Privacy Policy
Your privacy is the foundation of everything we build.
Last Updated: June 25, 2026
Dear Nobody™ is built on anonymity. This Privacy Policy explains our minimal data collection practices and how we protect your privacy. We believe you should be able to express yourself without surveillance or tracking.
If a public letter is ever featured outside this site (for example in a podcast or video), that is governed by our Terms of Service and Media & collaboration page — not by selling your words as a data product to third parties.
1. Introduction
This Privacy Policy ("Policy") explains how Intelliquinte L.L.C. ("we," "us," "Company") collects, uses, and protects information when you use the Dear Nobody™ service at dearnobody.org and related domains, the Dear Nobody iOS app, and associated APIs (collectively, the "Service").
Dear Nobody™ is designed as an anonymous platform. We intentionally collect minimal personal data and employ technical measures to protect user privacy. This Policy should be read alongside our Terms of Service.
2. Information We Collect
2.1 Submission Content
When you submit a letter or confession to Dear Nobody™, we collect:
- The content of your submission
- Any optional categorization or metadata you provide (type, category, greeting, signature)
- Timestamp of submission
- Your visibility choice (public or private) and optional consent choices (research, marketing)
We do not require your name, email address, or account creation to submit content.
2.2 Submission Identifiers
Each submission is assigned:
- Public ID: Visible with published submissions, used for reference. Stored in our database.
- Private ID: Provided only to the submitter at time of submission. Never stored — only a one-way cryptographic hash is retained for verification.
These IDs are used for content management and removal requests. They are not linked to your identity unless you choose to associate them with your personal information (e.g., by emailing us with your IDs).
2.3 Technical Data We Do NOT Collect
We do not collect personal technical data about your visit:
- We do not intentionally retain your IP address in our application systems
- We do not collect browser fingerprints
- We do not use tracking cookies or analytics pixels
- We do not build user profiles or track behavior across sessions
2.4 Data Processed by Service Providers
While we don't collect this data in our application database as a profile of readers, our infrastructure providers process certain technical information when you connect to the Service:
- Cloudflare (infrastructure / subprocessor): Terminates and routes HTTPS traffic, provides CDN and DDoS protection, hosts the site (Pages / Workers), and runs bot verification (Turnstile). Cloudflare may process network identifiers (such as IP address), typical HTTP request metadata, security and operational telemetry, and approximate location inferred from IP where applicable. We may also view observability and security information in our Cloudflare account for the purposes described in Section 4.1.1. See Cloudflare's Privacy Policy.
We have selected these providers for their security and reliability. What we can see in provider dashboards, and for how long, is described in Section 4 and in each provider's own policy.
2.5 Consent Records
We record your choices regarding:
- Visibility (public or private)
- Research consent (optional)
- Marketing consent (optional)
These consent records are stored securely and linked only to your submission IDs, not to your identity.
2.6 Local Storage & On-Device Data ("My Vault")
Dear Nobody™ offers an optional "My Vault" feature that stores your submission IDs locally on your device. This data is stored only on your device and is never transmitted to or stored on our servers unless you use your IDs to access our API (for example, to view or delete a submission).
Website (browser local storage):
- What's stored: Your Public ID, Private ID, submission label, and timestamp — stored only in your browser's local storage
- What's NOT stored on our servers: Your Private ID (we only store a hash), your local vault contents
- Your control: You can view, add, or clear vault entries at any time from the Access & Control page
iOS app (Keychain & preferences): The iOS app offers the same Vault concept using the device Keychain instead of browser storage. Write drafts and saved letter IDs are also stored on-device. As with the web Vault, we do not receive your Private ID or vault contents unless you use them to access our API (e.g., to view or delete a submission).
2.7 Attribution Data
Website only: The following applies to visits through a web browser. The Dear Nobody iOS app does not use browser session storage or UTM/referrer capture; see Section 2.9 for app attribution.
To understand how people discover Dear Nobody™ (without identifying individuals), we collect limited, non-identifying attribution data:
What is captured
- Referral category: A broad category of how you arrived (e.g., "search," "social," "direct") — not the specific page or search query
- Referrer domain (website only): For non-search, non-social external links, we may store the sanitized hostname of the referring site (e.g., "medium.com") — not the full URL or page path
- Campaign identifiers: UTM parameters from links we share (utm_source, utm_medium, utm_campaign, utm_content) — these identify the link, not you
- Landing page path: Which page on Dear Nobody™ you first visited (e.g., "/write")
- "How did you find us?": Your optional, voluntary response if you choose to answer
How it works
- Session storage: When you first visit, attribution data is temporarily held in your browser's session storage (not a cookie). It is automatically cleared when you close the browser tab or window. It is never transmitted to our servers unless you make a submission
- On submission: If you submit a letter, confession, or story, the attribution data from your session is attached to your submission record and stored in our database, linked by your submission's internal ID
- No submission, no storage: If you browse the site without submitting, your attribution data stays only in your browser and is never sent to us
What this data is NOT
Attribution data does not include your IP address, browser fingerprint, device identifier, or any information that could identify you personally. We do not use cookies, fingerprinting, or cross-session tracking. We cannot link two separate visits to the same person. The data tells us "a submission came from a Twitter link" — not "User X came from Twitter."
