This Privacy Policy covers Vaulternal's utility services ("Tools"), including the Time Capsule letter-to-future-self tool. Each Tool's specific data practices are stated in its addendum, which forms part of this Policy. Where an addendum and this umbrella Policy conflict, the addendum controls only on the points it explicitly addresses.
1. Who we are
The data controller is Vaulternal, Inc., [To be confirmed by legal counsel: state of incorporation and registered office]. You can reach us at:
- Privacy questions and requests: privacy@vaulternal.com
- Privacy Officer (Quebec Law 25): the person above
- Mailing address: [To be confirmed by legal counsel: physical mailing address]
We have not appointed an Article 27 Representative for the European Union or the United Kingdom. Where Tools are accessed from those jurisdictions, you may contact the address above; we will respond in line with applicable law.
2. What we collect
For each Tool, we collect only what is needed to operate it. For Time Capsule, that is:
- the content of your letter (encrypted at rest);
- the email address you provide (encrypted at rest, plus a one-way hash for rate limiting and bounce handling);
- the delivery date and time you choose;
- a small amount of technical metadata: a hashed IP address (truncated before hashing), your country (derived from request headers), the local timezone you wrote from, and the locale of the page you used.
3. How we use it
| Purpose | Data used |
|---|---|
| Delivering your letter on the chosen date | Letter content, email address |
| Preventing abuse and rate limiting | Hashed email, hashed IP |
| Bounce and complaint handling (sending-domain reputation) | Hashed email |
| Analytics — page-view counts, conversion metrics | Country, locale, anonymous event timing — only if you accept analytics cookies |
| Operational debugging and incident response | Activity log entries (twelve-month retention) |
We do not use your letter content for advertising, profiling, or any purpose other than the delivery you requested. We do not sell or share personal information for cross-context behavioural advertising (CCPA/CPRA) and do not engage in targeted advertising or profiling that produces legal or similarly significant effects (GDPR Article 22).
4. Encryption
Letter content and email addresses are encrypted at rest using AES-256-GCM, with per-letter keys derived via HKDF from a master key held in our secrets infrastructure. Master keys are versioned and rotated annually. Plain-text letter content is never written to logs. In transit, all traffic uses TLS 1.2 or higher.
We use server-managed encryption, which means we can decrypt letters under valid legal compulsion. If you require zero-knowledge encryption, see the Time Capsule addendum.
5. Lawful basis (GDPR / UK GDPR)
| Activity | Lawful basis |
|---|---|
| Storing and delivering your letter | Article 6(1)(b) — performance of a contract |
| Bounce and complaint suppression | Article 6(1)(f) — legitimate interests in service integrity and sending-domain reputation |
| DSAR audit row (proof of deletion) | Article 6(1)(c) — legal obligation under Articles 17 and 30 |
| Operational analytics (activity log) | Article 6(1)(f) — legitimate interests in abuse review and dispatch debugging |
| Optional analytics cookies (e.g. GA4) | Article 6(1)(a) — your consent, freely revocable |
Where we rely on legitimate interests, we have performed and documented a balancing test that weighs your privacy interests against ours. You can request the relevant balancing test at the privacy address above.
6. Retention
Distinct artifacts have distinct retention periods.
| Artifact | Purpose | Lawful basis | Retention |
|---|---|---|---|
| Pending-unconfirmed letter | In-flight write awaiting confirm | Art 6(1)(b) | 7 days, then deleted |
| Scheduled letter | Sealed letter awaiting delivery | Art 6(1)(b) | Until delivery date |
| Delivered letter (body) | The message itself | Art 6(1)(b) | Body purged 30 days post-delivery; audit row 90 days more |
| Cancelled letter | User-cancelled in-flight | Art 6(1)(b) | Body purged within 24 hours; audit row 90 days |
| DSAR-deleted letter | Erasure request fulfilled | Art 6(1)(c) | Body purged immediately; audit row 30 days, then deleted |
| Email suppression list | Bounce / complaint / unsubscribe — service integrity | Art 6(1)(f) | Indefinite |
| Activity log | Operational signal — abuse review, dispatch debugging | Art 6(1)(f) | 12 months |
The activity log (12 months) and the DSAR audit row (30 days) are deliberately distinct: the first is operational telemetry, the second is regulatory proof-of-deletion.
7. Your rights
Subject to applicable law, you have the following rights:
- Access — view your letter at any time via the manage link sent to your Confirmed Email.
- Erasure / "right to be forgotten" — cancel and delete your letter at any time before delivery; a Data Subject Access Request (DSAR) can also be submitted at /timecapsule/dsar.
