unsend.email

Privacy

We’re boring about data on purpose.

Last updated: April 17, 2026.

What we store

When you write a letter: the recipient label, the subject, the body, the mode you picked, an IP-hash for rate-limiting, and a session cookie bound to that letter. If you opt in, your email for the receipt. Nothing else.

If you sign in, we also store your email address and the Supabase auth session.

What we don’t store

We don’t store analytics on letter content. We don’t know what your letters are about. We don’t attempt to identify you from your writing. We don’t resell, share, or license anything to third parties for advertising, marketing, or model training.

Who reads your letter

An AI (Anthropic’s Claude Sonnet 4.6) reads your letter exactly once to generate the reply and reflection. The model is stateless — it does not retain your letter between requests, does not train on it, and cannot recall it after the request ends. Anthropic’s terms of service govern that request; see Anthropic’s Commercial Terms.

No human on our team has ever read your letter, and the architecture prevents us from doing so casually — vaulted rows are owner-scoped and anonymous rows auto-delete.

How long it sticks around

Anonymous letters: the row is automatically deleted 24 hours after you wrote it. Every hour, a scheduled job sweeps anything past its expiry.

If you claim a letter (vault it to the Graveyard), it lives there until you delete it. You can delete any vaulted letter from its page in the Graveyard.

Receipts are sent via Resend, which retains the sent email for its own operational logs subject to Resend’s privacy policy.

Cookies

We set exactly one functional cookie — uem_session — to bind letters to the browser that wrote them. Supabase sets additional auth cookies only when you sign in. No third-party tracking cookies. No advertising cookies.

The Wall

Reflections published to the Wall are anonymous by design: we expose only the one sentence and the calendar date. No recipient label, no letter body, no user ID, no IP. You can take your reflection down at any time from the original thread page.

Your data, your call

You can request deletion of anything we hold on you by emailing ct@ctoumbas.net. For EU residents: this also covers GDPR right-to-be-forgotten requests, which we honour.

Changes

If we change how any of this works, we’ll update the date at the top of this page. We won’t email you about it — we barely email you at all.

Back to the lobby