Privacy Policy

The short version

Your letters are encrypted in your browser before they leave your device. We cannot read them. We collect email addresses only to deliver notifications and let you find your correspondences. We don't sell your data. We don't run ads.

What we collect

• Email addresses — collected when you create a correspondence or use Find My Letters. Used only to send notifications when a new letter arrives and to send magic links for accessing your letter archive.
• Names — your name and your pen pal's name, used to personalize the correspondence and notifications.
• Letter content — stored in encrypted form. The encryption key lives only in your private URL. We cannot decrypt or read your letters.
• Metadata — timestamps, letter counts, and correspondence identifiers. This is unencrypted and used to operate the service.

How encryption works

Every correspondence gets a unique AES-256-GCM encryption key, generated in your browser. That key is embedded in the URL fragment (the #key=… part). URL fragments are never sent to our servers. Your letter content is encrypted before it leaves your device and decrypted only in your pen pal's browser. Our database holds only ciphertext — meaningless without your key.

What we don't do

• We don't sell or share your data with third parties.
• We don't run advertising.
• We don't use tracking pixels or behavioral analytics.
• We don't read your letters. Architecturally, we can't.

Third-party services

We use Firebase / Firestore (Google) to store encrypted letter data and metadata, and Resend to send transactional emails (notifications and magic links). These services receive only the data necessary to operate: encrypted content, email addresses, and names. Both services have their own privacy policies.

Data retention

Correspondence data is stored indefinitely unless you request deletion. Magic links expire after 24 hours. To request deletion of your correspondences and associated email addresses, email us at the address below.