How we protect your data

Every connection to AfterCrash uses HTTPS/TLS. Your insurance card image never travels over the open internet in the clear.

Files (policy PDFs, photos, scans) and database records are encrypted at rest at the storage layer by our cloud provider.

• Passwords are hashed — we never see or store your password.
• You can sign in with email/password or with Google.
• Sessions are scoped and revocable from sign-out.

Only you. Database row-level security ensures one user account cannot read another user's records, photos, or documents — even by URL guessing.

Access to production data is restricted to a small number of engineers and only when needed to investigate a support issue you've opened. We log access. We don't browse user files for any other reason.

When AI is used to summarize a policy or answer a question, only the relevant document text and your question are sent to the AI provider. AI providers are contractually prohibited from using your content to train their models.

For as long as your account is active, or until you delete them. Deleted data is removed from active systems within 30 days; encrypted backups roll off within 90 days.

You can delete any individual card, vehicle, document, photo, incident, or letter from inside the app. You can delete your entire account from the Delete My Data page.

No. Your uploads are not used to train any AI model — ours or a vendor's.