How we use it
We aggregate attribution data across all submissions to understand broad traffic patterns (e.g., "23% of submissions came via search engines this month"). Per-submission attribution data is deleted when the associated submission is deleted (see Section 6).
2.7.1 Install identifier (abuse prevention)
When you submit a letter, confession, or story, your browser or the Dear Nobody iOS app may send a random install identifier (for example web_… or ios_…). We immediately hash it with a server-side salt and store only the hash on your submission record. We never store the raw token in our database.
- Not personal data: The hash cannot be reversed to identify you, your device, or your Apple ID. Web and iOS installs are separate — clearing browser data or reinstalling the app creates a new identifier.
- Submit only: The identifier is sent only when you submit content, not when you browse the Mailbox or read letters.
- Why we use it: To block repeat guideline violations from the same browser or app install after moderator review. This is separate from content fingerprinting and separate from the iOS reader "Block" feature (which is on-device only and never sent to us).
- Deletion: When you delete a submission, associated server records including the install hash on that row are removed per our deletion process. A separate eject/ban record may remain if moderators blocked that install for abuse.
2.8 Voluntary Feedback (Google Forms)
Website only: The Dear Nobody iOS app does not embed Google Forms. Feedback from app users should be sent to support@dearnobody.org.
Separate from anonymous letter submissions, we may offer optional feedback, bug report, or suggestion forms hosted on Google Forms (operated by Google LLC) and linked from pages such as Contact, FAQ, or other Service pages. Using these forms is voluntary. You may always email support@dearnobody.org instead.
What you may provide
Each form includes only the fields we enable for that purpose (for example: message text, category, optional contact email, or similar). The form description and field labels apply. Do not enter information you are not comfortable sharing with Google. If a field is optional, leave it blank to stay more anonymous.
What Google processes
When you open or submit a Google Form, Google LLC hosts and processes the interaction on Google's infrastructure. Depending on your browser, account status, and Google's settings, Google may process technical and account-related data such as IP address, device and browser information, cookies, and (if you are signed into Google) your Google account identifiers. We do not control Google's systems, logging, or retention. See Google's Privacy Policy and Google's Terms of Service.
What we receive and how we use it
- Form responses are delivered to our Google Workspace account for review by authorized Intelliquinte personnel
- We use feedback to fix bugs, improve the Service, and understand user experience — not for advertising, profiling, or sale
- We do not automatically link feedback responses to Dear Nobody submission records, Private IDs, or Public IDs unless you voluntarily include that information in the form
- If you provide an email address in a form, we may use it only to follow up on that feedback; it is not added to a marketing list unless you separately opt in where required by law
Retention
We retain feedback responses only as long as reasonably needed to review and act on them, maintain internal records of issues resolved, or comply with law. We may delete, redact, or aggregate older feedback. Google's retention of form data on its systems is governed by Google's policies and our Google Workspace configuration.
Legal roles
For Google Forms hosting, Google acts as an independent service provider / processor under its own terms. Intelliquinte L.L.C. is responsible for how we access, use, and retain the response data we receive. See also Section 4.6.
2.9 Dear Nobody iOS App
The Dear Nobody iOS app connects to the same API and infrastructure described elsewhere in this Policy (Cloudflare, Supabase, Turnstile, and related providers). Using the app to read, submit, report, or manage content involves the same server-side processing as the website, except where noted below.
What the app stores on your device only (never uploaded unless you take an action described below)
- Vault — your submission Public ID and Private ID (iOS Keychain)
- Write drafts — in-progress letter text and options (iOS Keychain)
- Saved letters — IDs of letters you bookmark (on-device preferences)
- Preferences — age confirmation, 18+ archive access, reading text size, dismissed site announcements (on-device preferences)
This on-device data is not transmitted to our servers unless you choose to submit content, look up a submission with your IDs, or otherwise interact with our API.
What the app sends to our servers
- The same submission, moderation, and reporting data as the website when you submit, manage, or report content
- Mailbox search queries when you search published content
- Limited client error reports (error type/context, message, app version, platform, timestamp) to help us fix bugs — not submission text, not device advertising IDs
- Attribution on submit:
landing_page: ios-appand optional "how did you hear about us" if you provide it (no browser UTM/session attribution in the app) - Install identifier on submit: A random
ios_…token stored on your device, hashed server-side — see Section 2.7.1
Bot verification
Submissions from the app use Cloudflare Turnstile inside an in-app web view, subject to Cloudflare's processing as described in Section 4.1.1.
Share extension
If you use "Open in Dear Nobody" from another app, the extension reads only the URL or text you share to open a letter in the app. We do not receive that shared content unless it is already a Dear Nobody link you choose to open.
What the app does not include
- No payment processing (Stripe/NowPayments are website-only — see Section 4.5)
- No Google Forms
- No cookies or browser session attribution
- No push notifications, ads, or third-party analytics SDKs
External links
Some links (Terms, Privacy, FAQ) open in an in-app browser view. Those pages are governed by this Policy and may use website cookies while that view is open.
