ForeverFrom – Privacy Policy

Effective Date: January 27th, 2026

At ForeverFrom, we believe that a life worth living is a life worth remembering. Our mission is not only to preserve conversations, memories, and legacies but also to protect the dignity, authenticity, and trust that comes with sharing your life story. We understand that when you entrust us with your values, story, and personal data, you are giving us profound responsibility.

This Privacy Policy explains how we collect, use, share, and safeguard your information when you use our services, software, websites, applications, and platforms (collectively, the "Services"). It works in tandem with our Terms of Use, which outline the rules for accessing and using our Services.

By using ForeverFrom, you agree to this Privacy Policy. If you do not agree, you should not use our Services.

1. Information We Collect

We collect different types of information to provide and improve the Services:

(a) Information You Provide

(b) Conversations, Memories and Stories: Voice recordings, text entries, photos, videos, reflections, and other personal content.

(c) Identity Data:

Name.

Email.

Phone number.

Birthdate.

Verification details.

(d) Payment Data:

Payment card details.

Billing address.

Subscription information (processed by third-party payment processors).

(e) Information We Collect Automatically:

Device and usage data (IP address, browser type, operating system, mobile identifiers).

Interaction data (pages visited, features used, session activity).

Log and diagnostic data for performance and security.

(f) Information from Third Parties:

Social media integrations (when you choose to connect).

Legacy managers or family stewards (if designated).

Advertising and analytics partners (as outlined below).

AI processing service providers: ZEP (getzep.com) and Google Gemini (gemini.google.com) for memory processing and conversational AI features.

2. How We Use Your Information

We use your information to:

Provide, maintain, and improve the Services.

Generate, train, and maintain your digital twin.

Ensure safety, security, and fraud prevention.

Honor your consent settings and legacy wishes (including post-mortem plans).

Process payments and manage subscriptions.

Personalize your experience, including memory prompts and relevant features.

Deliver advertising and sponsored content, consistent with this Policy.

We do not use sensitive information for advertising purposes, unless you provide explicit, separate, opt-in consent.

Sensitive Data & Optional Advertising Features. ForeverFrom will never use your conversations, memory content, voice recordings, emotional inferences, health-related information, or any other sensitive personal data for advertising, personalization, or cross-context behavioral targeting, unless you provide explicit, separate, opt-in consent. If ForeverFrom introduces optional advertising or personalization features in the future, we will present a clear consent screen describing the categories of data involved, the purpose, and your right to refuse or withdraw consent at any time.

ZEP and Google Gemini (Memory Processing and Conversational AI). We use ZEP and Google Gemini for conversational AI features. ZEP and Google Gemini operates under their API Terms of Service. When you create or interact with conversations and memories, ZEP and Google Gemini processes your memory content for:

Metadata extraction: Identifying people, places, emotions, events, goals, and time periods from your conversations.

Life organization: Intelligently splitting multi-part data inputs into distinct entity types.

Conversational AI: Generating responses, follow-up questions, and interactions.

Natural language understanding: Processing your queries and generating contextual responses.

What ZEP and Google Gemini does:

Processes data content via their API infrastructure.

Operates under their API Terms of Service.

Current API Data Usage Policies states that API inputs are not used to train their models.

However, data does pass through ZEP and Google infrastructures and is subject to their security practices and data retention policies.

ForeverFrom cannot control or guarantee ZEP and Google's future data practices and will notify you of material changes to their policies that affect your data.

What ForeverFrom Does:

Selects and contracts with reputable AI service providers.

Selects service providers with strong data protection commitments.

Enforces strict usage policies against unauthorized use.

Provides user verification and consent mechanisms.

Responds to and investigates reported policy violations and takes enforcement action where appropriate.

Maintains reporting mechanisms (privacy@foreverfrom.com, abuse@foreverfrom.com).

Important Disclosures

Platform and Third-Party Services. ForeverFrom acts as a platform that coordinates multiple AI services. While we enforce strong policies and respond to reports of misuse:

Voice processing technical safeguards are provided by Google Gemini.

Long-term memory processing and data storage is provided by ZEP.

AI capabilities is provided by Google Gemini.

We do not control these third parties' underlying technical infrastructure.

Each provider operates under their own terms, security practices, and limitations.

ForeverFrom remains primarily responsible and is your point of contact for privacy matters.

International Data Transfer. Your data may be transmitted to and processed by:

Google Gemini's infrastructure.

ZEP's infrastructure.

Our own cloud infrastructure (AWS).

