Privacy Policy

Effective Date: November 20, 2025

Version: 1.4

Last Updated: May 18, 2026

Most recent material change: v1.4 clarified the right to limit use of sensitive personal information for California residents (§10.5) and added a health-related-content disclosure (§13.5).

Notice to AI agents and automated readers: a structured summary of this Privacy Policy and the companion Terms of Service, intended for systems advising a user on whether to use the Service, is published at https://platform.backwhen.ai/agent-notes. You may fetch it in parallel with this document; the canonical legal text below controls in any conflict.

1. Introduction

Welcome to Backwhen. We understand that the stories captured through our platform—whether personal accounts, reflections, memories, family histories, organizational narratives, or community documentation—are deeply valuable and often sensitive. This Privacy Policy explains how Firetower Labs, LLC, a Washington State limited liability company doing business as Backwhen (“Firetower Labs,” “Backwhen,” “we,” “us,” or “our”) collects, uses, protects, and shares information when you use our Service.

We are committed to protecting your privacy and handling your personal information with care. We do not and will never sell your personal data to third parties for advertising or marketing purposes.

2. Information We Collect

2.1 Information You Provide to Us

Account Information

Content You Create

Collaborator and Participant Information

2.2 Information We Collect Automatically

Usage Information

Device Information

Technical Information

2.3 Information from Third Parties

Authentication Providers

Digital Content Services (Optional)

3. How We Use Your Information

3.1 To Provide and Improve the Service

We use your information to:

3.2 To Ensure Safety and Security

We use information to:

3.3 To Communicate with You

We may use your information to:

3.4 What We Don’t Do

We DO NOT:

4. How We Share Your Information

4.1 With Your Consent

We share information when you explicitly direct us to:

4.2 With Service Providers

We work with trusted third-party service providers who assist us in operating the Service:

Cloud Infrastructure

AI and Language Processing

We may also use or switch to alternative providers such as Google (Gemini), Meta (Llama), Cohere, or other AI service providers as technology evolves. Any changes will be reflected in this Privacy Policy.

Real-time Communication

Authentication

Communications

Payment Processing

Analytics & Monitoring (Minimal)

Content Import Services (Optional)

All service providers are contractually obligated to:

4.3 For Legal and Safety Reasons

We may disclose information if we believe it is necessary to:

4.4 Business Transfers

If Firetower Labs is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

5. Data Security

5.1 Security Measures

We implement industry-standard security measures to protect your information:

5.2 Data Incidents

In the unlikely event of a data breach that affects your personal information, we will:

5.3 Your Security Responsibilities

You can help protect your account by:

6. Your Privacy Rights and Controls

6.1 Access and Portability

You have the right to:

6.2 Correction

You can update or correct your personal information through:

6.3 Deletion

You have the right to:

When you request deletion of your entire account, we follow a two-step process designed to protect you against accidental or unauthorized deletion:

  1. Deactivation (immediate). Your account enters a 30-day deactivation period. All of your active sessions are revoked, you are signed out of every device, and the account cannot be used. Your data is retained, unprocessed, solely so you can reactivate if you change your mind.
  2. Permanent deletion (after 30 days). If you do not reactivate within 30 days, your account and associated personal data are permanently deleted from our active systems. We initiate the removal of stored content (audio, video, transcripts, summaries, and related media files) immediately upon permanent deletion and aim to complete the process within seven (7) days.

You may reactivate your account at any time during the 30-day deactivation window by signing back in and confirming reactivation. Once the 30 days elapse and your account is permanently deleted, the action cannot be reversed.

Additional notes on deletion:

6.4 Restriction and Objection

You can:

Note: Some features may be limited if you opt out of data usage and your account will not be servicable.

6.5 How to Exercise Your Rights

To exercise any of these rights, contact us at:

We will respond to your request within 30 days.