- Rectification — edit your letter for fourteen (14) days after confirmation.
- Portability — download your letter from the manage page in plain text.
- Object — unsubscribe from all Time Capsule emails via the link in any email we send.
- Restriction — pause processing while we resolve a dispute about the data we hold.
- Manage-link rotation — request a fresh manage link if you suspect the original has leaked.
We respond to verifiable requests within thirty (30) days. We do not charge a fee for the first request in any twelve-month period.
7.1 Right to lodge a complaint with a supervisory authority (GDPR Article 77)
If you reside in the EU or the UK, you have the right to lodge a complaint with your local data-protection supervisory authority. A directory of EU authorities is at https://edpb.europa.eu/about-edpb/about-edpb/members_en; the UK authority is the Information Commissioner's Office at https://ico.org.uk.
7.2 Automated decision-making
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you, within the meaning of GDPR Article 22.
8. United States — California (CCPA/CPRA) disclosures
In the twelve months preceding the date of this Policy, we may have collected the following categories of personal information for the purposes described above:
- Identifiers (email address)
- Internet or other electronic network activity (hashed IP address, country, locale, timezone, page-view events)
- User-generated content (the letter you submit)
We do not sell or share personal information for cross-context behavioural advertising. We do not knowingly collect personal information from minors under sixteen.
California residents have the rights to know, delete, correct, and limit the use of sensitive personal information, and to non-discrimination for exercising those rights. Authorised agents may submit requests on your behalf.
9. Other US states
Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws have substantially equivalent rights, exercisable through the same DSAR channel.
10. Canada (PIPEDA + Quebec Law 25)
Canadian residents have the rights of access, correction, and complaint under PIPEDA. Quebec residents additionally have the rights to be informed at the point of collection, to data portability, and to lodge a complaint with the Commission d'accès à l'information (CAI). Our Privacy Officer for Quebec Law 25 purposes is reachable at privacy@vaulternal.com.
We currently offer Time Capsule in English, Spanish, and Russian. If you are in Quebec and would prefer to exercise your rights in French, we will respond in French; the Tool interface itself is not currently localised in French.
11. Australia (Privacy Act 1988 and APPs)
Australian residents have rights under the Australian Privacy Principles, including access, correction, and complaint. Complaints can be lodged with the Office of the Australian Information Commissioner at https://www.oaic.gov.au. Cross-border transfers to our service providers (see section 13) are made under the binding-clauses pathway of APP 8.
12. Children
Our Tools are not directed at, and we do not knowingly collect personal information from, individuals under the age of eighteen. If you believe a person under eighteen has submitted Content, contact privacy@vaulternal.com and we will delete the data.
13. Service providers and international transfers
We use the following service providers:
| Provider | Role | Location | Transfer safeguard |
|---|---|---|---|
| Resend, Inc. | Email delivery (confirmation, reminder, delivery, unsubscribe) | United States | Standard Contractual Clauses; EU-US Data Privacy Framework where Resend's certification is current at the time of reading |
| Cloudflare, Inc. | Edge network, IP-country header, DDoS protection | Global edge, US headquarters | Standard Contractual Clauses |
We verify our providers' DPF status quarterly. Current status is reflected on this page. Letter content is encrypted before storage; plain text is sent to Resend only at delivery time.
14. Cookies
Our Tools use the minimum number of cookies necessary to function. Optional analytics cookies are loaded only after you accept them via the cookie-consent banner that appears on your first visit. The banner can be reopened at any time from the footer.
| Cookie | Purpose | Duration | First/third-party |
|---|---|---|---|
cc_cookie | Stores your cookie-consent choice | 6 months | First-party |
_ga, _ga_* | Google Analytics 4 — page views, sessions | 2 years | Third-party (Google) — only after consent |
If you decline analytics, the Google Analytics scripts are never loaded. Declining analytics has no effect on the operation of any Tool.
15. Security incidents and breach notification
We maintain administrative, technical, and physical safeguards designed to protect personal information. In the event of a personal-data breach affecting your information, we will notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach, where required by law. Where the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay.
16. Changes to this Policy
The "Last updated" date at the bottom of this page reflects the most recent change. Material changes will be announced on the Tool's landing page and, where the Tool retains a Confirmed Email for an active scheduled artifact, by email to that address at least thirty (30) days before they take effect.
17. Contact
For questions about this Policy or to exercise your rights, contact privacy@vaulternal.com.
Last updated: May 3, 2026