VOIDPOST is a paid digital service for delayed personal messages. This policy explains what data the service handles, why the data is needed, when it may be disclosed, how long it may be retained, and what limits apply to deletion, anonymity, and recovery.
By creating an account, submitting a capsule, or using checkout, you acknowledge that the service cannot operate without processing account, message, delivery, anti-abuse, and payment-related information.
What we collect
We may collect account information such as email address, display name, password hash, linked sign-in identifiers, language preference, and other details you voluntarily submit through forms or account settings.
We may collect capsule-related information such as recipient email, headline, encrypted message content, delivery timing, reveal status, order metadata, cancellation status, delivery attempts, and timestamps associated with creation, payment verification, reveal, and delivery.
We may collect technical and security information such as IP-derived rate-limit records, device and browser request metadata, error logs, database integrity records, webhook metadata, checkout identifiers, and anti-fraud signals needed to protect the service, investigate abuse, or verify payment and delivery events.
How we use data
We use data to create and secure accounts, authenticate logins, process payments, queue capsules, deliver messages, unlock paid reveals, maintain dashboards, support customer service, prevent fraud, respond to complaints, and enforce platform rules.
We may also use data to debug failures, verify whether a message was created or delivered, investigate suspicious activity, respond to legal requests, preserve evidence for disputes, and improve service performance, reliability, localization, and operational security.
How data may be shared
We do not sell personal data for advertising purposes. We may share limited information with infrastructure, hosting, analytics-free operational vendors, payment providers, email-delivery providers, and security providers strictly to the extent needed to run the service, verify transactions, deliver messages, prevent abuse, or keep the service available.
We may disclose information if required by law, subpoena, court order, regulatory demand, payment investigation, anti-fraud review, abuse report, copyright complaint, or security incident response. We may also preserve or disclose information if we reasonably believe it is necessary to protect the service, users, third parties, or the public from fraud, illegal activity, technical attacks, or threats of harm.
Security and confidentiality limits
We use technical and organizational measures intended to reduce unauthorized access, including access controls, rate limiting, integrity checks, and encrypted storage for sensitive message content. However, no online service, database, server, mailbox, or transmission channel can be guaranteed to be perfectly secure, unbreakable, anonymous, or immune from compromise.
You understand and accept that the service cannot promise absolute secrecy, absolute data integrity, absolute availability, or the impossibility of unauthorized disclosure arising from force majeure, software defects, infrastructure compromise, payment-provider incidents, email-provider behavior, legal compulsion, or operator-level access required to run the platform.
Retention and deletion
We may retain account, payment, capsule, delivery, and security data for as long as reasonably necessary to operate the service, document completed or failed delivery attempts, investigate complaints, resolve disputes, comply with legal obligations, enforce platform rules, defend legal claims, or prevent repeated fraud and abuse.
Deleting an account does not necessarily erase all related records immediately or completely. Scheduled deliveries, completed transaction records, security logs, abuse records, dispute evidence, financial records, and technical backups may continue to exist for operational, compliance, evidentiary, integrity, disaster-recovery, and fraud-prevention reasons.
Your requests and limits
Subject to applicable law, you may request access, correction, or deletion of certain data associated with your account. Such requests may be limited where retention is necessary for security, payment verification, fraud prevention, dispute handling, legal compliance, backup integrity, or the protection of the service and other users.
The service is not designed to provide anonymous, privileged, or legally protected communications. You should not submit content if you require guaranteed deletion, guaranteed confidentiality against all parties, or regulated handling under a specialized legal regime unless you have independently confirmed that the service is suitable for that purpose.
International use and transfers
The service may rely on vendors, infrastructure, or delivery systems located in different countries. By using the service, you understand that data may be processed, stored, or transmitted across borders where privacy protections, user rights, or disclosure standards may differ from those in your home jurisdiction.
If you do not want your data processed under those conditions, you should not use the service.
