Words Left

Privacy Policy

Last updated: March 2026

What we collect

  • Encrypted message content (unreadable by us — client-side AES-256-GCM)
  • Sender and recipient email addresses (server-side encrypted — needed for safety checks and delivery)
  • Social profile URLs you provide (for activity monitoring)
  • Timer settings and delivery preferences
  • IP addresses (for rate limiting only, deleted after 24 hours)

What we cannot access

  • Your message content (encrypted client-side, we never have the key)
  • Your passphrase or edit code (stored as one-way hashes)
  • Uploaded files (encrypted client-side before upload)

How we use your data

Email addresses are used solely to operate the platform: sending safety check emails, consent requests, and delivering messages. We do not sell, share, or use your data for any other purpose.

Data retention

Messages are stored until delivered and opened, or until deleted by the sender. If all recipients decline and the sender does not update recipients within 1 year, the message and all associated data are permanently deleted.

Cookies

We use only essential cookies required for the site to function. No analytics, no tracking, no third-party cookies.

Your rights

You can delete your message and all associated data at any time using your edit code. Under GDPR and similar regulations, you have the right to access, rectify, and erase your personal data. Contact us to exercise these rights.

Contact

For privacy-related inquiries: wordsleft@protonmail.com