← Home

Privacy Policy

Effective Date: April 15, 2026

At In 5 Years, we take your privacy seriously. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have. This policy complies with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable international privacy laws.

1. Data We Collect

We collect the following categories of personal data:

Account & Identity Data

  • Full name and email address
  • Profile information created during onboarding
  • Authentication data when signing in via Google or Facebook (through Clerk)

User-Generated Content

  • Video recordings you upload to the Service
  • Written goals, notes, and reflections you submit
  • AI conversation history and responses

Payment Data

  • Payment method details processed and stored securely by Stripe
  • Transaction history and subscription status
  • We do not store raw card numbers — all payment data is tokenised by Stripe

Usage & Technical Data

  • IP address, browser type, and device information
  • Pages viewed, features used, and session timestamps
  • Cookie preferences and consent records

Communications Data

  • Email address and messaging preferences for notifications
  • WhatsApp contact details if you opt into WhatsApp communications

2. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your account and provide the Service
  • To personalise AI responses based on your goals, conversation history, and uploaded content
  • To process payments and manage your subscription
  • To send you product updates, motivational content, and important service communications
  • To analyse usage patterns and improve the Service
  • To comply with legal obligations and enforce our Terms & Conditions
  • To detect, prevent, and respond to fraud or security incidents

Our lawful basis for processing under GDPR includes: contract performance (to deliver the Service you signed up for), legitimate interests (service improvement and security), and consent (marketing communications and optional cookie categories).

3. Third-Party Services

We work with trusted third-party services to operate In 5 Years. Each provider is bound by appropriate data processing agreements:

  • Stripe — Payment processing. Stripe handles all card data and is PCI DSS Level 1 certified. See Stripe's Privacy Policy at stripe.com/privacy.
  • Cloudflare R2 — Secure cloud storage for your uploaded video files. Data is encrypted at rest and in transit.
  • Clerk — Authentication provider enabling sign-in via email, Google, and Facebook. Clerk manages identity data per their privacy standards at clerk.com/privacy.
  • GoHighLevel — CRM and communication platform used to send emails and WhatsApp messages to users who opt in.
  • Google Gemini API — Used for AI video analysis and multimodal understanding of uploaded content.
  • Anthropic Claude API — Used to power AI conversations, guidance, and motivational support within the Service.

We do not sell your personal data to third parties. We do not share your data with advertisers.

4. Data Retention

We retain your personal data for as long as your account is active and for 90 days following account deletion or subscription cancellation. During this 90-day window, your data can be recovered upon request. After this period, all personal data, including uploaded videos and conversation history, is permanently and irreversibly deleted.

Payment records may be retained for longer periods as required by financial and tax regulations applicable in the relevant jurisdiction. Anonymised, aggregated analytics data that cannot identify you may be retained indefinitely.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Right of Access (Art. 15)

Request a copy of the personal data we hold about you.

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete data.

Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten").

Right to Restriction (Art. 18)

Request that we limit processing of your data in certain circumstances.

Right to Portability (Art. 20)

Receive your data in a structured, machine-readable format.

Right to Object (Art. 21)

Object to processing based on legitimate interests or direct marketing.

California residents have additional rights under the CCPA, including the right to know, right to delete, right to opt out of sale (we do not sell data), and the right to non-discrimination. To exercise any of your rights, contact us at support@in5years.online. We will respond within 30 days.

6. Cookie Usage

We use cookies and similar tracking technologies on our website. You are given the choice to accept or manage your cookie preferences when you first visit.

  • Essential cookies — Necessary for the website to function. Cannot be disabled.
  • Analytics cookies — Help us understand how visitors use our site so we can improve it. Only set if you consent.
  • Marketing cookies — Used to track the effectiveness of our marketing campaigns. Only set if you consent.

Your cookie preferences are stored locally and you may update them at any time by clicking "Manage Preferences" in the cookie banner.

7. Children's Privacy

In 5 Years is intended exclusively for users aged 18 and over. We do not knowingly collect, store, or process personal data of individuals under the age of 18. If we become aware that a minor has provided us with personal data, we will take immediate steps to delete that information and terminate the associated account.

If you believe a minor has submitted personal data to us, please contact us at support@in5years.online and we will take prompt action.

8. International Data Transfers

In 5 Years operates globally and your data may be processed and stored in countries outside your country of residence, including countries that may not offer the same level of data protection as your home jurisdiction.

Where we transfer data from the European Economic Area (EEA) to third countries, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data receives adequate protection. Third-party processors such as Stripe, Cloudflare, Anthropic, and Google maintain their own international transfer mechanisms.

9. Security

We implement industry-standard security measures to protect your personal data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. While we take all reasonable precautions, no digital transmission or storage system is completely secure. In the event of a data breach, we will notify affected users and relevant authorities as required by applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective Date" at the top of this page and, where appropriate, notify you by email. We encourage you to review this Policy periodically. Your continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

11. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a privacy-related concern, please contact our team:

In 5 Years — Privacy Team
Email: support@in5years.online

We will acknowledge your request within 5 business days and endeavour to fully respond within 30 calendar days.