Skip to main content

Privacy Policy

Last updated: 2026-06-04

What we collect

We collect the minimum needed to operate the service: your email (for sign-in), a passkey credential record (public by WebAuthn design — never your private key), and a session token tied to your device. We log request metadata (timestamp, route, status code, redacted IP) for operational and security purposes.

What we do not collect

We do not store passwords (there are none). We do not request, receive, or store identity documents, banking details, social profiles, or any third-party tracking identifiers. We do not embed third-party analytics or advertising SDKs.

How we use your information

Email + passkey are used solely to authenticate you and contact you about your account (one-time codes, account-state notifications). Operational logs are used to keep the service running and to investigate security events.

Sharing

We do not sell your data. We do not share it with third parties except where required by law or to protect the integrity of the service. Email delivery is handled by our SMTP provider; that provider sees the destination email and the message you receive (one-time codes), nothing more.

Cookies

We use a single first-party session cookie (HttpOnly, Secure, SameSite=Lax) to keep you signed in. No tracking cookies, no third-party cookies. A small piece of local storage records your theme + text-size preferences and your acceptance of this notice.

Your rights

You can sign out at any time. You can request export or deletion of your account by emailing . We respond within a reasonable time and confirm deletion when complete.

Changes

Material changes to this policy will be reflected on this page with an updated date.