Privacy Policy

Our privacy policy is simple. Our goal is to collect as little user data as possible. Currently that means we don't collect any. We have no central database. All user data is stored on the user's own device using cryptographically signed cookies.

It may be necessary to store some amount of data in the future in order to combat abuse. This will always be done in the most privacy-preserving way possible. For example, we may need to store hashed (ie obfuscated so even we can't see the actual address) email addresses in order to detect abusive patterns and limit the requests the owners of those addresses can make to our service.

Certain features such as global logout in the case of a lost device also require us to track which hashed email addresses have been logged out, so we can deny requests from old cookies for those addresses.