This Privacy Policy sets out how we, AYearAgo.Today (operated by Stealth Launch, LLC), collect, store and use information about you when you use or interact with our website, AYearAgo.Today (our website) and where we otherwise obtain or collect information about you. This Privacy Policy is effective from 12 July 2026.
This section summarises how we obtain, store and use information about you. It is intended to provide a very general overview only. It is not complete in and of itself and it must be read in conjunction with the corresponding full sections of this Privacy Policy.
If you have any questions about this Privacy Policy, please contact the data controller.
The data controller in respect of our website is Stealth Launch, LLC, operating AYearAgo.Today, in Puerto Rico.
You can contact us by email at ayearagotoday@outlook.com.
We collect and use information from website visitors in accordance with this section at the section entitled Disclosure and additional uses of your information.
We use a third party server to host our website called Digital Ocean LLC, the privacy policy of which is available here: https://www.digitalocean.com/legal/privacy-policy/
Our website server automatically logs the IP address you use to access our website as well as other information about your visit such as the pages accessed, information requested, the date and time of the request, the source of your access to our website (e.g. the website or URL (link) which referred you to our website), and your browser version and operating system
We collect and store server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks and other cyber-attacks, by detecting unusual or suspicious activity.
Unless we are investigating suspicious or potential criminal activity, we do not make, nor do we allow our hosting provider to make, any attempt to identify you from the information collected via server logs.
Legal basis for processing: compliance with a legal obligation to which we are subject (Article 6(1)(c) of the General Data Protection Regulation).
Legal obligation: we have a legal obligation to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of our processing of information about individuals. Recording access to our website using server log files is such a measure.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interests: we have a legitimate interest in using your information for the purposes of ensuring network and information security.
We use the information collected by our website server logs to analyse how our website users interact with our website and its features. For example, we analyse the number of visits and unique visitors we receive, the time and date of the visit, the location of the visit and the operating system and browser use.
We use the information gathered from the analysis of this information to improve our website. For example, we use the information gathered to change the information, content and structure of our website and individual pages based according to what users are engaging most with and the duration of time spent on particular pages on our website.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest: improving our website for our website users and getting to know our website users' preferences so our website can better meet their needs and desires.
Cookies are data files which are sent from a website to a browser to record information about users for various purposes.
We use cookies on our website, including essential session cookies. For further information, see our Cookie Policy.
You can reject some or all non-essential cookies by changing your browser settings or using available cookie controls, but doing so can impair your ability to use our website or some of its features. For further information about cookies, please visit www.allaboutcookies.org or see our cookies policy.
We collect and use information from individuals who contact us in accordance with this section and the section entitled Disclosure and additional uses of your information.
When you send an email to the email address displayed on our website we collect your email address and any other information you provide in that email (such as your name, telephone number and the information contained in any signature block in your email).
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.
Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: where your message relates to us providing you with goods or services or taking steps at your request prior to providing you with our goods and services (for example, providing you with information about such goods and services), we will process your information in order to do so).
When you contact us using an enquiry form, we collect your personal details and match this to any information we hold about you on record. Typical personal information collected will include your name and contact details. We will also record the time, date and the specific form you completed.
If you do not provide the mandatory information required by our contact form, you will not be able to submit the contact form and we will not receive your enquiry.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.
We will also use this information to tailor any follow up sales and marketing communications with you. For further information, see the section of this privacy policy titled 'Marketing Communications'.
Messages you send to us via our contact form will be stored outside the European Economic Area on our contact form provider's servers in the United States.
For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below entitled Transfers of your information outside the European Economic Area.
When you contact us by phone, we collect your phone number and any information provide to us during your conversation with us.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation)
Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.
Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: where your message relates to us providing you with goods or services or taking steps at your request prior to providing you with our goods and services (for example, providing you with information about such goods and services), we will process your information in order to do so).
If you contact us by post, we will collect any information you provide to us in any postal communications you send us.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation)
Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.
Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: where your message relates to us providing you with goods or services or taking steps at your request prior to providing you with our goods and services (for example, providing you with information about such goods and services), we will process your information in order to do so).
We collect and use information from individuals who interact with particular features of our website in accordance with this section and the section entitled Disclosure and additional uses of your information.
When you register and create an account on our website, we collect information such as your username, email address, and selected timezone. We also record that you accepted our Terms of Service and Privacy Policy and confirmed that you are 13 or older, along with the time and date of registration. If you sign in with Google, we receive identifiers and profile information Google shares with us for authentication.
If you do not provide the mandatory information required by the registration form, you will not be able to register or create an account on our website.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation) and, where applicable, performance of a contract (Article 6(1)(b)).
Legitimate interest: registering and administering accounts so you can use the Service, including Free and Premium features.
Transfer and storage of your information
Information you submit via registration is stored on our hosting provider’s servers (currently DigitalOcean) located in the United States of America.
Some journal entries are marked mature (18+ only). To view them you must be signed in. The first time you unlock mature content on your account, we ask for your birthdate and an explicit confirmation that you are 18 or older. We store your birthdate, the 18+ agreement, and the date and time of that agreement with your account legal/acceptance records.