App distribution (Apple)
The iOS app is distributed through the Apple App Store. Apple Inc. may collect information related to app downloads, purchases, and diagnostics under its own policies, independent of this Policy. If you opt in to sharing crash and usage diagnostics with developers through your device settings, Apple may provide us with aggregated, non-identifying crash reports. We do not receive your Apple ID or App Store account details. During any beta testing period, the app may also be distributed through Apple TestFlight. When you test a beta build, Apple automatically collects crash logs and usage information and shares them with us under Apple's TestFlight terms, which you accept when you install TestFlight; this collection cannot be turned off while you remain a tester. Because we invite testers through a public TestFlight link, Apple does not share your name or email with us, and we receive only that anonymous crash and usage data. See Apple's TestFlight & Privacy notice. See Apple's Privacy Policy.
Deleting your data from the app
You can delete any submission at any time using your Public ID and Private ID through Access & Control (available in-app and on the web). To remove on-device data (Vault, drafts, saved letters, preferences), clear it within the app or uninstall the app from your device.
3. How We Use Information
3.1 Content Publication
If you grant content release permission, we may:
- Publish your submission on the Dear Nobody™ website
- Include your submission in print collections or anthologies
- Share your submission through official Dear Nobody™ social media channels
Your submission will always remain anonymous unless you explicitly include identifying information in the content itself (which we discourage and may redact).
3.2 Research Use
If you grant research consent, your anonymized submission may be used for:
- Academic research and scholarly publication
- Teaching and educational purposes at universities and research institutions
- Licensing to universities, researchers, or institutions for studies on human experience and expression
- Internal content analysis to improve the Service
We may license research-consented content to academic partners under data use agreements. Licensing fees help sustain the platform. Research use never involves attempting to identify submitters — all research is conducted on fully anonymized data.
3.3 Marketing & Merchandise Use
If you grant marketing consent, short excerpts of your submission may be:
- Featured in promotional materials for Dear Nobody™
- Used in advertisements or campaigns
- Highlighted on social media or marketing channels
- Printed on merchandise (apparel, prints, books, etc.)
Marketing use requires explicit, separate consent and is only available for public submissions. You will not receive royalties for merchandise use.
3.4 Service Operation
We use submission data to:
- Display content in The Mailbox (if published)
- Process moderation and content review
- Respond to deletion requests
- Generate aggregate, non-identifying statistics
3.5 Long-Term Preservation
Dear Nobody™ is committed to preserving the voices entrusted to us. Published letters may be archived for long-term preservation.
Archive Partnership
We may partner with preservation organizations such as the Internet Archive to ensure published letters remain accessible for future generations. This archival serves to:
- Protect against data loss due to technical failures
- Ensure the archive survives even if Dear Nobody™ ceases operations
- Preserve human voices as a historical record
What This Means for You
- Published letters may be included in external preservation archives
- Private letters (never published) are NOT included in external archives
- Deleted letters will be removed from our systems and we will request removal from any archive partners, though we cannot guarantee removal from all external copies
- Anonymity is maintained — archived letters contain only what was publicly published (pseudonym, content, timestamp), never identifying information
4. Service Providers & Third Parties
4.1 Infrastructure Providers
We use the following third-party service providers to operate Dear Nobody™:
Cloudflare
Role: Infrastructure provider and subprocessor (CDN, DNS, security, Pages / Workers hosting)
Purpose: Deliver and protect the site; bot verification (Turnstile); observability we may use for operations, abuse prevention, and debugging (see Section 4.1.1)
Data: Network identifiers, typical HTTP request metadata, and security and operational telemetry as described in Section 4.1.1
Cloudflare Pages
Purpose: Website hosting and serverless functions (Workers)
Data: Typical HTTP request metadata and observability data as described in Section 4.1.1
Supabase
Purpose: Database storage for submissions and consent records; Supabase Auth for moderator/administrator authentication; Supabase Realtime for live data synchronization across administrative dashboards
Data: Stores submission content, IDs, consent choices, moderation records, and legal compliance data. Realtime connections transmit data change events over WebSockets for administrative use only — no user-facing data is transmitted via Realtime
Cloudflare Workers AI
Purpose: Content analysis for safety (crisis detection, content moderation)
Data: Temporarily processes submission content for analysis — does not learn from or retain your content
Cloudflare KV
Purpose: Edge caching for improved performance
Data: Temporarily caches aggregated statistics and published content
Google Forms / Google Workspace
Role: Optional feedback and inquiry forms (see Section 2.8)
Purpose: Collect voluntary bug reports, suggestions, and general feedback when you choose to use a linked form instead of email
Data: Whatever you enter in the form fields; Google may also process network, device, cookie, and account-related data on Google's systems
We do not use analytics services, advertising networks, or tracking tools. Our service providers access only the data necessary to deliver the platform and are bound by their respective privacy policies and data protection obligations.
