Privacy policy

i. Data we never receive

The following are encrypted in your browser before any network call and never reach our servers:

• The plaintext content of your letter
• Your decryption key (generated client-side, printed only on your card)
• Drafts saved while you compose (stored in your browser's local storage)

We do not have the technical means to access these. This is by design and verifiable from our open-source recovery tool.

ii. Data we collect to fulfill an order

• Encrypted ciphertext — the scrambled output of your letter, submitted to Bitcoin.
• Order metadata — edition selected, card customization (monogram, theme, wax color), reveal date.
• Shipping information — recipient name, address, phone (if provided), and your email for order updates.
• Payment confirmation — handled by Stripe; we receive only success/failure status and last four digits of card. We do not store full payment details.
• Bitcoin transaction ID — the public on-chain pointer to your inscription.

iii. What we do with order data

We use it to mail your card and to send you status updates (payment confirmation, inscription confirmation, shipping tracking). We do not use it for advertising, do not share it with brokers, and do not sell it. We retain it for as long as required for tax and accounting (typically seven years), after which it is deleted.

iv. Cookies & tracking

We use a single first-party session cookie to keep you signed into your order page if you choose to revisit. We do not run third-party analytics, advertising pixels, or fingerprinting. Our website does not load any external scripts beyond Stripe (for payment) and Google Fonts (for typography). You can verify this by inspecting the network tab in your browser.

v. Bitcoin is public by design

The encrypted ciphertext you submit becomes part of the public Bitcoin blockchain. Anyone can fetch it given the transaction ID. Without your decryption key, however, it is mathematically meaningless.

vi. Your rights

If you are in the EU, UK, California, or another jurisdiction with data-rights legislation, you have the right to:

• Request a copy of the data we hold about your order
• Request correction of inaccurate data
• Request deletion of your shipping data (note: this does not affect the on-chain inscription)
• Withdraw consent and close your relationship with us

Email [email protected] with the order number. We respond within 30 days.

vii. Changes to this policy

If we materially change how we handle data, we will email anyone with an active order and update the effective date at the top of this page. Past versions are kept in our public GitHub repository so changes can be audited.