Last updated: 14 June 2025
Privacy Policy
Future Me is a personal life-tracking tool that helps you plan your wealth, health, and goals. This policy explains what data we collect, why we collect it, and what rights you have over it. We are committed to handling your data with care and in full compliance with the UK GDPR, EU GDPR, and equivalent global privacy frameworks.
1. Who we are
Future Me is operated by Future Me ("we", "us", "our"). We are the data controller for personal data processed through this service.
If you have any questions or wish to exercise your rights, contact us at: privacy@future-me.app
2. What data we collect and why
We collect only what is necessary to provide the service. We never sell your data.
2.1 Account data
| Data | Purpose | Legal basis |
|---|---|---|
| Email address | Create and manage your account; send your weekly summary email | Contract performance (Art. 6(1)(b) GDPR) |
| Password (hashed) | Authenticate your account | Contract performance |
| Name (optional) | Personalise your dashboard experience | Contract performance |
2.2 Profile and goal data
| Data | Purpose | Legal basis |
|---|---|---|
| Date of birth | Calculate your age and financial projections | Contract performance |
| Gender | Calibrate health metrics (e.g. calorie estimates) | Contract performance |
| Country of residence | Show relevant regional resources and currency defaults | Contract performance |
| Income, assets, net worth figures | Power financial planning and projection features | Contract performance |
| Life goals and vision board items | Display your personalised dashboard and goal tracking | Contract performance |
2.3 Health and body data (special category)
The following data is classified as special category data under Article 9 of the GDPR because it relates to your physical health. We collect it only with your explicit consent, which you give during onboarding and can withdraw at any time.
| Data | Purpose | Legal basis |
|---|---|---|
| Body weight | Track progress toward your body composition goals | Explicit consent (Art. 9(2)(a) GDPR) |
| Body fat percentage | Track progress toward your body composition goals | Explicit consent |
| Waist measurements | Track progress toward your body composition goals | Explicit consent |
| Workout logs and fitness activity | Track training progress and weekly activity | Explicit consent |
| Nutrition and calorie data | Track dietary goals and energy intake | Explicit consent |
2.4 Technical data
| Data | Purpose | Legal basis |
|---|---|---|
| Authentication session tokens | Keep you securely signed in | Legitimate interest (security) |
| Timestamps on data entries | Enable time-series charts and progress tracking | Contract performance |
Important: Future Me does not connect to your bank, brokerage, or any financial institution. All financial figures you enter are provided voluntarily by you. We do not verify, source, or enrich them from third parties.
3. How we store your data
Your data is stored securely using Supabase (our database provider), hosted on AWS infrastructure in the EU (Ireland, eu-west-1 region). Supabase acts as a data processor on our behalf under a Data Processing Agreement.
Our application is hosted on Vercel, who process request data transiently to serve the application. Vercel are SOC 2 Type II certified and comply with GDPR as a data processor.
Weekly summary emails are sent via Resend. Your email address is shared with Resend solely to deliver this email. Resend does not use it for any other purpose.
Encryption in transit (SSL/TLS): All connections between your device and Future Me are encrypted using TLS 1.2 or higher (HTTPS). This is enforced across all environments — the application will not load over an unencrypted HTTP connection. SSL certificates are managed automatically by Vercel and are renewed before expiry without any action required from you.
Encryption at rest: All data stored in our database is encrypted at rest using AES-256, managed by Supabase and the underlying AWS infrastructure.
4. How long we keep your data
We retain your data for as long as your account is active. When you delete your account:
- All personal data across every table is deleted immediately
- Your authentication account is permanently removed
- There is no recovery period — deletion is immediate and irreversible
We do not retain anonymised or aggregated copies of your individual data after deletion.
5. Who we share your data with
We do not sell, rent, or trade your data. We share it only with the sub-processors necessary to run the service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database storage | EU (AWS Ireland) |
| Vercel | Application hosting | US (with SCCs for EU transfers) |
| Resend | Transactional email delivery | US (with SCCs for EU transfers) |
Where processors are located outside the UK or EU, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
6. Your rights
Under the UK GDPR and EU GDPR, you have the following rights:
- Right of access — request a copy of all data we hold about you
- Right to rectification — correct inaccurate data (most data can be edited directly in the app)
- Right to erasure — delete your account and all associated data (available in Settings → Delete Account)
- Right to data portability — export your data in machine-readable format (available in Settings → Export Data)
- Right to restrict processing — request that we limit how we use your data while a dispute is resolved
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — withdraw consent for health data at any time; this does not affect lawfulness of prior processing
To exercise any right, contact us at privacy@future-me.app. We will respond within 30 days.
You also have the right to lodge a complaint with your national data protection authority. In the UK this is the ICO (ico.org.uk); in the EU, your local supervisory authority.
7. Cookies
We use a small number of cookies necessary for authentication. We do not currently use advertising or analytics cookies. See our Cookie Policy for full details.
8. Children
Future Me is not intended for children under 16 years of age. We do not knowingly collect personal data from anyone under 16. If you become aware that a child has provided us with personal data, please contact us so we can delete it.
9. Changes to this policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you by email. Continued use of Future Me after the effective date of any changes constitutes your acceptance of the updated policy.
10. Contact
Data controller: Future Me
Privacy enquiries: privacy@future-me.app