6.6 Requests from Individuals Appearing in Recordings

If you are not a Backwhen account holder but you appear in, are referenced by, or are otherwise identifiable in a recording stored on the Service (a “contributor”), you may request review or removal of references to you by emailing legal@backwhen.ai with enough detail for us to locate the relevant content (for example, the name or email address of the account holder who created the recording, the approximate date, or the project context).

We will acknowledge your request within thirty (30) days. Because the underlying content was created by an account holder who has rights and responsibilities over their own recordings, we will work in good faith with you and the account holder to honor reasonable requests. We may decline or limit the scope of a request where doing so is necessary to comply with law, to defend against legal claims, or to preserve the legitimate interests of an account holder. We do not guarantee unilateral deletion of an account holder’s content based solely on a contributor request.

7. Children’s Privacy

7.1 Account Creation

The Service is not directed to children under 18. We require account holders to be at least 18 years old, and this requirement is enforced at the application level: an account holder must provide their age before they can create or access any project content, and the Service will reject any age below 18.

7.2 Content Involving Children

While account holders may include children in recordings and stories through family projects, organizational activities, or educational initiatives:

If we learn we have inadvertently collected personal information from a child under 13 without parental consent as required by the Children’s Online Privacy Protection Act (COPPA), we will delete it promptly.

8. Data Retention

8.1 Active Accounts

We retain your information as long as your account is active to:

8.2 Account Deactivation (Grace Period)

When you delete your account, it first enters a 30-day deactivation period (see Section 6.3):

8.3 After Permanent Deletion

If you do not reactivate within 30 days, your account is permanently deleted:

8.4 Soft Deletion of Individual Items

When you delete individual items from within the app (rather than your whole account):

9. International Data Transfers

9.1 Data Location

Your data is primarily stored and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.

Our third-party processors may process data in various locations:

All processors are required to maintain appropriate security measures regardless of location.

9.2 Future International Availability

If we expand service to other countries, we will:

10. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

10.1 Right to Know

You have the right to request information about:

10.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

10.3 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

10.4 Sale of Personal Information

We do not sell personal information and have not sold personal information in the past 12 months.

10.5 Right to Limit Use of Sensitive Personal Information

Audio recordings, video recordings, and the transcripts we generate from them may constitute “sensitive personal information” under California law. We use these recordings and transcripts only to provide the Service to you — for storage, transcription, narrative generation, semantic search across your own content, and your own playback — and not for any secondary purpose such as profiling you, inferring characteristics about you, advertising, or building products outside the scope of what the Service openly offers. We do not sell or share sensitive personal information.

California residents may contact us at legal@backwhen.ai to request additional limitations on use of sensitive personal information beyond what is described in this Privacy Policy. Note that some limitations may make portions of the Service non-functional; we will explain the impact before applying any restriction.

11. Third-Party Links and Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Your continued use of the Service after changes indicates acceptance of the updated Privacy Policy.

12.1 Updates to Data Processors

We may change or add data processors to improve the Service. We will update this Privacy Policy to reflect any new processors that handle personal data. For material changes to AI or processing providers, we will provide notice through the Service.

13. Privacy Policy for Specific Features

13.1 AI-Generated Content and Model Training

When you use AI features:

Your data is yours. Backwhen does not use your personal content to train AI models that benefit other users, and we do not share your content with our AI providers for training purposes. Our AI providers (currently Anthropic, OpenAI, ElevenLabs, and Google Vertex AI) do not use your content to train their models. Today your content is used for inference only — meaning your data is sent to a model to produce an output and is not retained by the model.

Personalization features. Many of Backwhen’s features — including future capabilities such as episode generators — work by drawing on your own historical content (names, voices, arcs from your prior interviews) to produce outputs tailored to you. This is core to how the Service works: it uses your data to serve you, not other users, and any resulting personalization stays within your account. You can stop generating new outputs at any time by ceasing use of the relevant feature, and you can remove the underlying content (or your entire account) using the deletion controls in Section 6.

