.

3.4 Deleting Content

When you delete a post, it is removed from public view immediately. Copies may persist in encrypted backup systems for up to 30 days before being purged. Likes, bookmarks, and interactions associated with a deleted post are also removed.

We retain different categories of personal data for different periods based on purpose and legal obligations. The table below summarizes our standard retention schedule:

Following the retention period, data is deleted from production systems or irreversibly anonymized. Some data may persist in encrypted backup systems for up to 30 additional days after deletion from production, after which it is purged from backups as well.

You may request early deletion of your personal data by contacting hello@after18.org.

5.1 Essential Cookies & Session Tokens

We use cookies and secure session tokens to maintain your authenticated state across browser sessions. These are strictly necessary for the platform to function and cannot be disabled without impairing your ability to log in or use core features.

5.2 Preference Cookies

We use cookies to remember your user preferences, such as selected display mode (light or dark theme) and notification settings.

5.3 Analytics

We may use server-side or privacy-preserving analytics tools to measure aggregate traffic patterns, feature adoption, and platform performance. We minimize data collection and do not build individual user profiles for advertising purposes.

5.4 No Third-Party Advertising Trackers

after18.org does not use third-party advertising networks, cross-site tracking pixels, or interest-based advertising technologies. We do not sell your personal data, behavioral data, or browsing history to advertisers or data brokers.

5.5 Cookie Management

You can control and manage cookie behavior through your browser settings. Disabling essential cookies will prevent you from logging in and using core platform features.

To deliver and operate the Services, after18.org engages trusted third-party service providers. Each provider processes data only as necessary to fulfill their contracted function.

after18.org does not share your data with payment processors, as the platform is entirely free and conducts no financial transactions.

7.1 We Do Not Sell Your Data

after18.org does not sell, rent, lease, or trade your personal information — including your posts, account details, or interaction data — to any third parties for their own marketing, advertising, or commercial purposes. This is a core principle we do not compromise on.

7.2 Service Providers

We share data with trusted service providers as described in Section 6, strictly to the extent necessary for them to perform services on our behalf. These providers are contractually prohibited from using your data for any purpose beyond the specific service they provide to after18.org.

7.3 Legal Requirements

after18.org may disclose personal data when required to do so by applicable law, court order, subpoena, or valid governmental authority request. We will notify you of such requests to the extent permitted by law. We review all legal requests carefully and comply only to the extent legally required.

7.4 Safety & Child Protection

We may disclose personal data — including to law enforcement — when we believe in good faith that disclosure is necessary to protect the safety of any person, prevent imminent harm, or comply with mandatory reporting obligations (such as reporting child sexual abuse material to relevant authorities).

7.5 Business Transfers

In the event of a merger, acquisition, or asset sale involving after18.org, personal data may be transferred as part of that transaction. We will notify affected users via email or a prominent in-app notice at least 30 days before any such transfer.

7.6 Aggregated & Anonymized Data

We may use aggregated, de-identified, or anonymized data (which cannot reasonably be used to identify you) for analytics, benchmarking, or research purposes.

8.1 Technical Security Measures

We implement a layered set of security controls to protect your personal data:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS)
• Encryption at rest: Sensitive data fields are encrypted in the database using industry-standard algorithms
• Password security: Passwords are hashed using a strong, salted algorithm and are never stored in plain text
• Access controls: Internal access to production systems and user data is restricted to authorized personnel on a need-to-know basis
• API rate limiting: Authentication and public API endpoints are rate-limited to prevent brute-force attacks
• Security monitoring: We monitor for anomalous access patterns and potential intrusions on an ongoing basis

8.2 Data Breach Notification

In the event of a security breach that affects your personal data and creates a likely risk to your rights, we will notify you and relevant supervisory authorities within the timeframes required by applicable law.

8.3 No Absolute Security Guarantee

Despite our best efforts, no data transmission over the internet or electronic storage system is perfectly secure. We encourage you to use a strong, unique password and promptly report any suspicious activity on your account to hello@after18.org.

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal data. We are committed to honoring these rights in a timely and transparent manner.

9.1 Right of Access

You may request a copy of the personal data we hold about you, including your account information and post history. We will provide this data within 30 days of a verified request.

9.2 Right to Correction

You may update or correct inaccurate personal data directly through your account settings at any time. For data you cannot edit yourself, contact us and we will make the correction promptly.

9.3 Right to Deletion

You may request the deletion of your account and all associated personal data at any time through Settings → Account → Delete Account. We will process this request within 30 days.

9.4 Right to Data Portability

You may request an export of your personal data in a structured, machine-readable format. Contact us at hello@after18.org to make this request.

9.5 Right to Withdraw Consent

Where data processing is based on your consent (such as marketing communications), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before the withdrawal.

9.6 How to Exercise Your Rights

To exercise any of the rights described above, send a request to hello@after18.org. We will acknowledge your request within 72 hours and respond substantively within 30 days. We may require you to verify your identity before processing your request.

after18.org is an adults-only platform. We do not knowingly collect personal information from anyone under the age of 18. Our Terms of Service explicitly prohibit users under 18 from registering or using the platform.

If we become aware that we have inadvertently collected personal information from a person under the age of 18, we will take immediate steps to delete that account and all associated data.

If you believe a minor has created an account on after18.org, please contact us immediately at hello@after18.org so we can take prompt action.

11.1 India — DPDPA & IT Rules

Our data practices are designed to comply with India's applicable data protection framework, including the Information Technology Act, 2000, the IT (SPDI) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDPA"). We act as a Data Fiduciary with respect to data collected from users in India.

11.2 European Users — GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation ("GDPR"). Our legal bases for processing personal data include:

• Contract performance: Processing necessary to provide the Services you have registered for
• Legitimate interests: Security monitoring, fraud prevention, and platform improvement
• Legal obligation: Compliance with applicable laws and regulatory requirements
• Consent: Marketing communications and optional analytics

EEA users may lodge a complaint with their local supervisory authority if they believe their rights under the GDPR have been violated.

11.3 California Users — CCPA

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to deletion, and the right to opt out of the sale of personal information (which after18.org does not engage in). To exercise your California rights, contact us at hello@after18.org.

We may update this Privacy Policy periodically to reflect changes in our data practices, legal requirements, or platform features. When we do, we will revise the "Last Updated" date at the top of this page.

For material changes — such as new categories of data collection or new sharing arrangements — we will provide at least 14 days' advance notice via email or a prominent in-app notification.

Your continued use of the Services after the effective date of any revised Privacy Policy constitutes your acknowledgment and acceptance of the updated practices.

This Privacy Policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023. Any disputes arising from or relating to this Policy shall be subject to the exclusive jurisdiction of the competent courts in New Delhi, India.

Users in the EEA retain the right to bring data protection complaints before their local supervisory authority in addition to pursuing action in Indian courts.

If you have any questions, concerns, or requests relating to this Privacy Policy or our data handling practices, please contact us:

We take all privacy concerns seriously and are committed to resolving any inquiry in a timely, fair, and transparent manner.