Write Self

☞ Security & privacy

How your letter is protected.

Letters to your future self are deeply personal. Here's exactly how we handle them.

Encryption at rest

The moment you save your letter, the plaintext is encrypted with libsodium's authenticated encryption (XChaCha20-Poly1305 secretbox, 256-bit key). The encrypted blob is stored in our Neon Postgres database with the random nonce alongside it. Only the authenticated, encrypted form ever touches the disk.

Decryption

Your letter is decrypted only at print time, in memory, on the morning of your chosen delivery date. The plaintext is generated as a PDF, sent to the print partner, and then immediately discarded from memory. We never write the plaintext back to a file or another database.

What we can technically see

Be honest with yourself: we control the encryption key and the print process, so we could decrypt and read your letter before it ships. We don't. We've designed the system so a single engineer can't do it without leaving traces, but the trust here is real and worth naming. If you're writing something you absolutely cannot have seen, this isn't the right product.

What if Write Self disappears

Your letter is queued at Stannp — our UK mail partner — from the moment you pay. Stannp is the durable system of record for your scheduled mailing. If write-self.org goes offline tomorrow, your letter still prints and mails on the day you chose. Stannp's queue is what's keeping the promise.

Address handling

Your delivery address is stored encrypted, used only by the print partner, and deleted on request after delivery. We don't sell, share, or surface it to third parties beyond what's required to mail the letter.

Email and account data

Sign-in is a magic link emailed via Resend — no passwords stored, ever. Your email is used only for transactional emails (purchase confirmation, delivery notifications) and an optional weekly newsletter you can unsubscribe from in one click.

Deleting your data

You can delete your account from your dashboard. We'll cancel any unscheduled letters, refund any that haven't been queued at Stannp, and remove your account data within 30 days. Letters already queued at Stannp will mail as scheduled — Stannp's system is independent of ours.

GDPR and rights

UK GDPR applies. You have the right to access, port, correct, and delete your data. Email hello@write-self.org and we'll respond within 7 days.