Privacy Policy — Your Privacy is Our Foundation

1. Introduction

This Privacy Policy ("Policy") explains how Intelliquinte L.L.C. ("we," "us," "Company") collects, uses, and protects information when you use the Dear Nobody service at dearnobody.org and related domains (the "Service").

Dear Nobody is designed as an anonymous platform. We intentionally collect minimal personal data and employ technical measures to protect user privacy. This Policy should be read alongside our Terms of Service.

                    Key Principle: We collect only what's necessary to operate the Service. We are designed to minimize data collection. We don't profile you or sell your data.
                

2. Information We Collect

2.1 Submission Content

When you submit a letter or confession to Dear Nobody, we collect:

The content of your submission
Any optional categorization or metadata you provide (type, category, greeting, signature)
Timestamp of submission
Your visibility choice (public or private) and optional consent choices (research, marketing)

We do not require your name, email address, or account creation to submit content.

2.2 Submission Identifiers

Each submission is assigned:

Public ID: Visible with published submissions, used for reference. Stored in our database.
Private ID: Provided only to the submitter at time of submission. Never stored — only a one-way cryptographic hash is retained for verification.

These IDs are used for content management and removal requests. They are not linked to your identity unless you choose to associate them with your personal information (e.g., by emailing us with your IDs).

Privacy by Design: Because we only store a hash of your Private ID, no one at Dear Nobody — not administrators, not moderators — can see your actual Private ID. This means we cannot verify your identity to delete or modify your submission on your behalf. You must use your Private ID through Access & Control to manage your content.

Important: Save your Private ID immediately after submission. We cannot recover it, and you'll need it to access or delete your submission.

2.3 Technical Data We Do NOT Collect

We do not collect personal technical data about your visit:

We do not intentionally retain your IP address in our application systems
We do not collect browser fingerprints
We do not use tracking cookies or analytics pixels
We do not build user profiles or track behavior across sessions

2.4 Data Processed by Service Providers

While we don't collect this data ourselves, our service providers may process certain technical information as part of their operations:

Cloudflare: May process IP addresses temporarily for security, DDoS protection, and bot detection (Turnstile). This data is governed by Cloudflare's Privacy Policy.
Cloudflare: May log request data for hosting operations. See Cloudflare's Privacy Policy.

We have selected these providers specifically for their privacy-respecting practices and do not have access to raw technical logs.

2.5 Consent Records

We record your choices regarding:

Visibility (public or private)
Research consent (optional)
Marketing consent (optional)

These consent records are stored securely and linked only to your submission IDs, not to your identity.

2.6 Local Storage ("My Vault")

Dear Nobody offers an optional "My Vault" feature that stores your submission IDs locally on your device using your browser's local storage. This data is stored only on your device and is never transmitted to or stored on our servers.

2.7 Aggregate Attribution Data

To understand how people discover Dear Nobody (without tracking individuals), we may collect:

General referral source (e.g., "search engine" or "social media") - not the specific page
Campaign identifiers from links we share (UTM parameters)
Your optional response to "How did you find us?" if you choose to answer

This data is aggregate only - we see "47 visitors came from search engines" not "User X came from Google." We do not use cookies, fingerprinting, or any technology to track you across sessions or identify you.

What's stored: Your Public ID, Private ID, submission label, and timestamp — stored only in your browser's local storage
What's NOT stored on our servers: Your Private ID (we only store a hash), your local vault contents
Your control: You can view, add, or clear vault entries at any time from the Access & Control page

                    Important: Since vault data is stored locally, it will be lost if you clear your browser data, switch browsers, or use a different device. We recommend saving your IDs elsewhere as a backup.
                

3. How We Use Information

3.1 Content Publication

If you grant content release permission, we may:

Publish your submission on the Dear Nobody website
Include your submission in print collections or anthologies
Share your submission through official Dear Nobody social media channels

Your submission will always remain anonymous unless you explicitly include identifying information in the content itself (which we discourage and may redact).