4.1.1 Infrastructure, subprocessors, and edge logs
Application data vs. edge infrastructure. Dear Nobody™ does not intentionally retain visitors' IP addresses in our application database as a standing record of who browsed the site. However, Cloudflare, Inc. acts as our infrastructure provider and subprocessor: it sits in front of the Service, terminates HTTPS, and delivers Pages, Workers, security, and performance features. In doing so, Cloudflare necessarily processes network identifiers (such as IP address), typical HTTP request metadata, and security and operational telemetry. Approximate geographic information may be inferred from IP. How Cloudflare processes personal data on its own account is explained in Cloudflare's Privacy Policy.
What we may view in Cloudflare. Through our Cloudflare account we may access logs, analytics, and observability that Cloudflare provides, depending on our plan and settings. We use that information only to operate and protect the Service, including reliability and debugging, abuse prevention and investigation, attack mitigation, and integrity of the platform. We do not use these logs for behavioral advertising and do not use them to sell personal data.
Retention and who can access logs. Retention periods and granularity of what appears in Cloudflare's products depend on Cloudflare's policies, our Cloudflare plan, and settings we configure in our account (including any sampling or log export options). We do not promise a single fixed retention window here because those controls can change; you should refer to Cloudflare's documentation for product-specific retention. Within Intelliquinte L.L.C., access to Cloudflare dashboards and exported logs is limited to authorized personnel who need it for their job (for example, engineering and operations), using least-privilege account roles where practicable.
Other providers. Supabase and other subprocessors may also process network or request metadata in line with their roles (for example, database hosting). See Supabase's Privacy Policy for their practices. We do not control every retention knob on their systems; we choose providers and configurations aligned with this Policy.
Turnstile. During submission, your browser interacts with Cloudflare Turnstile for bot verification; Cloudflare may use IP and related signals to assess abuse risk. We do not copy Turnstile's raw telemetry into our application database. See Cloudflare's Privacy Policy.
For maximum anonymity: Consider using Tor Browser or a VPN. These route your traffic through intermediaries, changing what network identifiers appear at the edge.
4.2 Automated Content Analysis (AI)
To protect our community and identify users who may need support, we use automated systems including AI to analyze submission content. Here's what you should know:
What AI Does
- Crisis Detection: Identifies potential crisis situations to display support resources (like 988 Lifeline)
- Content Flagging: Flags content for human moderator review
- Theme Suggestion: Suggests appropriate content categories
What AI Does NOT Do
- Make final publication decisions (humans review all content)
- Create profiles or track users across submissions
- Learn from or retain your content after analysis
- Share your content with third-party AI providers
What We Store
We store only the results of AI analysis, not the full analysis reasoning:
- Crisis detection score (a number from 0-1)
- Suggested themes (e.g., "grief", "family")
- Model version used
- Timestamp of analysis
These results are deleted when you delete your submission.
Your Rights
You can view exactly what AI detected about your submission using your Private ID in Access & Control. This shows you the AI analysis results and confirms that a human reviewed your content.
Technical Details
- AI Provider: Cloudflare Workers AI (runs entirely on Cloudflare's network)
- Primary Model: Llama 3.1 8B (
@cf/meta/llama-3.1-8b-instruct-fast) — an open-source model by Meta - Fallback Models: Llama 4 Scout 17B and Llama 3.3 70B — used automatically when the primary model is unavailable. Model versions may change as we update to improved models.
- Training Data: Public internet data curated by Meta, NOT Dear Nobody™ content
- Architecture: Inference-only — the models are frozen and cannot update their weights from your data
AI Analysis Features
Our AI analysis provides:
- Moderation Recommendation: AI suggests whether content should be approved, reviewed, or flagged — but humans make all final decisions
- Theme Detection: Automatically suggests relevant themes (love, grief, family, etc.) to help categorize content
- Re-analysis Capability: Moderators can request fresh AI analysis if the initial analysis seems incorrect or if the AI model has been updated
All AI recommendations are logged and tracked. You can see exactly what the AI detected about your submission using your Private ID.
4.3 Research Partners
With research consent, we share anonymized submissions with academic partners, including:
- Universities and research institutions for studies on human experience and expression
- Academic researchers under data use agreements
We may charge licensing fees for research access to help sustain the platform. This is not a sale of personal data — content is anonymized and used only for research and educational purposes. All research partners must agree to maintain anonymity and use data only for stated research purposes.
4.4 We Do NOT Sell Data
4.5 Voluntary Financial Contributions
Website only: Voluntary financial contributions are available on dearnobody.org, not in the Dear Nobody iOS app.