On later visits to mature entries, we ask you to confirm again that you are 18 or older before showing the entry. Those later confirmations are for that visit only; we do not create a new stored agreement each time. A short-lived session value may be used so you can complete that visit after confirming.
If you do not provide a birthdate and 18+ confirmation when required, you will not be able to view mature content. You do not need to provide a birthdate to use the rest of the Service.
Legal basis for processing: necessary to perform a contract or to take steps at your request (Article 6(1)(b) of the General Data Protection Regulation), and our legitimate interests (Article 6(1)(f)) in restricting adult content to adults and keeping records of age-related confirmations.
Legitimate interests: enforcing mature-content access rules and protecting minors from adult material on the Service.
Transfer and storage of your information
Birthdate and 18+ confirmation records are stored on our hosting provider’s servers (currently DigitalOcean) located in the United States of America.
We collect and use information from individuals who subscribe to AYAT Premium in accordance with this section and the section entitled Disclosure and additional uses of your information.
Mandatory information
When you subscribe to AYAT Premium, we and our payment processor may collect your name, email address, and billing address as needed to process payment and provide the subscription. We also store Stripe customer and subscription identifiers, subscription status, price identifiers, and current period end dates so we can deliver Premium access and manage billing.
If you do not provide the information required at checkout, you will not be able to complete a Premium subscription.
Legal basis for processing: compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation) and necessary to perform a contract (Article 6(1)(b)).
Legal obligation: we have a legal obligation to keep accounting records, including records of transactions.
Premium payments are processed by Stripe, a third-party payment processor. Card details are collected and processed by Stripe; we do not store full card numbers on our servers.
Your payment will be processed by Stripe, who collect, use and process your information, including payment information, in accordance with their privacy policies.
You can access their privacy policy here: https://stripe.com/privacy
Transfer and storage of your information
In providing payment services, Stripe may transfer personal data outside the EEA.
For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below entitled Transfers of your information outside the European Economic Area.
Legal basis for processing: necessary to perform a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: to fulfil your contractual obligation to pay for AYAT Premium and to provide Premium features.
We use third-party providers to operate the Service. Depending on how you use the site, these may include:
We may occasionally send product updates or similar communications related to AYearAgo.Today using the email address on your account. You can opt out at any time by emailing ayearagotoday@outlook.com or using any unsubscribe link we provide.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation), or consent where required.
Legitimate interests: informing users about the Service they already use.
If we use a mailing-list provider for campaigns, that provider’s servers may be outside the EEA (for example in the United States). Transactional email (such as account or backup messages) may be sent through Mailgun.
We do not sell your email address to third parties for their marketing. We will not send you marketing about unrelated third-party products unless you clearly opt in.
This section sets out how we obtain or collect information about you from third parties.
We may receive information about you from providers that you choose to connect (for example Google when you use Google sign-in) or from payment processors (Stripe) when you subscribe to Premium.
Information we obtain this way is typically limited to identifiers, email, and account or billing metadata needed to authenticate you or deliver Premium.
Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation), and our legitimate interests in securing accounts (Article 6(1)(f)).
Where we receive information about you in error
If we receive information about you from a third party in error and/or we do not have a legal basis for processing that information, we will delete your information.
This section sets out the circumstances in which will disclose information about you to third parties and any additional purposes for which we use your information.
We use third parties to provide services necessary to run the Service, including hosting, payment processing, email delivery, and authentication. See Service providers we use above.
Our third party service providers are located both inside and outside of the European Economic Area.
Your information will be shared with these service providers where necessary to provide you with the service you have requested, whether that is accessing our website or purchasing Premium.
Legal basis for processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation) and/or necessary to perform a contract (Article 6(1)(b)).
Legitimate interest relied on: operating and securing the Service efficiently.
Reason why necessary to perform a contract: we may need to share information with our service providers to enable us to perform our obligations under that contract or to take the steps you have requested before we enter into a contract with you.
Indicating possible criminal acts or threats to public security to a competent authority
If we suspect that criminal or potential criminal conduct has been occurred, we will in certain circumstances need to contact an appropriate authority, such as the police. This could be the case, for instance, if we suspect that a fraud or a cyber-crime has been committed or if we receive threats or malicious communications towards us or third parties.
We will generally only need to process your information for this purpose if you were involved or affected by such an incident in some way.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interests: preventing crime or suspected criminal activity (such as fraud).
In connection with the enforcement or potential enforcement our legal rights
We will use your information in connection with the enforcement or potential enforcement of our legal rights, including, for example, sharing information with debt collection agencies if you do not pay amounts owed to us when you are contractually obliged to do so. Our legal rights may be contractual (where we have entered into a contract with you) or non-contractual (such as legal rights that we have under copyright law or tort law).
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest: enforcing our legal rights and taking steps to enforce our legal rights.
In connection with a legal or potential legal dispute or proceedings
We may need to use your information if we are involved in a dispute with you or a third party for example, either to resolve the dispute or as part of any mediation, arbitration or court resolution or similar process.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest(s): resolving disputes and potential disputes.