3.2 Research Use

If you grant research consent, your anonymized submission may be:

Analyzed for patterns, themes, or linguistic features
Included in academic or psychological research studies
Used for internal content analysis to improve the Service

Research use never involves attempting to identify submitters. All research is conducted on fully anonymized data.

3.3 Marketing & Merchandise Use

If you grant marketing consent, short excerpts of your submission may be:

Featured in promotional materials for Dear Nobody
Used in advertisements or campaigns
Highlighted on social media or marketing channels
Printed on merchandise (apparel, prints, books, etc.)

Marketing use requires explicit, separate consent and is only available for public submissions. You will not receive royalties for merchandise use.

3.4 Service Operation

We use submission data to:

Display content in The Mailbox (if published)
Process moderation and content review
Respond to deletion requests
Generate aggregate, non-identifying statistics

3.5 Long-Term Preservation

Dear Nobody is committed to preserving the voices entrusted to us. Published letters may be archived for long-term preservation.

Archive Partnership

We may partner with preservation organizations such as the Internet Archive to ensure published letters remain accessible for future generations. This archival serves to:

Protect against data loss due to technical failures
Ensure the archive survives even if Dear Nobody ceases operations
Preserve human voices as a historical record

What This Means for You

Published letters may be included in external preservation archives
Private letters (never published) are NOT included in external archives
Deleted letters will be removed from our systems and we will request removal from any archive partners, though we cannot guarantee removal from all external copies
Anonymity is maintained — archived letters contain only what was publicly published (pseudonym, content, timestamp), never identifying information

                    Your Control: If you do not want your letter preserved long-term, you can delete it using your Private ID. Deletion removes content from our systems and triggers removal requests to archive partners. However, once content has been published and potentially archived, complete removal from all copies cannot be guaranteed.
                

4. Service Providers & Third Parties

4.1 Infrastructure Providers

We use the following third-party service providers to operate Dear Nobody:

Cloudflare

Purpose: DNS management, CDN (content delivery), DDoS protection, and Turnstile bot verification

Data: May temporarily process IP addresses and request metadata for security purposes

Cloudflare Privacy Policy →

Cloudflare Pages

Purpose: Website hosting and serverless functions

Data: May log request data as part of hosting operations

Cloudflare Privacy Policy →

Supabase

Purpose: Database storage for submissions and consent records; Supabase Auth for moderator/administrator authentication; Supabase Realtime for live data synchronization across administrative dashboards

Data: Stores submission content, IDs, consent choices, moderation records, and legal compliance data. Realtime connections transmit data change events over WebSockets for administrative use only — no user-facing data is transmitted via Realtime

Supabase Privacy Policy →

Cloudflare Workers AI

Purpose: Content analysis for safety (crisis detection, content moderation)

Data: Temporarily processes submission content for analysis — does not learn from or retain your content

Cloudflare Privacy Policy →

Cloudflare KV

Purpose: Edge caching for improved performance

Data: Temporarily caches aggregated statistics and published content

Cloudflare Privacy Policy →

We do not use analytics services, advertising networks, or tracking tools. Our service providers access only the data necessary to deliver the platform and are bound by their respective privacy policies and data protection obligations.

4.1.1 Limits of Anonymity

Dear Nobody does not intentionally retain IP addresses in our application systems. However, our infrastructure providers (Cloudflare, Supabase) process network requests and may log IP addresses and request metadata as part of their operations. We have no control over their retention policies. Dear Nobody does not receive or store those logs. We do not have access to or control over those provider logs.

During submission, we send your IP address to Cloudflare Turnstile for bot verification. Cloudflare uses it to assess fraud risk; we do not retain it. See Cloudflare's Privacy Policy and Supabase's Privacy Policy for their practices.

For maximum anonymity: Consider using Tor Browser or a VPN. These route your traffic through intermediaries, reducing what infrastructure providers can associate with your requests.

4.2 Automated Content Analysis (AI)

To protect our community and identify users who may need support, we use automated systems including AI to analyze submission content. Here's what you should know:

                    AI Promise: Your submissions are NEVER used to train AI models. We use inference-only AI that analyzes your content and immediately discards it. The AI cannot learn from or remember your words.
                

What AI Does

Crisis Detection: Identifies potential crisis situations to display support resources (like 988 Lifeline)
Content Flagging: Flags content for human moderator review
Theme Suggestion: Suggests appropriate content categories

What AI Does NOT Do

Make final publication decisions (humans review all content)
Create profiles or track users across submissions
Learn from or retain your content after analysis
Share your content with third-party AI providers

What We Store

We store only the results of AI analysis, not the full analysis reasoning:

Crisis detection score (a number from 0-1)
Suggested themes (e.g., "grief", "family")
Model version used
Timestamp of analysis

These results are deleted when you delete your submission.

Your Rights

You can view exactly what AI detected about your submission using your Private ID in Access & Control. This shows you the AI analysis results and confirms that a human reviewed your content.

Technical Details

AI Provider: Cloudflare Workers AI (runs entirely on Cloudflare's network)
Primary Model: Llama 3.1 8B (@cf/meta/llama-3.1-8b-instruct) — an open-source model by Meta
Fallback Model: Llama 2 7B (@cf/meta/llama-2-7b-chat-int8) — used only when the primary model is unavailable
Training Data: Public internet data curated by Meta, NOT Dear Nobody content
Architecture: Inference-only — the models are frozen and cannot update their weights from your data

AI Analysis Features

Our AI analysis provides:

Moderation Recommendation: AI suggests whether content should be approved, reviewed, or flagged — but humans make all final decisions
Theme Detection: Automatically suggests relevant themes (love, grief, family, etc.) to help categorize content
Re-analysis Capability: Moderators can request fresh AI analysis if the initial analysis seems incorrect or if the AI model has been updated

All AI recommendations are logged and tracked. You can see exactly what the AI detected about your submission using your Private ID.

4.3 Research Partners

With research consent, anonymized submissions may be shared with:

Academic researchers under appropriate data use agreements
Research institutions for studies on human experience and expression

All research partners must agree to maintain anonymity and use data only for stated research purposes.

4.4 We Do NOT Sell Data

                    No Data Sales: We do not sell, rent, or trade your personal information or submission content to third parties for their marketing purposes. Ever.
                

4.5 Voluntary Financial Contributions

Dear Nobody accepts voluntary financial contributions to help sustain the platform. Here's what you should know about your privacy when contributing:

What We Collect

For Cryptocurrency Contributions (via NowPayments):

We do NOT collect your identity, email, or personal information
NowPayments processes the transaction; we receive only the funds and a transaction reference
Your wallet address is visible on the blockchain but is not linked to any identity we hold
See NowPayments' Privacy Policy

For Traditional Payment Methods (if offered in the future):

Payment processors may collect standard payment information
We do not store credit card numbers or bank account details
We may receive your name and email only if you voluntarily provide them

How We Use Contribution Data

Transaction references are used solely for accounting and transparency reporting
We do not use contribution data for marketing purposes
We do not sell or share contributor information
Anonymous contributions remain anonymous

Your Rights

You may request deletion of any personal data associated with your contribution
Blockchain transactions cannot be deleted, but are not linked to your identity by us
Contact support@dearnobody.org for data requests

                    Privacy Alignment: We chose cryptocurrency as our primary contribution method specifically because it aligns with Dear Nobody's privacy-first philosophy. You can support us without revealing who you are.
                

Third-Party Payment Processors

NowPayments

Purpose: Cryptocurrency contribution processing

Data: Processes wallet addresses and transaction amounts; we receive only confirmation of payment

NowPayments Privacy Policy →

4.6 Legal Requirements

We may disclose information when required by law, including:

In response to valid legal process (court orders, subpoenas)
To protect life in emergency situations involving imminent harm
To defend our legal rights or property

We evaluate all legal requests carefully and disclose only what is legally required. Given our minimal data collection, we often have little to no identifying information to provide.

4.7 Legal Holds

We may place a legal hold on submission content to prevent its deletion or modification when required by court orders, subpoenas, law enforcement requests, regulatory investigations, or internal legal compliance needs. During an active hold:

The affected submission cannot be deleted, even upon request via your Private ID
Holds are tracked with reference numbers, issuing authority, reason, and duration
When a hold is released or expires, normal deletion rights resume
All hold placements and releases are logged in our compliance audit trail

We will not disclose the existence of a legal hold to the submitter unless required or permitted by law.

4.8 Mandatory Reporting

As a U.S.-based service provider, we comply with all mandatory reporting obligations:

CSAM (Child Sexual Abuse Material): If we become aware of any CSAM on our platform, we immediately report it to the National Center for Missing & Exploited Children (NCMEC) as required by 18 U.S.C. § 2258A
Imminent Harm: If content indicates imminent danger to life or safety, we may report it to appropriate law enforcement authorities
Other Legal Obligations: We file mandatory reports to other regulatory bodies as required by applicable law

All mandatory reports are documented internally with reference numbers and preserved for compliance. Mandatory reports may include the submission content, metadata, and any information reasonably available. See our Law Enforcement Guidelines for more details.

4.9 Redaction & Content Modification

As part of our content moderation process, we may redact (remove or obscure) identifying information from submissions before or after publication:

What is redacted: Names, locations, contact information, or other details that could identify real individuals
How redaction works: Original content is preserved internally for legal and compliance purposes. The public-facing version displays the redacted content
Unredaction: In limited circumstances, an administrator may reverse a redaction if the content is determined to be safe to publish in its original form. Unredaction is restricted to admin-level users, logged in our audit trail, and preserves the full edit history
Your rights: You can view the current state of your submission via Access & Control using your Private ID

5. Data Security

We implement industry-standard security measures to protect your information:

Encryption in Transit: All data transmitted to and from Dear Nobody is encrypted using TLS (HTTPS)
Encryption at Rest: Submission content is encrypted in our database using ECDH-P256/AES-GCM encryption
Access Controls: Database access is restricted to essential personnel only
Bot Protection: Cloudflare Turnstile protects against automated abuse without invasive CAPTCHAs
DDoS Protection: Cloudflare provides protection against denial-of-service attacks
Privacy-Preserving Rate Limiting: We limit submission rates to prevent abuse using temporary session hashes that cannot identify you—we never log or use IP addresses for rate limiting
Content Security Policy: Strict CSP headers prevent cross-site scripting and injection attacks
Regular Updates: We maintain current security patches and updates

5.1 Error Monitoring

To maintain service quality, we use privacy-preserving error monitoring that:

Captures only generic error types and page locations
Automatically redacts any potentially identifying information before processing
Does not log IP addresses, user agents, or session identifiers
Aggregates errors for analysis rather than tracking individual occurrences

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information to the best of our ability.

6. Your Rights and Choices

6.1 Access and Control

Using your Public ID and Private ID, you can:

View your submission — See what you wrote and its current status
Delete your submission — Remove it from our systems at any time
Manage settings — Change visibility or withdraw research/marketing consent (before publication only)

Access these controls at dearnobody.org/access.

6.2 Deletion Rights

You can delete your submission at any time—before or after publication—using your Private ID through the Access & Control interface.

When you request deletion, the following happens immediately:

All content is permanently scrubbed — your letter text, encrypted content, metadata, pseudonym, recipient, and any AI analysis data are irreversibly removed from our production database
Your submission status is set to "deleted" — a placeholder notice replaces your content, indicating it was removed at the author's request
Associated consent records are revoked — any research or marketing consents tied to your submission are automatically withdrawn
Deletion from all backups is completed within 30 days
We cannot recall printed materials or remove content from third-party archives/caches

                    Immediate Data Scrubbing: When you delete your submission, all personal and content data is permanently scrubbed from our production database immediately — not after a delay. This includes your letter text, encrypted content, pseudonym, editor notes, and AI analysis results. Backup purges complete within 30 days. This ensures your data is truly gone.
                