Dear Nobody™ accepts voluntary financial contributions to help sustain the platform. Here's what you should know about your privacy when contributing:
What We Collect
For Cryptocurrency Contributions (via NowPayments):
- We do NOT collect your identity, email, or personal information
- NowPayments processes the transaction; we receive only the funds and a transaction reference
- Your wallet address is visible on the blockchain but is not linked to any identity we hold
- See NowPayments' Privacy Policy
For Card/Bank Contributions (via Stripe):
What Stripe collects directly (Stripe is the data controller for payment data):
- Card number, expiration date, CVC
- Billing name and address
- Email address (if you choose to provide one)
- IP address and device information (for fraud prevention)
- See Stripe's Privacy Policy for full details
What Dear Nobody™ receives from Stripe (we are a data controller for this subset):
- Confirmation that a payment was completed
- The contribution amount in USD
- A Stripe transaction reference ID (encrypted at rest using AES-256-GCM)
- Your email address, only if you provided one to Stripe (encrypted at rest using AES-256-GCM)
What Dear Nobody™ does NOT receive or store:
- Card numbers, bank account numbers, or CVV codes
- Billing address
- IP address or device fingerprints from Stripe
How We Use Contribution Data
- Transaction references are used solely for accounting and transparency reporting
- We do not use contribution data for marketing purposes
- We do not sell or share contributor information
- Anonymous contributions remain anonymous
Your Rights
- You may request deletion of any personal data associated with your contribution
- Blockchain transactions cannot be deleted, but are not linked to your identity by us
- Contact support@dearnobody.org for data requests
Third-Party Payment Processors
Stripe, Inc.
Purpose: Card and bank contribution processing
Data they collect: Payment card details, billing info, email (if provided), IP address, device info for fraud prevention
Data we receive: Payment confirmation, amount, transaction reference (encrypted at rest)
Data we do NOT receive: Card numbers, CVV, bank details, billing address, IP address
NowPayments
Purpose: Cryptocurrency contribution processing
Data: Processes wallet addresses and transaction amounts; we receive only confirmation of payment
4.6 Google Forms (Voluntary Feedback Only)
When we link to a Google Form from the Service, you leave the Dear Nobody submission stack and interact directly with Google's form product. That path is intended for voluntary feedback only, not for publishing letters or managing submissions. We may change which forms we link to, which fields they contain, or where they appear on the site without providing individual notice; the current practices are described in Section 2.8 and on the form itself.
We require authorized staff who handle form responses to treat them as confidential operational data, use them only for Service improvement and support follow-up, and avoid copying unnecessary personal details into other systems. We do not sell feedback responses or use them for targeted advertising.
4.7 Legal Requirements
We may disclose information when required by law, including:
- In response to valid legal process (court orders, subpoenas)
- To protect life in emergency situations involving imminent harm
- To defend our legal rights or property
We evaluate all legal requests carefully and disclose only what is legally required. Given our minimal data collection, we often have little to no identifying information to provide.
4.8 Legal Holds
We may place a legal hold on submission content to prevent its deletion or modification when required by court orders, subpoenas, law enforcement requests, regulatory investigations, or internal legal compliance needs. During an active hold:
- The affected submission cannot be deleted, even upon request via your Private ID
- Holds are tracked with reference numbers, issuing authority, reason, and duration
- When a hold is released or expires, normal deletion rights resume
- All hold placements and releases are logged in our compliance audit trail
If your submission is subject to a legal hold and you attempt deletion, you will be notified that a hold is in effect. We will not disclose the specific authority or details of the hold unless required or permitted by law.
4.9 Mandatory Reporting
As a U.S.-based service provider, we comply with all mandatory reporting obligations:
- CSAM (Child Sexual Abuse Material): If we become aware of any CSAM on our platform, we immediately report it to the National Center for Missing & Exploited Children (NCMEC) as required by 18 U.S.C. § 2258A
- Imminent Harm: If content indicates imminent danger to life or safety, we may report it to appropriate law enforcement authorities
- Other Legal Obligations: We file mandatory reports to other regulatory bodies as required by applicable law
All mandatory reports are documented internally with reference numbers and preserved for compliance. Mandatory reports may include the submission content, metadata, and any information reasonably available. See our Law Enforcement Guidelines for more details.
4.10 Redaction & Content Modification
As part of our content moderation process, we may redact (remove or obscure) identifying information from submissions before or after publication:
- What is redacted: Names, locations, contact information, or other details that could identify real individuals
- How redaction works: Original content is preserved internally for legal and compliance purposes. The public-facing version displays the redacted content
- Unredaction: In limited circumstances, an administrator may reverse a redaction if the content is determined to be safe to publish in its original form. Unredaction is restricted to admin-level users, logged in our audit trail, and preserves the full edit history
- Your rights: You can view the current state of your submission via Access & Control using your Private ID
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption in Transit: All data transmitted to and from Dear Nobody™ is encrypted using TLS (HTTPS)
- Encryption at Rest: Submission content is encrypted in our database using ECDH-P256/AES-GCM encryption
- Access Controls: Database access is restricted to essential personnel only
- Bot Protection: Cloudflare Turnstile protects against automated abuse without invasive CAPTCHAs
- DDoS Protection: Cloudflare provides protection against denial-of-service attacks
- Privacy-Preserving Rate Limiting: Our application-level submission rate limiting uses temporary session hashes rather than storing visitor IP addresses for that purpose. Cloudflare may still process IP addresses at the network edge as described in Section 4.1.1.
