Skip to content
Wrothen← Back

Legal

Privacy Policy

Last updated: March 2026

1. What We Collect

We collect the minimum data necessary to operate the service:

  • Account data: Email address, name, and basic profile details returned by Google or Neon Auth.
  • Draft metadata: Creation dates, trigger types, delivery status. Content is encrypted and unreadable to us.
  • Recipient data: Names, email addresses, phone numbers you provide for delivery.
  • Usage data: Basic analytics (page views, feature usage) via PostHog. No personally identifiable tracking.

2. Zero-Knowledge Encryption

All message content is encrypted with AES-256-GCM before it reaches our servers. Your passphrase is never stored or transmitted after initial key derivation. We cannot read, analyze, or share your message content under any circumstances — including in response to legal requests, because we technically cannot decrypt it.

3. How We Use Your Data

  • Authenticate your identity and maintain your session
  • Send check-in pings (Dead Man's Switch) via email and SMS
  • Deliver your messages to recipients when triggers are met
  • Process payments through our Merchant of Record (Dodo)
  • Improve the product through anonymized analytics

4. Data Sharing

We do not sell your data. We share data only with:

  • Resend: Email delivery service (recipient email addresses only)
  • Twilio: SMS delivery service (phone numbers only)
  • Dodo: Payment processing (billing information only)
  • Neon: Database hosting (encrypted data at rest)

5. Your Rights (GDPR / CCPA)

  • Access: Export all your data from Settings → Export My Data
  • Deletion: One-click account deletion, immediate and permanent
  • Portability: Download your data in JSON format
  • Objection: Contact us to object to any processing

6. Data Retention

Your data is retained for as long as your account is active. Upon account deletion, all data — including encrypted drafts, recipient information, and encryption keys — is permanently purged within 24 hours. No backups are retained.

7. Cookies

We use only essential cookies for authentication through Neon Auth. We do not use tracking cookies or third-party advertising cookies. No advertising. Ever.

8. Contact

For privacy-related inquiries, contact us at privacy@deadmandrafts.com.