Dear Son
OPEN THE APP →
PRIVACY · PLAIN LANGUAGE

Letters are the most
private thing we know.

This page is written to be read, not skimmed past. It says what we keep, where it lives, who can see it, and what you can demand of us. Last updated 11 June 2026.

WHAT WE KEEP, AND WHERE

Drafts stay with you. Sealed letters come to us.

While you write, a draft lives only in your browser, on your device. It is not sent to us, and we cannot see it. If you delete the app from your phone before sealing, an unsealed draft is gone — that is the honest cost of keeping it yours alone.

When you seal a letter, it travels to the vault: our database and media storage, hosted with Supabase on servers in London. That is what makes the promise work — a sealed letter survives your phone falling in the sea, and it can be delivered years from now even if that device is long gone.

WHAT WE COLLECT

Only what a vault needs.

Your email address, to send sign-in codes (we use no passwords). The first name and birthdate of each person you write to, because birthdays are how age-based unlocks know when to open. The letters you seal — words, photos, voice, video. Reactions a reader sends back. And if you joined the waitlist, that email too.

There is no advertising, no analytics script following you around the app, and we will never sell or rent any of this to anyone. The product is the subscription, not your data.

WHO CAN READ A LETTER

Private until the day you chose.

Letter content is private to its writer until it unlocks. Co-writers in a shared vault can see each other’s sealed letters — that is what a shared vault means — but never each other’s drafts. The person you write to sees a letter only after it unlocks, through an invitation only you can send. Nothing is ever public.

Technically, sealed letters are encrypted in transit and at rest, and every read is gated by row-level security rules in the database. They are not yet end-to-end encrypted: like almost every service you use, our systems can process the content — it is what lets us deliver letters on schedule and build reading features. We treat that access as a responsibility: we do not read your letters except where strictly required to operate the service or by law, and we are architecting toward stronger encryption options over time.

WHO WE RELY ON

A short list, on purpose.

Supabase hosts the database, file storage, and sign-in (servers in London, on AWS). Cloudflare serves the website and app. When we send email beyond sign-in codes, it goes through a transactional email provider. That is the whole list today; if it grows, this page will say so.

YOUR CONTROL

Yours to keep, yours to take back.

You can delete any draft yourself, instantly and locally. Sealed letters are deliberately harder to destroy — permanence is the product — but it is your vault: write to [email protected] and we will export or permanently delete your account and everything in it. Waitlist emails are removed the moment you ask.

Accounts are for adults. Children appear in Dear Son first as recipients — a name and a birthdate a parent typed in — and may later claim their own account to read what was kept for them.

WHEN THIS CHANGES

We will tell you like a person.

If this policy changes in a way that matters, we will email you in plain language before it takes effect. Questions, worries, requests: [email protected] — a human reads it.

Dear Son is in early access; this plain-English policy is the one that counts. If we ever need a longer legal version, the promises here will not shrink.