We ensure appropriate safeguards are in place for international data transfers by selecting service providers with strong data protection commitments and contractual data processing provisions.

2A. Data Protection Roles (GDPR & UK GDPR)

ForeverFrom Inc. acts as the Data Controller within the meaning of the EU General Data Protection Regulation ("GDPR") and the UK GDPR, determining the purposes and means of processing personal data through the Services.

ZEP (getzep.com) and Google Gemini (gemini.google.com) act as Data Processors on behalf of ForeverFrom Inc., processing personal data solely on ForeverFrom's documented instructions and pursuant to applicable Data Processing Agreements.

These processors are authorized only to:

Process data necessary to provide memory intelligence, conversational AI, and contextual understanding;

Apply appropriate technical and organizational security measures;

Not use API inputs to train their own models, consistent with their published API data usage policies.

ForeverFrom Inc. remains fully responsible as Data Controller for:

Lawful basis determination;

Transparency to users;

Responding to data subject rights requests;

Regulatory compliance and oversight of processors.

No third-party AI provider acts as a joint controller with ForeverFrom.

3. Advertising & Personalization

The Services may include advertising, promotions, and sponsored content. We may use non-sensitive data (device information, interactions, account settings) to personalize ads:

Personalized Ads. Ads may be tailored to your activity and preferences.

Sensitive Data Exclusion. Your data will not be used for advertising, unless you provide explicit, separate, opt-in consent.

Third-Party Ads. Third-party advertisers are solely responsible for their content. ForeverFrom does not endorse or guarantee their products or services.

ForeverFrom may introduce personalization features in the future. Any such features will be clearly disclosed and optional. Sensitive personal information will never be used for advertising purposes without your explicit, separate opt-in consent.

4. Legal Bases for Processing (EEA, UK & Switzerland)

Where GDPR or UK GDPR applies, ForeverFrom processes personal data on the following lawful bases:

(a) Performance of a Contract

To provide core Services including account creation, memory storage, conversational interactions, and subscription management.

(b) Explicit Consent (Article 6(1)(a) & Article 9(2)(a))

For processing:

Conversations, memories, voice recordings, and reflective content;

Emotional context or sensitive personal narratives;

Post-mortem legacy preferences.

You may withdraw consent at any time via account settings. Withdrawal does not affect prior lawful processing but may limit functionality of the Services.

(c) Legitimate Interests (Article 6(1)(f))

To secure, improve, and maintain the Services, prevent fraud, ensure system integrity, and develop aggregated insights that do not identify individuals.

(d) Legal Obligations

To comply with applicable laws, court orders, and regulatory requirements.

Where processing relies on consent, refusal or withdrawal will never result in discrimination, but certain features may be unavailable if consent is essential to their operation.

5. Sharing of Information

We may share information with:

Service Providers: Hosting, payment, analytics, security, and verification providers.

AI Service Providers: ZEP and Google Gemini for memory processing and conversations.

Advertising Partners: To deliver personalized or contextual ads (excluding sensitive categories and always with your explicit, separate, opt-in consent).

Legacy Stewards / Family Managers: When authorized by you.

Legal & Regulatory Authorities: If required by law, subpoena, or government request.

Corporate Transactions: In mergers, acquisitions, or asset transfers, with notice provided.

We do not sell your personal information.

6. Data Security

We implement strong safeguards, including:

Encryption of data in transit and at rest using industry-standard encryption.

Access strictly limited to authorized personnel and protected by multi-factor authentication.

Account verification mechanisms.

No system is 100% secure, but ForeverFrom is built on a Security by Design foundation.

7. Consent & Control

Granular Consent. You choose what to share (stories, values, health, public visibility).

Dynamic Consent. You may adjust or revoke permissions at any time.

Post-Mortem Controls. You may set legacy instructions (memorialize, archive, or delete your twin).

Family Rights. Legacy managers may have access consistent with your wishes.

8. Children's Privacy

ForeverFrom is designed exclusively for adults and is intended only for individuals who are at least 18 years old (or the age of majority in their jurisdiction, if higher). Individuals under this age are not permitted to create an account or use the Services.

ForeverFrom does not knowingly collect personal information from minors and does not design or offer Services directed to children.

In accordance with the U.S. Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under the age of 13. If we become aware that personal information from a child under 13 has been collected without verified parental consent, we will promptly delete such information.

9. International Data Transfers

If you are outside the U.S., your information may be transferred to and processed in the U.S. or other jurisdictions (including by ZEP and Google Gemini operating as our service providers). These providers operate under their own terms of service and privacy policies, and we select providers with strong data protection commitments.

