Privacy Policy

1. Who We Are

PostNotes is a legacy messaging platform that allows users to compose personal messages to be disclosed to loved ones after a configurable confirmation process. Contact details and our legal entity information can be found in our Imprint.

We are committed to GDPR-compliant data handling and privacy-by-design. This policy explains what data we collect, why, and how we protect it.

2. Data We Collect

Account & Profile Data

• Email address and (hashed) password, or social login provider identifier.
• Optional: two-factor authentication enrollment data, managed by Supabase.
• Account settings, subscription status, and preferences.

Message Metadata

• Message titles, creation/update timestamps, public status, storage size.
• Encryption mode selection (none, per-message, or master-password).
• We do not store the content of encrypted messages. Encrypted blobs are mathematically opaque to us.
• Unencrypted message content is stored but is only used to serve it back to you and to your designated recipients after disclosure.

Confirmation Workflow Data

• Contact details (email, phone number, or social handle) of designated confirmation agents.
• Timestamps of confirmation trigger events and cancellation actions.

Payment Data

• Payment processing is handled entirely by Stripe. We receive only anonymized billing references and subscription status from Stripe.
• We never store full payment card numbers or sensitive payment details on our servers.

Technical & Usage Data

• IP address and browser/device information for security and fraud prevention purposes.
• Server-side logs (excluding message content) for operational monitoring, retained for a maximum of 90 days.
• Cookies for authentication sessions (see Section 6).

3. Zero-Knowledge Encryption

If you choose to encrypt your messages, all encryption and decryption occurs in your browser before any data is transmitted to our servers. We receive only ciphertext. This means:

• We cannot read, access, or recover the content of encrypted messages under any circumstances.
• We cannot assist law enforcement with access to encrypted message content, because we technically cannot access it.
• Lost encryption passwords cannot be recovered by us or by any party.

4. How We Use Your Data

• Service provision: To authenticate you, store and manage your messages, and execute the confirmation workflow.
• Payments: To manage your subscription via Stripe.
• Notifications: To send you and your confirmation agents emails or SMS messages related to the confirmation lifecycle.
• Safety: To scan unencrypted images for illegal content using a third-party moderation service.
• Security: To detect and prevent unauthorized access, fraud, or abuse.
• Legal compliance: To comply with applicable laws and respond to valid legal requests.

We do not sell your personal data. We do not use your data for advertising or profiling.

5. Third-Party Processors

We share minimal data with the following categories of sub-processors, each bound by data processing agreements:

• Supabase — authentication provider. Stores your email and session tokens. See Supabase Privacy Policy.
• Stripe — payment processor. Handles card data and billing. See Stripe Privacy Policy.
• Email / SMS notification provider— used to deliver confirmation workflow alerts. Only the recipient's address and relevant notification content are shared.
• Content moderation service — images from unencrypted messages are scanned. Images are not retained by the moderation provider beyond the scanning operation.
• Cloud object storage provider — stores message bundles. Data is stored in encrypted-at-rest storage. We select providers with SOC 2 / ISO 27001 certifications.

6. Cookies & Session Data

We use strictly necessary cookies only:

• Authentication cookies — issued by Supabase to maintain your logged-in session. These are session-scoped or expire after a short period.
• CSRF protection tokens — short-lived tokens to protect form submissions.

We do not use tracking, analytics, or advertising cookies. No third-party tracking scripts are loaded.

Optional Frontend Telemetry

We use Azure Application Insights for privacy-first frontend telemetry to understand key user actions (share clicks, confirmation link visits, message views, QR code generation, payment flows, authentication events) and page navigation patterns. This telemetry is:

• Cookie-free — no persistent cookies or browser storage is used.
• First-party — data stays within our Azure tenant, not shared with third parties.
• No PII — we track only anonymous event types and non-identifying properties. Page views are sanitized to remove user IDs, tokens, and sensitive parameters.
• Anonymous session tracking — a random session ID is generated in your browser to understand user journeys within a single session. This ID is not linked to your account, persists only for the browser session, and is automatically cleared when you close your browser.
• Authenticated user correlation — when you are logged in, your account ID is included in telemetry to help us correlate support requests with technical issues. This is limited to your internal user ID and does not include email, name, or other personal information.
• Aggregated insights only — used to improve product features and understand navigation patterns, not for individual tracking.

This telemetry is optional and can be disabled at the infrastructure level. It is not used for advertising, profiling, or cross-site tracking.

7. Data Retention

• Active accounts: Data is retained for the duration of your account and subscription.
• Account deletion: Upon voluntary deletion before disclosure, all personal data and message content are permanently removed within 30 days.
• Disclosed messages: Once messages become publicly disclosed, they are treated as voluntarily published content. They remain accessible for a minimum of two (2) years, and published message content is no longer subject to deletion requests.
• Inactive free accounts: May be deleted after 24 months of inactivity, following email notification.
• Logs: Operational logs are retained for a maximum of 90 days.

8. Your Rights (GDPR)

If you are located in the European Economic Area or United Kingdom, you have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccurate data.
• Erasure: Request deletion of your data (subject to the exceptions noted above for disclosed messages).
• Portability: Receive your data in a machine-readable format.
• Restriction: Request that we limit processing of your data in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Complaint: Lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us via the contact form or the details in our Imprint. We will respond within 30 days.

9. International Transfers

Some of our sub-processors may process data outside the EEA. Where this applies, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms.

10. Children's Privacy

PostNotes is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact us and we will promptly delete the associated account.

11. Security

We implement industry-standard security measures including TLS in transit, encryption at rest for stored data, regular security reviews, and strict access controls. However, no system is completely secure. In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email and/or a platform notice at least 14 days before they take effect. The current version is always available at this URL.

13. Contact & Data Controller

For privacy-related inquiries, to exercise your rights, or to contact our Data Protection Officer, please use the contact form on our platform or refer to the details in our Imprint.