top of page

Privacy Policy

Effective Date: June 17, 2025
Last Updated: June 17, 2025

A Gentle Introduction

 

At Dear Posto, your privacy is part of your emotional safety. This policy explains how we collect, use, and protect your data—whether you’re here to write a letter, wander the Fold, or just breathe for a moment.

We follow the General Data Protection Regulation (GDPR), Children’s Online Privacy Protection Act (COPPA), Personal Information Protection and Electronic Documents Act (PIPEDA), and the UK Data Protection Act (DPA).

1.  Who We Are

This app is operated by:
Dear Posto Inc.
USA
Contact us anytime: diana@letterstostrangers.org

We are the Data Controller responsible for your personal data under applicable laws.

2. What We Collect (and Why)

We believe in data minimalism: we collect only what we need to help Posto deliver your letters safely and improve your experience.

  • Data Type: Username

    • Why We Collect It: So you can personalize your journey

    • Legal Basis: Consent

  • Data Type: Email

    • Why We Collect It: For login, password recovery, and Plus features

    • Legal Basis: Consent

  • Data Type: Letters & journal entries

    • Why We Collect It: Core gameplay experience

    • Legal Basis: Performance of a contract

  • Data Type: Anonymous tags & tone data

    • Why We Collect It: To match you with meaningful responses

    • Legal Basis: Legitimate interest

  • Data Type: Device & usage data (anonymized)

    • Why We Collect It: To improve safety and functionality

    • Legal Basis: Legitimate interest

  • Data Type: Payment data (via App Store or Google Play)

    • Why We Collect It: To process subscriptions or in-app purchases

    • Legal Basis: Legal obligation & consent

 

Invisible Ink Mode: When this is on, your letters are not stored, tagged, or tracked. Not even Posto can see them. It will undergo our moderation process for safety purposes, but otherwise, this data is completely private.

3. Children’s Privacy (COPPA Compliance)

We do not knowingly collect personal data from users under:

  • Age 13 in the U.S.

  • Age 16 in the EU/UK

  • Age 13 in Canada without parental consent

If you're a parent and believe your child has submitted data without consent, contact us and we will delete it immediately.

4. How We Store and Protect Your Data

Your emotional safety starts with your digital safety:

  • All data is encrypted in transit and at rest

  • We use secure, GDPR-compliant hosting providers

  • Only select authorized team members may access limited data to ensure functionality

We do not sell, rent, or share your data with advertisers, ever.

5. How Long We Keep Your Data

We retain your data only as long as needed to provide the service. This means:

  • Letters are stored until you delete your account (except Invisible Ink letters)

  • Basic account info is retained while your account is active

  • Inactive accounts may be anonymized or deleted after 24 months

You can delete your account and all associated data at any time.

6. International Transfers

Our servers may be located outside your country, but we only work with providers that ensure GDPR-equivalent safeguards, including:

  • EU Standard Contractual Clauses (SCCs)

  • U.S. companies participating in recognized privacy frameworks

7. Your Rights (EU/UK/Canada)

You have the right to:

  • Access your data

  • Correct inaccurate data

  • Delete your account and data (“Right to be forgotten”)

  • Withdraw consent at any time

  • Request portability of your data

  • Object to processing in certain cases

To make any of these requests, email us at diana@letterstostrangers.org. We’ll respond within 30 days or faster if we can.

8. Sharing With Third Parties

We only share data with third parties essential to app operation, such as:

  • Firebase

    • Purpose: Secure authentication

  • Stripe / Apple / Google

    • Purpose: ​Subscription & payment processing

  • Human moderation services

    • Purpose: Letter safety and tone review (anonymized)

All vendors are required to follow strong data protection standards.

9. Cookies and Tracking (if web-based)

If you access our service via web:

We use essential cookies only. No ad tracking.
You can disable cookies in your browser settings, though this may impact functionality.

10. In-App Purchases & Subscriptions

We never store your credit card or billing info. All payments are handled securely through:

  • Apple App Store

  • Google Play

Subscriptions (e.g., Posto Plus) renew automatically but can be cancelled at any time via your app store settings.

11. Changes to This Policy

If we make material changes, we’ll let you know in-app and ask for consent where needed.

Minor changes may be posted without a full pop-up, but the effective date will always be updated.

12.  Contact Us

For any questions, concerns, or data access requests:

Dear Posto, Inc.
EMAIL: diana@letterstostrangers.org
 

We’re here to make sure your letters and your privacy are held with care.

© 2025 by Dear Posto. 

Privacy Policy | Terms & Conditions

Sign Up For Early Access

What Are You Interested In?

Select all that apply.

Contact Us

bottom of page