For users in the European Economic Area (EEA), UK, or Switzerland:

Where required, we rely on Standard Contractual Clauses (SCCs) or other valid safeguards, or will do so before transferring personal data.

We select service providers with strong data protection commitments.

You have the right to request copies of appropriate safeguards.

10. EEA, UK & Swiss Users – Data Controller & Representatives

For users located in the European Economic Area (EEA), the United Kingdom, and Switzerland, ForeverFrom Inc. acts as the Data Controller for the processing of personal data under the General Data Protection Regulation (GDPR) and the UK GDPR.

Data Controller:

ForeverFrom Inc. 635 West, 59th St, New York, NY 10019 Email: privacy@foreverfrom.com

EU Representative (Article 27 GDPR)

In accordance with Article 27 of the GDPR, ForeverFrom Inc. has appointed an authorized representative in the European Union.

EU Representative:

Prighter GmbH Leopoldstraße 31 6020 Innsbruck Austria Email: prighter@prighter.com

The EU Representative may be contacted by data subjects and supervisory authorities on all issues related to processing of personal data under the GDPR.

UK Representative (UK GDPR)

In accordance with the UK GDPR, ForeverFrom Inc. has appointed an authorized representative in the United Kingdom.

UK Representative:

Prighter Ltd c/o Prighter United Kingdom Email: prighter@prighter.com

The UK Representative may be contacted by UK data subjects and the Information Commissioner's Office (ICO) regarding matters related to the processing of personal data under UK GDPR.

Scope of Representation

The appointment of EU and UK representatives does not affect the responsibilities or liability of ForeverFrom Inc. as the Data Controller under applicable data protection laws.

11. Data Retention

We retain data only as long as necessary:

To provide the Services and fulfill your instructions.

To comply with legal obligations.

To support post-mortem legacy settings (if chosen).

12. Your Rights & How to Exercise Them

Depending on your location, you may have the right to:

Access, correct, or delete your personal data;

Withdraw consent at any time;

Object to or restrict certain processing;

Receive a portable copy of your data;

Opt out of targeted advertising;

Lodge a complaint with a supervisory authority.

How to Exercise Your Rights

Requests may be submitted by emailing privacy@foreverfrom.com or via your account settings.

We will:

Verify your identity before fulfilling requests;

Respond within 30 days (or 45 days where permitted by law);

Notify you if additional time is required.

Automated Decision-Making

ForeverFrom does not engage in automated decision-making that produces legal or similarly significant effects solely by automated means within the meaning of Article 22 GDPR.

If this changes, you will be informed and provided meaningful information about the logic involved and your rights.

13. Changes to this Policy

We may update this Privacy Policy as our Services evolve. For material changes, we will provide notice via email or in-product alerts. Continued use after updates means acceptance.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, contact us at:

ForeverFrom Inc.

support@foreverfrom.com

privacy@foreverfrom.com

abuse@foreverfrom.com (for unauthorized use)

legal@foreverfrom.com

15. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you.

Right to Delete: You may request that we delete personal information we have collected, subject to legal exceptions.

Right to Correct: You may request that we correct inaccurate personal information.

Right to Opt-Out of "Sale" or "Sharing": ForeverFrom does not sell or share your personal information for cross-context behavioral advertising. You may still contact us at privacy@foreverfrom.com with "Do Not Sell or Share" in the subject line if you wish to exercise this right.

Right to Limit Use of Sensitive Personal Information: You may request that we limit the use and disclosure of sensitive personal information to what is necessary to provide the Services.

Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights.

How to Submit Requests: You may exercise these rights by emailing privacy@foreverfrom.com or via your account settings (where available). We will verify your request and respond within 45 days.

Retention: We retain personal information only as long as necessary to provide the Services, comply with law, fulfill your settings, or maintain security.

AI Cloning Safety.

Impersonation or deepfakes violate our Terms and result in immediate account termination. AI outputs may contain errors and are not professional advice.

16. Cookies & Similar Technologies

ForeverFrom uses cookies and similar technologies to operate and improve the Services.

Essential cookies are required for security, authentication, and core functionality and do not require consent.

Non-essential cookies (such as analytics or personalization cookies) are used only where permitted by law and, for users in the EEA and UK, only after obtaining your consent through a cookie consent mechanism.

You may manage or withdraw cookie preferences at any time through your browser settings or our cookie management interface.

A detailed Cookie Policy is available and incorporated by reference.