- Content Security Policy: Strict CSP headers prevent cross-site scripting and injection attacks
- Regular Updates: We maintain current security patches and updates
5.1 Error Monitoring
To maintain service quality, we use privacy-preserving error monitoring that:
- Captures only generic error types and page locations
- Automatically redacts any potentially identifying information before processing
- Does not log IP addresses, user agents, or session identifiers
- Aggregates errors for analysis rather than tracking individual occurrences
- iOS app: Sends minimal client error reports (context, error message, app version, platform, timestamp) to our API for reliability; does not include submission content or advertising identifiers
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information to the best of our ability.
6. Your Rights and Choices
6.1 Access and Control
Using your Public ID and Private ID, you can:
- View your submission — See what you wrote and its current status
- Delete your submission — Remove it from our systems at any time
- Manage settings — Change visibility (before publication) or withdraw research/marketing consent (anytime)
Access these controls at dearnobody.org/access.
6.2 Deletion Rights
You can delete your submission at any time—before or after publication—using your Private ID through the Access & Control interface.
When you request deletion, the following happens immediately:
- All content is permanently scrubbed — your letter text, encrypted content, metadata, pseudonym, recipient, and any AI analysis data are irreversibly removed from our production database
- Your submission status is set to "deleted" — a placeholder notice replaces your content, indicating it was removed at the author's request
- Associated consent records are revoked — any research or marketing consents tied to your submission are automatically withdrawn
- Deletion from all backups is completed within 30 days
- We cannot recall printed materials or remove content from third-party archives/caches
6.3 Content Moderation
Separately from user-initiated deletion, we may remove content through our moderation process for:
- Violations of our Community Guidelines or Terms of Service
- Legal compliance requirements
- Safety concerns
As part of moderation, we may also apply trigger warnings or content warnings to submissions. These labels are assigned based on automated AI analysis and/or human moderator judgment to alert readers of potentially sensitive content (e.g., self-harm, violence, substance use, explicit material). Trigger warning data is stored as metadata on the submission and does not identify the submitter.
This is standard content moderation and is distinct from user-requested deletion. See Section 9 of our Terms of Service for details.
6.4 Consent & Settings Management
Once your letter is published, it becomes part of the permanent archive. You can still withdraw research and marketing consent at any time (one-way: withdrawal only, cannot re-enable after publication). Visibility cannot be changed after publication without deletion.
6.5 Data Retention Periods
- Non-deleted submissions: Retained indefinitely as part of Dear Nobody™'s permanent archive. Published letters are preserved for long-term access unless you request deletion
- Deleted submissions: All content data is permanently scrubbed from our production database immediately upon deletion request. Remaining backup copies are purged within 30 days
- Submissions under legal hold: Retained regardless of deletion requests until the hold is released or expires
- Consent records: Retained for as long as the associated submission exists, plus 1 year after deletion for legal compliance
- Moderation logs: Retained for 7 years for legal and safety compliance purposes
- Admin audit logs: Retained for 7 years for accountability and legal compliance
- Access logs: Retained for 2 years for security auditing, then automatically purged
- Error monitoring data: Aggregated error data is retained for up to 30 days for debugging purposes, then automatically purged
- Moderator wellbeing logs: Retained for 90 days, then automatically purged
- Financial contribution records: Transaction amounts, dates, and encrypted references retained for 7 years for US tax compliance. No donor identity is linked unless voluntarily provided via Stripe
- Stripe webhook logs: Retained for 90 days for reconciliation and debugging, then automatically purged
- Session activity data: Automatically expires after 1 hour
- Abuse signals: Automatically expires after 24 hours
- Attribution data: Linked to the submission; deleted when the submission is deleted. Session-side attribution (in your browser) is cleared automatically when you close the tab
- Rate limiting records: Ephemeral; expires at end of rate limit window
- Mandatory report records: Retained indefinitely as required by law
You may request deletion of your submission at any time using both your Public ID and Private ID via Access & Control.
6.6 Data Portability
You can view your submission status through the Access & Control interface. Note: Your letter content is encrypted for privacy and cannot be displayed or downloaded. If you need a copy of your words, we recommend keeping one before submitting.
7. Children's Privacy
The Service is not intended for anyone under 18 years of age. We do not knowingly collect submissions from users under 18.
If we discover we have inadvertently collected a submission from someone under 18, we will delete it promptly.
The 18+ Archive is restricted to users 18 and older.
8. International Users
Dear Nobody™ is operated by Intelliquinte L.L.C. in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States.
By using the Service, you consent to such transfer and processing. We protect your information as described in this Policy regardless of where it is processed or stored.
8.1 For EU/EEA Users (GDPR Compliance)
We take the European Union's General Data Protection Regulation (GDPR) seriously. Here's how we comply:
Legal Basis for Processing
We process your data under the following legal bases:
- Consent (Article 6(1)(a)): For research and marketing use of your submissions. Each consent is explicit, granular, and freely given. Publishing is based on your visibility choice (public or private) at submission time.
- Legitimate Interests (Article 6(1)(f)): For operating the anonymous platform, security measures, and spam prevention. Our legitimate interest is providing a safe, functional service.
- Legal Obligation (Article 6(1)(c)): When required to comply with applicable laws or valid legal process.
Your GDPR Rights
As an EU/EEA user, you have the following rights:
- Right of Access (Article 15): View your submission status via Access & Control
- Right to Rectification (Article 16): Due to our anonymous architecture, we cannot modify submissions. You may delete and resubmit.
- Right to Erasure (Article 17): Delete your submission anytime via Access & Control
- Right to Restrict Processing (Article 18): Withdraw consent before publication to prevent use
- Right to Data Portability (Article 20): Due to encryption and anonymity, we cannot export submission content. We recommend keeping a copy before submitting.
- Right to Object (Article 21): Withdraw consent for processing at any time (before publication)
- Right to Withdraw Consent (Article 7(3)): You can withdraw research and marketing consent at any time — before or after publication — via Access & Control. Withdrawal is as easy as the original grant: toggle the consent off. After publication, withdrawal is one-way (cannot re-enable).
International Data Transfers
Your data is processed by service providers in the United States:
- Supabase: Database hosting (AWS infrastructure, US-based)
- Cloudflare: Website hosting, security, and CDN (global network)
These transfers are conducted in accordance with applicable data protection laws. Our service providers maintain appropriate security certifications (SOC 2, ISO 27001) and contractual obligations to protect your data.
Data Protection Officer
Due to the nature and scale of our processing (anonymous, minimal data), we are not required to appoint a Data Protection Officer. For GDPR-related inquiries, contact us at support@dearnobody.org.
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority in your EU member state if you believe our processing violates GDPR.
8.2 For UK Users (UK GDPR Compliance)
Following Brexit, the UK has its own data protection framework (UK GDPR and the Data Protection Act 2018). We comply with UK data protection requirements.
UK-Specific Rights
UK residents have the same rights as EU residents under the UK GDPR, including:
- Right of access to your personal data
- Right to rectification and erasure
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Rights related to automated decision-making
UK Supervisory Authority
The supervisory authority for UK data protection is the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
You have the right to lodge a complaint with the ICO if you believe our processing violates UK data protection law.
International Transfers from the UK
Transfers of UK personal data to the United States are conducted under appropriate safeguards, including Standard Contractual Clauses (UK SCCs) as approved by the ICO.
8.3 Standard Contractual Clauses (SCCs)
For transfers of personal data from the EU/EEA and UK to the United States, we rely on Standard Contractual Clauses adopted by the European Commission and the UK ICO, respectively.
- Our infrastructure providers (Supabase, Cloudflare) maintain appropriate certifications and contractual commitments for data protection
- These providers have executed Standard Contractual Clauses or equivalent transfer mechanisms
- We conduct transfer impact assessments as required under applicable law
For questions about our international data transfer mechanisms, contact us at support@dearnobody.org.
9. U.S. State Privacy Rights
Various U.S. states have enacted comprehensive privacy laws. We comply with these laws and provide the following rights to residents of those states.
9.1 California Privacy Rights (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
9.1.1 Right to Know
You have the right to request information about:
- Categories of personal information we collect
- Specific pieces of personal information we hold about you
- Categories of sources from which information is collected
- Business purposes for collecting information
- Categories of third parties with whom we share information
9.1.2 Right to Delete
You have the right to request deletion of personal information we have collected. This can be exercised through our Access & Control interface using your Private ID.
9.1.3 Right to Opt-Out of Sale
We do not sell personal information. Therefore, there is no need to opt out. We do not share personal information for cross-context behavioral advertising.
9.1.4 Non-Discrimination (California)
We will not discriminate against you for exercising your California privacy rights.
9.1.5 Exercising Your California Rights
California residents can exercise these rights by:
- Using the Access & Control interface with your Private ID
- Emailing us at support@dearnobody.org
We will verify your identity before processing requests. Due to our anonymous architecture, verification typically requires your Private ID.
9.2 Virginia Consumer Data Protection Act (VCDPA)
Virginia residents have the following rights under the VCDPA, effective January 1, 2023:
- Right to Access: Confirm whether we process your personal data and access that data
- Right to Correct: Request correction of inaccuracies (note: due to our architecture, you may need to delete and resubmit)
- Right to Delete: Request deletion of your personal data
- Right to Data Portability: Obtain your data in a portable format
- Right to Opt Out: Opt out of targeted advertising, sale of personal data, or profiling
Note: We do not sell personal data, engage in targeted advertising, or conduct profiling for decisions with legal effects.
9.3 Colorado Privacy Act (CPA)
Colorado residents have the following rights under the CPA, effective July 1, 2023:
- Right to access, correct, and delete personal data
- Right to data portability
- Right to opt out of targeted advertising, sale of personal data, or profiling
To exercise these rights, use our Access & Control interface or contact us at support@dearnobody.org.