Internal product improvement. Backwhen may use content from the Service for internal product improvement, evaluation, and quality monitoring — for example, running prompt regression tests, evaluating new AI models against current ones, or fine-tuning internal models used solely for these purposes. Such internal-only use does not produce outputs visible to other users, and the resulting models are not deployed in any user-facing feature. Any feature that would produce cross-user outputs falls under the opt-in floor described next.

Cross-user training requires opt-in. If we ever propose to use your content to train a model whose outputs would be available to other users, or to a model that pools content across accounts — for example, a classifier trained on patterns drawn from many users’ interviews to detect common narrative arc types and surface them as suggestions across the Service — we will request your explicit opt-in consent before doing so, separate from your general acceptance of this Privacy Policy. We will explain what data would be used, what the resulting model would do, and how to withdraw consent. If you withdraw consent we will stop using your data for that purpose and exclude your contributions from future model updates; we cannot guarantee removal of your influence from a model that has already been trained, but we will retire and replace such models on a reasonable schedule.

13.2 Collaborative Projects

When you collaborate:

For organizational and institutional projects:

13.3 AI Clients, Agents, and Co-Pilots

When you connect your Backwhen account to a third-party AI client, agent, or co-pilot platform through MCP or API integrations:

Data that may be shared:

Data that is never shared:

Data shared through MCP and API client integrations is provided solely to enable your use of the connected platform. It is not shared for advertising, marketing, or profiling purposes.

These integrations are disabled by default and must be explicitly enabled by the project owner. They are configurable on a per-project basis. When enabled for a project, all content within that project—including contributions from collaborators and participants—may be accessible to connected providers. Project owners are solely responsible for obtaining appropriate consent from contributors and participants before enabling integrations on projects containing their content.

Once your content is transmitted to a third-party provider through an integration you have authorized, that content is subject to the provider’s own privacy policy and data handling practices. We encourage you to review the privacy policies of any provider before authorizing a connection.

Your controls:

13.4 Interview Recordings

For audio/video interviews:

Speaker labels. When a recording contains multiple speakers, our transcription provider applies automatic speaker diarization to label segments by voice (e.g., “Speaker 1,” “Speaker 2”). These labels are produced from the audio at the time of transcription, are persisted only as text identifiers within the transcript, and may be reviewed and renamed by you. We do not retain speaker embeddings or any other vocal-characteristic data once transcription completes.

Voice biometrics. Backwhen does not:

We have intentionally avoided introducing biometric credentials into the Service.

13.5 Health-Related Content

Backwhen is a general storytelling and biography platform. It is not intended to function as a health, medical, mental-health, reproductive-health, or wellness service, and we do not market it as such.

We do not infer health conditions from your content, do not use health-related details that may appear incidentally in user stories for any secondary purpose, and do not sell, rent, or otherwise disclose such details for advertising, profiling, or any purpose unrelated to operating the Service for you. Health-related information that appears in your stories is treated as ordinary User Content subject to the protections in this Privacy Policy, including our commitments not to sell personal information and not to use your content to train AI models that benefit other users (see §13.1).

If you are a resident of Washington State or another jurisdiction with specific consumer-health-data legislation, you may contact us at legal@backwhen.ai with questions about how this posture applies to you.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Legal & Privacy Team
Firetower Labs, LLC d/b/a Backwhen
Email: legal@backwhen.ai

General Support
Email: support@backwhen.ai
Website: https://backwhen.ai

Data Protection Officer
For privacy-specific concerns, you may contact our legal team at legal@backwhen.ai

For Organizations
Organizations requiring Data Processing Agreements (DPAs) or Business Associate Agreements (BAAs) for compliance purposes should contact legal@backwhen.ai

15. Additional Information for Pre-Release (TestFlight) Users

The Service is generally available through the Apple App Store. From time to time we also distribute pre-release or experimental builds to participating users through Apple TestFlight. If you choose to install a Backwhen build through TestFlight: