top of page
MFT_gep.achtergrond
LOGO_MDT

Privacy & Refund Policy

Your privacy matters to us. This policy explains what personal data we collect, why we collect it, how we protect it and what your rights are. We keep it human and honest.
 

Version 1.0 · Febr. 28, 2026 

1. WHO WE ARE

My Dear Tomorrow is operated by JOY, an independent founder based at 8300 Knokke-Heist, Belgium. VAT number: BE 0459.222.546. Contact: hello@mydeartomorrow.com.

2. WHAT DATA WE COLLECT

We collect only what is necessary to provide our service. This includes your name, email address, the recipient's name and email address, your letter content, your delivery date or conditions, payment confirmation data and technical data necessary for account management and letter delivery.

We do not collect sensitive personal data such as health information, political opinions or financial account details.

3. WHY WE COLLECT IT

We collect your data for the following purposes: to create and manage your account, to store and deliver your letter on the chosen date or under the chosen conditions, to process your payment through our trusted payment providers, to send you transactional emails related to your purchase and letter management, and to comply with our legal obligations under Belgian and European law.

We do not use your data for advertising, profiling or marketing purposes.

4. LEGAL BASIS FOR PROCESSING

We process your personal data on the following legal bases: performance of a contract (delivering the service you purchased), compliance with legal obligations (GDPR and Belgian law), and our legitimate interest in operating and maintaining the platform securely.

5. WHO HAS ACCESS TO YOUR DATA

My Dear Tomorrow works with a limited number of trusted technical partners:

Wix: website hosting and CMS (servers located in Ireland and the United States)

Mollie: payment processing (servers located in the Netherlands and the EU)

PDFShift: PDF generation for letter downloads

Each partner is bound by strict data protection agreements and has no access to the content of your letters for their own purposes.

We do not sell, rent or share your personal data with any third party for commercial purposes.

6. YOUR LETTER CONTENT

The content of your letter is stored securely and is never read, reviewed or accessed by My Dear Tomorrow staff in normal operations. It is accessible only to you via your secure management link, and to your recipient via their unique delivery link on delivery day.

In exceptional circumstances, such as a court order or legal obligation, My Dear Tomorrow may be required to provide access to account data. The content of letters will only be disclosed if explicitly required by law.

7. DATA RETENTION

We retain your data as follows:

  • Letter content and personal data: deleted 30 days after delivery

  • Cancelled letters: deleted 30 days after cancellation

  • Legacy Letters with unused codes: deleted after 10 years

  • Financial transaction records: retained for 7 years as required by Belgian law

  • Account data: retained for as long as your account is active

 

If you request deletion of your data, we will comply within 30 days, subject to our legal retention obligations.

8. YOUR RIGHTS UNDER GDPR

As a user based in the EU, you have the following rights:

  •   The right to access your personal data

  •   The right to correct inaccurate data

  •   The right to request deletion of your data

  •   The right to restrict or object to processing

  •   The right to data portability

  •   The right to withdraw consent at any time

 

To exercise any of these rights, please contact us at privacy@mydeartomorrow.com. We will respond within 30 days.

If you believe your rights have been violated, you have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit) at www.dataprotectionauthority.be.

9. COOKIES

My Dear Tomorrow uses cookies that are necessary for the platform to function. We do not use cookies for advertising or tracking purposes beyond what is essential. A cookie notice is displayed on your first visit to our website.

10. SECURITY

 

Your data is protected by AES-256 encryption at rest and TLS encryption in transit. All connections to My Dear Tomorrow run over HTTPS. We apply industry best practices to protect your data at every level.

In the unlikely event of a data breach, we will notify affected users and the Belgian Data Protection Authority in accordance with GDPR requirements.

11. REFUND POLICY

Because your letter is stored and managed from the moment of purchase, My Dear Tomorrow is unable to offer refunds once a letter has been created. This applies to all letter types and all additional fees paid for changes after purchase.

Exceptions are considered only in cases of technical failure on our part that prevented the service from being delivered. In such cases, please contact us at hello@mydeartomorrow.com and we will look for a fair solution.

Gift Letters cannot be exchanged for cash or refunded once purchased.

My Dear Tomorrow explicitly invokes the digital content exception under Article 16(m) of the EU Consumer Rights Directive, as the service begins immediately upon purchase with the user's explicit consent.

12. CHANGES TO THIS POLICY

My Dear Tomorrow may update this Privacy & Refund Policy from time to time. The current version is always available at mydeartomorrow.com. We encourage you to review it periodically.

13. CONTACT

For any privacy-related questions or requests, please contact: privacy@mydeartomorrow.com

For general questions: hello@mydeartomorrow.com

bottom of page