This section sets out how long we retain your information. We have set out specific retention periods where possible. Where that has not been possible, we have set out the criteria we use to determine the retention period.
Server log information: we retain information on our server logs for 3 months.
Subscription information: when you subscribe to AYAT Premium, we retain that information for seven years following the end of the financial year in which the transaction occurred, in accordance with our legal obligation to keep records for tax purposes.
Correspondence and enquiries: when you make an enquiry or correspond with us for any reason, whether by email or via our contact form or by phone, we will retain your information for as long as it takes to respond to and resolve your enquiry, and for 36 further month(s), after which point we will archive your information.
Newsletter: we retain the information you used to sign up for our newsletter for as long as you remain subscribed (i.e. you do not unsubscribe).
Membership / account: we retain account information for as long as your account remains open, and for a reasonable period afterward if needed for backups, abuse prevention, or legal obligations. You may request account deletion through the Service where available, or by contacting us.
Age / mature-content confirmations: if you provide a birthdate and 18+ confirmation to view mature content, we retain that information with your account for as long as the account remains open (and afterward as described for membership / account information), so we can enforce mature-content access rules.
In any other circumstances, we will retain your information for no longer than necessary, taking into account the following:
We take appropriate technical and organisational measures to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction, including:
Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk.
We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.
Your information may be transferred and stored outside the European Economic Area (EEA) in the circumstances set out earlier in this policy, including hosting and payment processing in the United States.
Where we transfer personal data from the EEA or UK, we rely on appropriate safeguards used by our providers (such as Standard Contractual Clauses) and their published privacy terms. We may also transfer information outside the EEA to comply with legal obligations (for example a court order).
Subject to certain limitations on certain rights, you have the following rights in relation to your information, which you can exercise by writing to the data controller using the details provided at the top of this policy.
In accordance with Article 77 of the General Data Protection Regulation, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the General Data Protection Regulation.
You can find out further information about your rights, as well as information on any limitations which apply to those rights, by reading the underlying legislation contained in Articles 12 to 22 and 34 of the General Data Protection Regulation, which is available here:http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf
Where you request access to your information, we are required by law to use all reasonable measures to verify your identity before doing so.
These measures are designed to protect your information and to reduce the risk of identity fraud, identity theft or general unauthorised access to your information.
Where we possess appropriate information about you on file, we will attempt to verify your identity using that information.
If it is not possible to identity you from such information, or if we have insufficient information about you, we may require original or certified copies of certain documentation in order to be able to verify your identity before we are able to provide you with access to your information.
We will be able to confirm the precise information we require to verify your identity in your specific circumstances if and when you make such a request.
You have the following rights in relation to your information, which you may exercise in the same way as you may exercise by writing to the data controller using the details provided at the top of this policy.
You may also exercise your right to object to us using or processing your information for direct marketing purposes by:
'Sensitive personal information' is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person's sex life or sexual orientation.
We do not knowingly or intentionally collect sensitive personal information from individuals, and you must not submit sensitive personal information to us.
If, however, you inadvertently or intentionally transmit sensitive personal information to us, you will be considered to have explicitly consented to us processing that sensitive personal information under Article 9(2)(a) of the General Data Protection Regulation. We will use and process your sensitive personal information for the purposes of deleting it.
We update and amend our Privacy Policy from time to time.
Minor changes to our Privacy Policy
Where we make minor changes to our Privacy Policy, we will update our Privacy Policy with a new effective date stated at the beginning of it. Our processing of your information will be governed by the practices set out in that new version of the Privacy Policy from its effective date onwards.
Major changes to our Privacy Policy or the purposes for which we process your information
Where we make major changes to our Privacy Policy or intend to use your information for a new purpose or a different purpose than the purposes for which we originally collected it, we will notify you by email (where possible) or by posting a notice on our website.
We will provide you with the information about the change in question and the purpose and any other relevant information before we use your information for that new purpose.
Wherever required, we will obtain your prior consent before using your information for a purpose that is different from the purposes for which we originally collected it.
Because we care about the safety and privacy of children online, we comply with the Children's Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying regulations protect the privacy of children using the internet. We do not knowingly contact or collect information from persons under the age of 13. The website is not intended to solicit information of any kind from persons under the age of 13. At registration, users must confirm they are 13 or older.
Mature (18+) journal entries are restricted. You must be signed in and confirm that you are 18 or older (including providing a birthdate the first time) to view them. We do not knowingly allow persons under 18 to view mature content. Age confirmations are based on information you submit; we do not independently verify identity beyond that process.
It is possible that we could receive information pertaining to persons under the age of 13 by the fraud or deception of a third party. If we are notified of this, as soon as we verify the information, we will, where required by law to do so, immediately obtain the appropriate parental consent to use that information or, if we are unable to obtain such parental consent, we will delete the information from our servers. If you would like to notify us of our receipt of information about persons under the age of 13, please do so by contacting us by using the details at the top of this policy.