Privacy Policy

1. Who We Are

PostNotes is a legacy messaging platform that allows users to compose personal messages to be disclosed to loved ones after a configurable confirmation process. Contact details and our legal entity information can be found in our Imprint.

We are committed to GDPR-compliant data handling and privacy-by-design. This policy explains what data we collect, why, and how we protect it.

2. Data We Collect

Account & Profile Data

• Email address and (hashed) password, or social login provider identifier.
• Optional: two-factor authentication enrollment data, managed by Supabase.
• Account settings, subscription status, and preferences.

Message Metadata

• Message titles, creation/update timestamps, public status, storage size.
• Encryption mode selection (none, per-message, or master-password).
• We do not store the content of encrypted messages. Encrypted blobs are mathematically opaque to us.
• Unencrypted message content is stored but is only used to serve it back to you and to your designated recipients after disclosure.

Confirmation Workflow Data

• Contact details (email, phone number, or social handle) of designated confirmation agents.
• Timestamps of confirmation trigger events and cancellation actions.

Payment Data

• Payment processing is handled entirely by Stripe. We receive only anonymized billing references and subscription status from Stripe.
• We never store full payment card numbers or sensitive payment details on our servers.

Technical & Usage Data

• IP address and browser/device information for security and fraud prevention purposes.
• Server-side logs (excluding message content) for operational monitoring, retained for a maximum of 90 days.
• Cookies for authentication sessions (see Section 6).

3. Zero-Knowledge Encryption

If you choose to encrypt your messages, all encryption and decryption occurs in your browser before any data is transmitted to our servers. We receive only ciphertext. This means:

• We cannot read, access, or recover the content of encrypted messages under any circumstances.
• We cannot assist law enforcement with access to encrypted message content, because we technically cannot access it.
• Lost encryption passwords cannot be recovered by us or by any party.

4. How We Use Your Data

• Service provision: To authenticate you, store and manage your messages, and execute the confirmation workflow.
• Payments: To manage your subscription via Stripe.
• Notifications: To send you and your confirmation agents emails or SMS messages related to the confirmation lifecycle.
• Safety: To scan unencrypted images for illegal content using a third-party moderation service.
• Security: To detect and prevent unauthorized access, fraud, or abuse.
• Legal compliance: To comply with applicable laws and respond to valid legal requests.

We do not sell your personal data. We do not use your data for advertising or profiling.

5. Third-Party Processors

We share minimal data with the following categories of sub-processors, each bound by data processing agreements:

• Supabase — authentication provider. Stores your email and session tokens. See Supabase Privacy Policy.
• Stripe — payment processor. Handles card data and billing. See Stripe Privacy Policy.
• Email / SMS notification provider— used to deliver confirmation workflow alerts. Only the recipient's address and relevant notification content are shared.
• Content moderation service — images from unencrypted messages are scanned. Images are not retained by the moderation provider beyond the scanning operation.
• Cloud object storage provider — stores message bundles. Data is stored in encrypted-at-rest storage. We select providers with SOC 2 / ISO 27001 certifications.

6. Cookies & Session Data

We use strictly necessary cookies only:

• Authentication cookies — issued by Supabase to maintain your logged-in session. These are session-scoped or expire after a short period.
• CSRF protection tokens — short-lived tokens to protect form submissions.

We do not use advertising cookies or cross-site profiling. We do use privacy-focused product analytics to understand aggregate site usage.

Privacy-Focused Analytics

We use Vercel Web Analytics to understand aggregate route usage and high-level traffic patterns without advertising cookies. Our legacy Azure Application Insights event telemetry remains in the codebase but is disabled by default. The active analytics setup is:

• Cookie-light — no advertising cookies or cross-site tracking identifiers are used for analytics.
• Aggregate-focused — analytics is used to understand route popularity and product usage trends, not to build marketing profiles.
• No PII — we track only anonymous event types and non-identifying properties. When the legacy event telemetry is ever re-enabled, page views are sanitized to remove user IDs, tokens, and sensitive parameters.
• Disabled legacy event telemetry — the custom Azure Application Insights path is off unless we explicitly opt into it at the infrastructure level.

This analytics setup is not used for advertising, profiling, or cross-site tracking.

7. Data Retention

• Active accounts: Data is retained for the duration of your account and subscription.
• Account deletion: Upon voluntary deletion before disclosure, all personal data and message content are permanently removed within 30 days.
• Disclosed messages: Once messages become publicly disclosed, they are treated as voluntarily published content. They remain accessible for a minimum of two (2) years, and published message content is no longer subject to deletion requests.
• Inactive free accounts: May be deleted after 24 months of inactivity, following email notification.
• Logs: Operational logs are retained for a maximum of 90 days.

8. Your Rights (GDPR)

If you are located in the European Economic Area or United Kingdom, you have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccurate data.
• Erasure: Request deletion of your data (subject to the exceptions noted above for disclosed messages).
• Portability: Receive your data in a machine-readable format.
• Restriction: Request that we limit processing of your data in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Complaint: Lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us via the contact form or the details in our Imprint. We will respond within 30 days.

9. International Transfers

Some of our sub-processors may process data outside the EEA. Where this applies, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms.

10. Children's Privacy

PostNotes is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact us and we will promptly delete the associated account.

11. Security

We implement industry-standard security measures including TLS in transit, encryption at rest for stored data, regular security reviews, and strict access controls. However, no system is completely secure. In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email and/or a platform notice at least 14 days before they take effect. The current version is always available at this URL.

13. Contact & Data Controller

For privacy-related inquiries, to exercise your rights, or to contact our Data Protection Officer, please use the contact form on our platform or refer to the details in our Imprint.