Privacy policy

i. Data we collect

Depending on the product tier you use, Amor Seal may collect and store:

• Contact details such as your name, email address, and any recipient delivery details you provide.
• Order metadata such as the tier selected, reveal timing, fade timing, and safe delivery status.
• Encrypted payloads and related safe metadata needed to fulfill hosted or full-witness orders.
• Payment status returned by Stripe, such as successful payment state, amount, and provider references.
• Support and contact records including safe anti-spam and rate-limit metadata for the public contact form.

We do not sell personal data. We use collected data only to operate the service, deliver reveal links, process support, and meet accounting or legal obligations.

ii. What stays on your side

For The Unsent, The Echo, The Capsule, and The Heirloom, the letter text is sealed in your browser before submission. For The Heirloom, the opening phrase is shown to the sender once after payment and is not stored in our order database afterward.

• We do not ask you to paste your opening phrase, recovery key, or private wallet material into the order flow.
• Hosted reveal and delivery emails contain the reveal link only. They do not contain your plaintext letter or the opening phrase value.
• If you voluntarily send sensitive material to support, that protection no longer applies to that support message.

iii. What we do with data

We use order and contact data to create orders, confirm payments, power buyer status pages, deliver hosted reveal links, respond to support requests, prevent abuse, and maintain the service. We may also retain records needed for accounting, fraud prevention, and legal compliance.

iv. Payment, email, and infrastructure providers

Stripe processes card payments. We do not store full payment card numbers. Hosted delivery and support email may be sent through configured providers such as AWS SES. Cloudflare and our hosting stack may process request metadata needed for routing, caching, and security.

v. Cookies and security records

We use essential cookies or session state where needed for admin authentication, order-flow continuity, and payment redirects. Cloudflare or similar front-layer protections may set security cookies. We do not currently operate advertising pixels, and we do not sell personal data.

vi. Retention and deletion

We keep records for only as long as they are needed to operate the order, meet accounting obligations, investigate abuse, or honor valid legal requests. Contact anti-spam and rate-limit records are kept in a minimal operational form rather than as marketing leads.

vii. Your choices and contact

If you are entitled to access, correction, or deletion rights under applicable law, contact us and we will review the request in line with our operational and legal obligations.

• Use our contact page for support and privacy questions.
• Email [email protected] if you need help locating an order or support record.