Privacy Policy for FutureLetter.org

Last Updated: 01 November 2021.
Effective Date: 01 November 2021.

At FutureLetter.org ("we," "us," or "our"), your privacy is paramount. This policy explains how we collect, use, and protect your data when you use our service to write letters to your future self or others.

1. Information We Collect

We only collect data essential to deliver your letters and operate the service:

A. Information You Provide

  • Account Data: Email address (required for delivery), optional nickname.

  • Letter Content: The text of your letters, scheduled delivery date(s), and recipient email(s).

  • Support Requests: Messages sent via contact forms or email.

B. Automatically Collected Data

  • Technical Data: IP address, browser type, device information (for security and analytics).

  • Usage Data: Pages visited, time spent, interactions (e.g., scheduling a letter).

C. What We Do NOT Collect

  • Payment information (if your service is free).

  • Sensitive personal data (e.g., government IDs, health information).

2. How We Use Your Information

We use your data solely to operate the Service:

Purpose Data Used
Deliver letters on schedule Email, letter content, dates
Account management Email, nickname
Security & fraud prevention IP address, device data
Improve user experience Aggregated, anonymized usage
Legal compliance As required by law

3. Data Sharing & Disclosure

We never sell your data or share letter content with third parties for advertising. Limited sharing occurs only for service delivery:

  • Third-Party Providers:

    • Email Delivery: Services like [AWS SES/SendGrid] to send letters.

    • Cloud Storage: Encrypted databases (e.g., AWS, Google Cloud).

    • Analytics: Google Analytics (anonymized IPs, no tracking).

  • Legal Obligations: Disclose data if required by law (e.g., court orders).

  • Business Transfers: If acquired, user data remains protected under this policy.

4. Data Retention & Deletion

  • Active Letters: Stored until delivery + 30 days (for retrieval).

  • Deleted Accounts: Permanently removed within 60 days.

  • Backups: Encrypted backups retained for up to 1 year.

You may delete letters or accounts anytime via your dashboard.

5. Security Measures

We prioritize protecting your letters:

  • Encryption:

    • At Rest: AES-256 encryption for stored letters.

    • In Transit: TLS/SSL for data transmission.

  • Access Control: Restricted to authorized personnel with audit logs.

  • Breach Response: Notify affected users within 72 hours if sensitive data is compromised.

6. Your Rights & Choices

Depending on your location (e.g., GDPR/CCPA), you may:

  • Access: Request a copy of your data.

  • Correct: Update account information.

  • Delete: Remove your account and letters permanently.

  • Opt-Out: Unsubscribe from non-essential emails.

To exercise these rights, contact us at [privacy@futureletter.org].

7. International Data Transfers

Data may be processed in the U.S. or other countries. We use GDPR-compliant safeguards (e.g., Standard Contractual Clauses) for transfers outside your region.

8. Children’s Privacy

  • Our service is not intended for users under 13.

  • If we learn a child under 13 provided data, we will delete it promptly.

9. Cookies & Tracking

  • Essential Cookies: Session management and login functionality.

  • Optional Analytics: Google Analytics with anonymized data.

  • No Ads or Tracking: We do not use advertising cookies.

10. Policy Updates

We will notify users of material changes via email or a website banner. Continued use after updates implies acceptance.

Contact Us

For privacy requests or questions:
Email: [privacy@futureletter.org]
Mailing Address: [Your Physical Address, if required]

Additional Notes for Compliance

  • GDPR Representative: If based outside the EU, appoint a GDPR representative (e.g., through a service like PrivacyTrust).

  • CCPA: Add a "Do Not Sell My Personal Information" link if applicable.