9.4 Connecticut Data Privacy Act (CTDPA)
Connecticut residents have the following rights under the CTDPA, effective July 1, 2023:
- Right to access and confirm whether personal data is being processed
- Right to correct inaccuracies
- Right to delete personal data
- Right to obtain a copy in a portable format
- Right to opt out of targeted advertising, sale of personal data, or profiling
9.5 Other State Privacy Laws
We monitor emerging state privacy legislation including laws in Utah, Iowa, Indiana, Tennessee, Montana, Texas, Oregon, and other states. We are committed to complying with applicable state privacy laws as they take effect.
9.6 Exercising State Privacy Rights
Residents of any U.S. state with comprehensive privacy laws can exercise their rights by:
- Using the Access & Control interface with your Private ID
- Emailing support@dearnobody.org
We will respond to verified requests within 45 days. You may designate an authorized agent to make requests on your behalf.
9.7 Non-Discrimination
We will not discriminate against you for exercising your privacy rights under any state law. You will not receive different quality of service, be denied service, or be charged different prices based on exercising your rights.
10. Cookies & Local Storage
Dear Nobody iOS app: The app does not use browser cookies. On-device storage (Keychain and preferences) is described in Section 2.9.
10.1 Cookies We Use
Dear Nobody™ uses minimal cookies, primarily for:
- Essential cookies: Required for security (Cloudflare) and basic functionality
- Preference cookies: Remember your content preferences (e.g., 18+ archive opt-in)
We do not use:
- Analytics cookies or tracking pixels
- Advertising cookies
- Social media tracking cookies
- Cross-site tracking cookies
10.2 Local Storage (My Vault)
The optional "My Vault" feature uses your browser's local storage (website) or iOS Keychain (app) to save your submission IDs on your device. This data:
- Is stored only on your device
- Is never transmitted to our servers
- Can be cleared at any time through the Access & Control page
- Will be lost if you clear browser data or switch devices
10.3 Session Storage (Attribution)
Website only. We use your browser's session storage (not cookies) to temporarily hold attribution data — such as how you arrived at the site (referral category, UTM campaign identifiers, landing page). This data:
- Is stored only in your current browser tab and is not a cookie
- Is automatically cleared when you close the tab or browser window
- Is never sent to our servers unless you make a submission
- Cannot be used to track you across sessions or identify you
See Section 2.7 for full details on attribution data.
10.4 Third-Party Cookies
Third-party services we use (Cloudflare) may set their own cookies for security and functionality. These are governed by their respective privacy policies.
10.5 Managing Cookies
You can manage cookies through your browser settings. Note that blocking essential cookies may affect site functionality.
11. Data Breach Notification
11.1 Our Commitment
In the event of a data breach that affects personal information, we commit to:
- Investigating the incident promptly
- Taking steps to mitigate harm
- Notifying affected users where possible and required by law
- Notifying relevant authorities as required
11.2 Notification Challenges
Due to our anonymous architecture, we may be unable to directly notify individual users of a breach since we do not collect contact information. In such cases, we will:
- Post prominent notices on the Service within 72 hours
- Provide detailed information about the incident
- Recommend actions users should take
- Maintain the notice on our homepage for at least 30 days
11.3 What We Protect
Our security measures are designed to protect:
- Submission content (encrypted at rest)
- Private ID hashes (never stored in plain text)
- Consent records and preferences
12. Do Not Track Signals
Dear Nobody™ honors Do Not Track (DNT) browser signals by default because we do not engage in user tracking or profiling. Regardless of your DNT setting, we do not engage in behavioral tracking, profiling, or targeted advertising.
13. Transparency
We are committed to transparency about how we operate. We maintain a live Transparency Ledger with real-time platform statistics pulled directly from our database, and we intend to publish periodic quarterly reports that may include:
- Total submissions received and published
- Content moderation actions (removals, redactions, content warnings applied)
- Legal requests received (court orders, subpoenas, law enforcement requests)
- Mandatory reports filed (including NCMEC referrals)
- Legal holds placed and released
- Deletion requests received and processed
- User content reports received and reviewed
- AI analysis statistics (crisis detections, flagging accuracy, human override rates)
All transparency data never contains information that could identify individual users or specific submissions. See our Transparency Ledger for current live statistics.
14. Changes to This Policy
We may update this Privacy Policy from time to time, including for legal, operational, or product reasons. When we do, we will post the revised Policy at this URL and update the "Last Updated" date at the top of the page.
We may, at our discretion, post a general notice on the Service for some changes, but we are not obligated to do so. The posted Policy at dearnobody.org/privacy is the authoritative version. Prior versions are not maintained on this page; if you need a copy of an earlier version for a dispute, contact support@dearnobody.org and we will respond where we can.
15. Contact Us
If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us at support@dearnobody.org or use an optional Google Form when we link one from the Service (see Section 2.8).
For content safety or moderation-related reports, use safety@dearnobody.org. For permission to feature letters in external media (podcasts, video, etc.), use media@dearnobody.org per our Media & collaboration page. For faculty, syllabus, and classroom use, use educators@dearnobody.org (overview at For educators). See Contact for a full comparison.
Raleigh, NC
United States
We aim to respond to all inquiries within 7 business days.