Skip to content
Years Out logoYears Out

Privacy Policy

Last updated: April 2026

1. Data controller

Years Out (“we”, “us”) operates yearsout.com. For any privacy-related questions, contact us at privacy@yearsout.com.

2. What we collect

  • Story submissions: Decision details, motivation, fears, location, age range, and profession.
  • Email (optional): If you provide an email for update reminders, we store only a one-way cryptographic hash. The original email is never written to disk.
  • Account data (optional):If you create an account (via email/password or Google OAuth), we store your name, email, and hashed password. Google accounts share only the data you approve on Google’s consent screen.
  • Reader counts: We store a one-way hash of your IP address to count unique readers per story per day. No raw IP addresses are retained.

3. Legal basis for processing

  • Consent (Art. 6(1)(a) GDPR): You explicitly consent to data processing when you submit a story or create an account. You may withdraw consent at any time.
  • Legitimate interest (Art. 6(1)(f) GDPR): We aggregate anonymised data to produce statistical insights about life decisions. This serves the public interest and does not override your rights.

4. How we use your data

  • Publishing approved stories (anonymously by default) on yearsout.com
  • Computing aggregate statistics across stories (happiness trends, financial outcomes)
  • Sending update reminder emails (only if you consented to email reminders)
  • Authenticating your account (if you created one)

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Data retention

  • Published stories: Retained indefinitely to preserve the longitudinal record. You may request removal at any time.
  • Email hashes: Retained while reminder emails are active. Deleted when all reminders are sent or upon your request.
  • User accounts: Retained until you delete your account. Upon deletion, personal data is removed and linked stories are anonymised.
  • Reader IP hashes: Retained for rate-limiting purposes and automatically expire with normal database maintenance.
  • Consent records: Retained for the duration required by applicable law to demonstrate compliance.

6. Your rights

Under the GDPR and equivalent regulations, you have the right to:

  • Access— Request a copy of all data we hold about you. If you have an account, use the “Export my data” button on your profile page.
  • Rectification — Request correction of inaccurate personal data.
  • Erasure— Request deletion of your personal data. If you have an account, use the “Delete my account” button on your profile page. Otherwise, email us.
  • Restriction — Request that we limit how we process your data.
  • Portability — Receive your data in a structured, machine-readable format (JSON).
  • Withdraw consent — Withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.
  • Lodge a complaint — You have the right to lodge a complaint with your local data protection authority (supervisory authority).

To exercise any of these rights, email privacy@yearsout.com or use the self-service tools on your profile page. We will respond within 30 days.

7. International transfers

Our infrastructure is hosted on Vercel (edge network with data centres globally). Data may be processed in any region where Vercel operates. We rely on Vercel’s Data Processing Addendum and Standard Contractual Clauses for transfers outside the EEA.

8. Cookies

  • Session cookie (strictly necessary): Used to keep you signed in. Exempt from consent requirements.
  • Cookie consent preference: Stored in your browser’s localStorage (not a cookie) to remember your cookie choice.

We do not use any third-party tracking, advertising, or analytics cookies.

9. Minimum age

Years Out is intended for users aged 16 and above. By creating an account or submitting a story, you confirm that you are at least 16 years old. We do not knowingly collect data from anyone under 16.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via a notice on the site. The “last updated” date at the top of this page reflects the most recent revision.

11. Contact

For any privacy-related requests, questions, or complaints, email privacy@yearsout.com. We aim to respond within 30 days.