Privacy Policy

The short version

Your answers, your loved ones’ details, and any files you upload are private to you. We use industry-standard authentication and per-user database isolation so only you (and people you explicitly invite as trusted contacts) can read your data. We make money from subscriptions, not advertising, and we never sell your data to anyone.

Who we are

Ante Tu is a planning tool for organizing the information families need before a health crisis. This policy describes how we collect, use, store, and protect information about the people who use our service. If you have questions, contact us at the email address at the bottom of this page.

What we collect

When you use Ante Tu, we collect:

• Account information: your email address (used as your sign-in identifier and for sending account-related email).
• Plan content: the names and relationships of the loved ones you add, the answers you record to our guided questions, and any files (PDFs, images) you choose to attach.
• Subscription information: if you purchase a paid plan, our payment processor (Stripe) holds your card details. We never see or store the card number itself. We do receive and store your subscription status and renewal date.
• Trusted contact relationships: when you invite someone to view your plan, we store their email, the invitation status, and (after acceptance) the link between their account and yours.
• Basic technical data: server logs that include IP addresses and timestamps for security and debugging. We do not currently use third-party analytics on the site.

How we use it

We use your information to:

• Provide the service: store your answers, surface them to you when you sign in, deliver shared access to people you’ve invited as trusted contacts.
• Send you account-related email (sign-in links, invitation acceptance, billing receipts). We do not send marketing email.
• Process your subscription via Stripe.
• Investigate bugs, abuse, or security incidents.
• Comply with legal obligations.

We do not use your plan content to train any AI model, to target advertising, or for any purpose unrelated to providing the service.

How we keep it private

Ante Tu enforces access at the database level. Every row in every table is tagged with the user who owns it, and our database refuses to return rows that do not belong to the requesting user (or to a trusted contact they’ve invited). This is the same model used by every modern multi-tenant application, and it means a bug in our front-end code cannot accidentally expose another user’s data.

Files you upload are stored in a private bucket and accessed only via short-lived signed URLs (valid for 5 minutes) issued after a permission check. They are never publicly addressable.

Your sign-in session is stored in an httpOnly cookie that JavaScript cannot read, mitigating most session-theft attacks. All traffic is served over HTTPS.

Who we share it with

We share data only with the service providers we need to operate the product:

• Supabase — our database, authentication, and file storage provider. Your data lives in a project we control, in their infrastructure.
• Stripe — our payment processor. They store payment methods and process charges.
• Vercel — our hosting provider for the website itself.
• Email delivery — we use a third-party email provider to send sign-in links, invitations, and receipts. We are in the process of moving to a dedicated provider on a custom domain.

Each provider is bound by their own data processing agreements. We do not sell your data to anyone, and we do not share it with advertisers.

We may disclose information if required by law (subpoena, court order) or to protect the rights or safety of Ante Tu, our users, or the public.

Trusted contacts

If you invite someone as a trusted contact, they will be able to read all of your plan content, including loved-one details, answers, and uploaded files. They cannot edit anything. You can revoke their access at any time from your account page; revocation takes effect immediately on their next request.

If you accept an invitation to be someone’s trusted contact, they will be able to see that you accepted, and they can revoke your access. We do not log every time you view their plan, but the system knows you have access until they revoke it.

Your rights and choices

You can, at any time:

• Access your data by signing in and viewing or downloading it.
• Delete a loved one, an answer, or a file from within the app.
• Revoke any trusted contact you’ve invited.
• Cancel your subscription via the billing portal on your account page. Your data remains accessible to you after cancellation.
• Request that we delete your account and all associated data by contacting us at the email below.

If you live in a jurisdiction with specific data-protection rights (e.g. the EU under GDPR, California under CCPA), those rights apply regardless of what this policy says. Contact us if you want to exercise any of them.

Cookies

We use a small number of strictly necessary cookies to keep you signed in. We do not use tracking cookies, analytics cookies, or advertising cookies.

Children

Ante Tu is not intended for children under 18. We do not knowingly collect information from children. If you believe a child has used the service, contact us and we will delete the account.

Data retention

We retain your data for as long as you have an active account. If you delete your account, we remove your plan content, files, and associated rows within 30 days. Some records (subscription history, payment receipts) may be retained longer to meet tax and accounting requirements.

Changes to this policy

If we make material changes, we’ll update the “last updated” date at the top of this page and, when appropriate, send a notice to your account email.

Contact

For any privacy-related questions or requests, contact us at privacy@antetu.com (will be active once the custom domain lands; until then, reach out via the team page).