Privacy policy

• We collect what we need to run your vault: email, display name, and the entries you put in it.
• Your entries are stored in our hosting provider's encrypted-at-rest databases. They are not encrypted with a key only you hold.
• We don't sell anything. We don't run ads. We don't share your data with third parties beyond the service providers we need to operate.
• You can delete everything at any time from your profile.
• Email us at hello@nowordsleftunsaid.com with questions or to request a copy of your data.

• Account: email address, display name, optional “philosophy” text, plan tier.
• Vault entries: the text, audio, video, photo, or file you save; recipient name and email; delivery trigger.
• Trusted contacts: name and email of people you nominate. We email them an invite when you add them.
• Anonymous affirmations: the message text and recipient handle. The recipient never learns who sent it.
• Operational data: timestamps for sign-in (so the inactivity-detection feature can work), IP address (for rate limiting), and standard server logs. We keep these only as long as we need them to run the service.
• Payment: when you pay for an affirmation or subscription, Stripe handles the card. We never see card numbers. We see what Stripe shows us — amount, payment status, last-4 of card.

Everything sits inside Google Cloud, in Firebase Auth and Firestore (us-central1 region) and Firebase Storage (us-central1). Google encrypts data at rest by default. The No Words Left Unsaid operations team has admin-level access to this data in order to run the service.

What this means for “privacy”:your entries are not visible to other users, and they're not delivered to recipients until you (or, in future, your trusted contacts) trigger delivery. They are not, today, encrypted with a key only you hold; if you want stronger privacy than that, wait for our client-side end-to-end encryption release (planned but not scheduled).

We share data only with:

• Google Cloud / Firebase — hosting, auth, database, storage.
• Resend — to send invite + verification emails on our behalf.
• Stripe — to process payments. They are the data controller for card data.

We do not sell or rent your data. We do not use it for advertising. We do not share it with anyone else without your consent, except where legally compelled.

• Access — email hello@nowordsleftunsaid.com and we'll respond within 30 days with a copy of your data.
• Delete — Profile → Delete account. Cascades your entries, contacts, and account. Email hello@nowordsleftunsaid.com to confirm if anything is left behind.
• Edit — most fields can be changed in the app. Email us for the rest.
• Object / restrict — email hello@nowordsleftunsaid.com; we'll respond within 30 days.

No Words Left Unsaid is not intended for users under 16. Don't sign up if you are. If we learn we've collected data from a child, we will delete it.

We'll update this page when our practices change and post the updated date at the top. For material changes affecting your data, we'll email registered users.

Questions, complaints, requests — email hello@nowordsleftunsaid.com. We aim to respond within three business days.