We Cannot Delete on Your Behalf: Because we do not store your actual Private ID, we cannot verify your identity to delete or modify content on your behalf. If you lose your Private ID, we have no way to confirm you are the original submitter. You must use Access & Control with your Private ID.

6.3 Content Moderation

Separately from user-initiated deletion, we may remove content through our moderation process for:

Violations of our Community Guidelines or Terms of Service
Legal compliance requirements
Safety concerns

As part of moderation, we may also apply trigger warnings or content warnings to submissions. These labels are assigned based on automated AI analysis and/or human moderator judgment to alert readers of potentially sensitive content (e.g., self-harm, violence, substance use, explicit material). Trigger warning data is stored as metadata on the submission and does not identify the submitter.

This is standard content moderation and is distinct from user-requested deletion. See Section 9 of our Terms of Service for details.

6.4 Consent & Settings Management

Once your letter is published, it becomes part of the permanent archive. You can still delete it, but visibility and consent settings become locked to maintain archive integrity.

6.5 Data Retention Periods

Non-deleted submissions: Retained indefinitely as part of Dear Nobody's permanent archive. Published letters are preserved for long-term access unless you request deletion
Deleted submissions: All content data is permanently scrubbed from our production database immediately upon deletion request. Remaining backup copies are purged within 30 days
Submissions under legal hold: Retained regardless of deletion requests until the hold is released or expires
Consent records: Retained for as long as the associated submission exists, plus 1 year after deletion for legal compliance
Moderation logs: Retained for 3 years for legal and safety compliance purposes
Error monitoring data: Aggregated error data is retained for up to 90 days for debugging purposes, then automatically purged
Mandatory report records: Retained indefinitely as required by law

You may request deletion of your submission at any time using both your Public ID and Private ID via Access & Control.

6.6 Data Portability

You can view your submission status through the Access & Control interface. Note: Your letter content is encrypted for privacy and cannot be displayed or downloaded. If you need a copy of your words, we recommend keeping one before submitting.

7. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If we discover we have inadvertently collected information from a child under 13, we will delete it promptly.

Users between 13-17 years old should have parental or guardian consent to use the Service. The 18+ Archive is restricted to users 18 and older.

8. International Users

Dear Nobody is operated by Intelliquinte L.L.C. in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States.

By using the Service, you consent to such transfer and processing. We protect your information as described in this Policy regardless of where it is processed or stored.

8.1 For EU/EEA Users (GDPR Compliance)

We take the European Union's General Data Protection Regulation (GDPR) seriously. Here's how we comply:

Legal Basis for Processing

We process your data under the following legal bases:

Consent (Article 6(1)(a)): For research and marketing use of your submissions. Each consent is explicit, granular, and freely given. Publishing is based on your visibility choice (public or private) at submission time.
Legitimate Interests (Article 6(1)(f)): For operating the anonymous platform, security measures, and spam prevention. Our legitimate interest is providing a safe, functional service.
Legal Obligation (Article 6(1)(c)): When required to comply with applicable laws or valid legal process.

Your GDPR Rights

As an EU/EEA user, you have the following rights:

Right of Access (Article 15): View your submission status via Access & Control
Right to Rectification (Article 16): Due to our anonymous architecture, we cannot modify submissions. You may delete and resubmit.
Right to Erasure (Article 17): Delete your submission anytime via Access & Control
Right to Restrict Processing (Article 18): Withdraw consent before publication to prevent use
Right to Data Portability (Article 20): Due to encryption and anonymity, we cannot export submission content. We recommend keeping a copy before submitting.
Right to Object (Article 21): Withdraw consent for processing at any time (before publication)
Right to Withdraw Consent (Article 7(3)): Manage consents via Access & Control

International Data Transfers

Your data is processed by service providers in the United States:

Supabase: Database hosting (AWS infrastructure, US-based)
Cloudflare: Website hosting, security, and CDN (global network)

These transfers are conducted in accordance with applicable data protection laws. Our service providers maintain appropriate security certifications (SOC 2, ISO 27001) and contractual obligations to protect your data.

Data Protection Officer

Due to the nature and scale of our processing (anonymous, minimal data), we are not required to appoint a Data Protection Officer. For GDPR-related inquiries, contact us at support@dearnobody.org.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in your EU member state if you believe our processing violates GDPR.

8.2 For UK Users (UK GDPR Compliance)

Following Brexit, the UK has its own data protection framework (UK GDPR and the Data Protection Act 2018). We comply with UK data protection requirements.

UK-Specific Rights

UK residents have the same rights as EU residents under the UK GDPR, including:

Right of access to your personal data
Right to rectification and erasure
Right to restrict processing
Right to data portability
Right to object to processing
Rights related to automated decision-making

UK Supervisory Authority

The supervisory authority for UK data protection is the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113

You have the right to lodge a complaint with the ICO if you believe our processing violates UK data protection law.

International Transfers from the UK

Transfers of UK personal data to the United States are conducted under appropriate safeguards, including Standard Contractual Clauses (UK SCCs) as approved by the ICO.

8.3 Standard Contractual Clauses (SCCs)

For transfers of personal data from the EU/EEA and UK to the United States, we rely on Standard Contractual Clauses adopted by the European Commission and the UK ICO, respectively.

Our infrastructure providers (Supabase, Cloudflare) maintain appropriate certifications and contractual commitments for data protection
These providers have executed Standard Contractual Clauses or equivalent transfer mechanisms
We conduct transfer impact assessments as required under applicable law

For questions about our international data transfer mechanisms, contact us at support@dearnobody.org.

9. U.S. State Privacy Rights

Various U.S. states have enacted comprehensive privacy laws. We comply with these laws and provide the following rights to residents of those states.

9.1 California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

9.1 Right to Know

You have the right to request information about:

Categories of personal information we collect
Specific pieces of personal information we hold about you
Categories of sources from which information is collected
Business purposes for collecting information
Categories of third parties with whom we share information

9.2 Right to Delete

You have the right to request deletion of personal information we have collected. This can be exercised through our Access & Control interface using your Private ID.

9.3 Right to Opt-Out of Sale

We do not sell personal information. Therefore, there is no need to opt out. We do not share personal information for cross-context behavioral advertising.

9.4 Non-Discrimination

We will not discriminate against you for exercising your California privacy rights.

9.5 Exercising Your Rights

California residents can exercise these rights by:

Using the Access & Control interface with your Private ID
Emailing us at support@dearnobody.org

We will verify your identity before processing requests. Due to our anonymous architecture, verification typically requires your Private ID.

                    Shine the Light: California Civil Code Section 1798.83 permits California residents to request information regarding disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
                

9.2 Virginia Consumer Data Protection Act (VCDPA)

Virginia residents have the following rights under the VCDPA, effective January 1, 2023:

Right to Access: Confirm whether we process your personal data and access that data
Right to Correct: Request correction of inaccuracies (note: due to our architecture, you may need to delete and resubmit)
Right to Delete: Request deletion of your personal data
Right to Data Portability: Obtain your data in a portable format
Right to Opt Out: Opt out of targeted advertising, sale of personal data, or profiling

Note: We do not sell personal data, engage in targeted advertising, or conduct profiling for decisions with legal effects.

9.3 Colorado Privacy Act (CPA)

Colorado residents have the following rights under the CPA, effective July 1, 2023:

Right to access, correct, and delete personal data
Right to data portability
Right to opt out of targeted advertising, sale of personal data, or profiling

To exercise these rights, use our Access & Control interface or contact us at support@dearnobody.org.

9.4 Connecticut Data Privacy Act (CTDPA)

Connecticut residents have the following rights under the CTDPA, effective July 1, 2023:

Right to access and confirm whether personal data is being processed
Right to correct inaccuracies
Right to delete personal data
Right to obtain a copy in a portable format
Right to opt out of targeted advertising, sale of personal data, or profiling

9.5 Other State Privacy Laws

We monitor emerging state privacy legislation including laws in Utah, Iowa, Indiana, Tennessee, Montana, Texas, Oregon, and other states. We are committed to complying with applicable state privacy laws as they take effect.

9.6 Exercising State Privacy Rights

Residents of any U.S. state with comprehensive privacy laws can exercise their rights by:

Using the Access & Control interface with your Private ID
Emailing support@dearnobody.org

We will respond to verified requests within 45 days. You may designate an authorized agent to make requests on your behalf.

9.7 Non-Discrimination

We will not discriminate against you for exercising your privacy rights under any state law. You will not receive different quality of service, be denied service, or be charged different prices based on exercising your rights.

10. Cookies & Local Storage

10.1 Cookies We Use

Dear Nobody uses minimal cookies, primarily for:

Essential cookies: Required for security (Cloudflare) and basic functionality
Preference cookies: Remember your content preferences (e.g., 18+ archive opt-in)

We do not use:

Analytics cookies or tracking pixels
Advertising cookies
Social media tracking cookies
Cross-site tracking cookies

10.2 Local Storage (My Vault)

The optional "My Vault" feature uses your browser's local storage to save your submission IDs on your device. This data:

Is stored only on your device
Is never transmitted to our servers
Can be cleared at any time through the Access & Control page
Will be lost if you clear browser data or switch devices

10.3 Third-Party Cookies

Third-party services we use (Cloudflare) may set their own cookies for security and functionality. These are governed by their respective privacy policies.

10.4 Managing Cookies

You can manage cookies through your browser settings. Note that blocking essential cookies may affect site functionality.

11. Data Breach Notification

11.1 Our Commitment

In the event of a data breach that affects personal information, we commit to:

Investigating the incident promptly
Taking steps to mitigate harm
Notifying affected users where possible and required by law
Notifying relevant authorities as required

                    72-Hour Notification: We will notify relevant supervisory authorities and post public notices within 72 hours of confirming a breach that affects user data, in accordance with GDPR requirements and industry best practices.
                

11.2 Notification Challenges

Due to our anonymous architecture, we may be unable to directly notify individual users of a breach since we do not collect contact information. In such cases, we will:

Post prominent notices on the Service within 72 hours
Provide detailed information about the incident
Recommend actions users should take
Maintain the notice on our homepage for at least 30 days

11.3 What We Protect

Our security measures are designed to protect:

Submission content (encrypted at rest)
Private ID hashes (never stored in plain text)
Consent records and preferences

                    Our Advantage: Because we collect minimal personal data and don't store contact information, email addresses, or account details, the potential impact of any breach is inherently limited compared to traditional platforms.
                

12. Do Not Track Signals

Dear Nobody honors Do Not Track (DNT) browser signals by default because we do not engage in user tracking or profiling. Regardless of your DNT setting, we do not engage in behavioral tracking, profiling, or targeted advertising.

13. Transparency

We are committed to transparency about how we operate. We maintain a live Transparency Ledger with real-time platform statistics pulled directly from our database, and we intend to publish periodic quarterly reports that may include:

Total submissions received and published
Content moderation actions (removals, redactions, content warnings applied)
Legal requests received (court orders, subpoenas, law enforcement requests)
Mandatory reports filed (including NCMEC referrals)
Legal holds placed and released
Deletion requests received and processed
User content reports received and reviewed
AI analysis statistics (crisis detections, flagging accuracy, human override rates)

All transparency data never contains information that could identify individual users or specific submissions. See our Transparency Ledger for current live statistics.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

Update the "Last Updated" date at the top of this page
Post a notice on the website for material changes

Your continued use of the Service after changes to the Policy constitutes acceptance of the updated terms. We encourage you to review this Policy periodically.

15. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us:

Email support@dearnobody.org

Location

Intelliquinte L.L.C.
Raleigh, NC
United States

We aim to respond to all inquiries within 7 business days.