Privacy Policy

Effective Date: July 24, 2018

This policy explains what information we collect when you use’s sites, services, mobile applications,
products, and content (“Services”). It also has information about
how we store, use, transfer, and delete that information. Our aim
is not just to comply with privacy law; it’s to earn your trust.

Information We Collect & How We Use It

In order to give you the best possible experience using, we collect information from your
interactions with our network. Some of this information, you
actively tell us (such as your email address, which we use to track
your account or communicate with you). Other information, we
collect based on actions you take while using,
such as which pages you access and your interactions with our
product features. This information includes records of those
interactions, your Internet Protocol address, information about
your device (such as device or browser type), and referral
We use this information to:
 provide, test, improve, promote and personalize Services
 fight spam and other forms of abuse
 generate aggregate, non-identifying information about how
people use Services

When you create your account, and
authenticate with a third-party service (like Twitter, Facebook or
Google) we may collect, store, and periodically update information
associated with that third-party account, such as your lists of
friends or followers. We will never publish through your third-
party account without your permission.

Information Disclosure won’t transfer information about you to third
parties for the purpose of providing or facilitating third-party
advertising to you. We won’t sell information about you.
We may share your account information with third parties in some
circumstances, including: (1) with your consent; (2) to a service
provider or partner who meets our data protection standards; (3)
with academic or non-profit researchers, with aggregation,
anonymization, or pseudonymization; (4) when we have a good
faith belief it is required by law, such as pursuant to a subpoena or
other legal process; (5) when we have a good faith belief that doing
so will help prevent imminent harm to someone.
If we are going to share your information in response to legal
process, we’ll give you notice so you can challenge it (for example
by seeking court intervention), unless we’re prohibited by law or
believe doing so may endanger others. We will object to requests
for information about users of our services that we believe are

Data Storage uses third-party vendors and hosting
partners, such as Amazon, for hardware, software, networking,
storage, and related technology we need to run We maintain two types of logs: server logs

and event logs. By using Services, you
authorize to transfer, store, and use your
information in the United States and any other country where we

Third-Party Embeds

Some of the content that you see displayed on is not hosted by These
“embeds” are hosted by a third-party and embedded in For example: YouTube or Vimeo videos,
Imgur or Giphy gifs, SoundCloud audio files, Twitter tweets,
GitHub code, or Scribd documents that appear within a letter. These files send data to the hosted site
just as if you were visiting that site directly (for example, when you
load a letter page with a YouTube video
embedded in it, YouTube receives data about your activity). does not control what data third parties
collect in cases like this, or what they will do with it. So, third-
party embeds on are not covered by this
privacy policy. They are covered by the privacy policy of the third-
party service.
Some embeds may ask you for personal information, such as your
email address, through a form. We do our best to keep bad actors
off of However, if you choose to submit your
information to a third party this way, we don’t know what they
may do with it. As explained above, their actions are not covered
by this Privacy Policy. So, please be careful when you see
embedded forms on asking for your email
address or any other personal information. Make sure you
understand who you are submitting your information to and what
they say they plan to do with it. We suggest that you do not submit
personal information to any third-party through an embedded

If you embed a form that allows submission of personal
information by users, you must provide near the embedded form a
prominent link to an applicable Privacy Policy that clearly states
how to you intend to use any information collected. Failure to do
so may lead to disable the letter or take other
action to limit or disable your account.

Tracking & Cookies

We use browser cookies and similar technologies to recognize you
when you return to our Services. We use them in various ways, for
example to log you in, remember your preferences (such as default
language), evaluate email effectiveness, and personalize content
and other information. doesn’t track you across the Internet. We
track only your interactions within the
network (which encompasses and custom
domains hosted by
Some third-party services that we use to provide the Service, such as Google Analytics, may place
their own cookies in your browser. This Privacy Policy covers use
of cookies by only and not the use of cookies
by third parties. complies with the “Do Not Track” (“DNT”)
standard recommended by the World Wide Web Consortium. For
logged-out users browsing with DNT enabled,’s analytics will not receive data about you,
but we will do some first-party tracking in order to customize
content and provide data to third-party service providers that
enable Services to work. When you use while logged-in to your account, we cannot
comply with DNT.

Modifying or Deleting Your Personal Information

If you have a account, you can access, modify
or export your personal information, or delete your account by
writing to
To protect information from accidental or malicious destruction,
we may maintain residual copies for a brief time period. But, if you
delete your account, your information and content will be
unrecoverable after that time. may preserve
and maintain copies of your information when required to do so
by law.

Data Security

We use encryption (HTTPS/TLS) to protect data transmitted to
and from our site. However, no data transmission over the
Internet is 100% secure, so we can’t guarantee security. You use
the Service at your own risk, and you’re responsible for taking
reasonable measures to secure your account.

Business Transfers

If we are involved in a merger, acquisition, bankruptcy,
reorganization or sale of assets such that your information would
be transferred or become subject to a different privacy policy, we’ll
notify you in advance, so you can opt out of any such new policy by
deleting your account before transfer.

Email from

Sometimes we’ll send you emails about your account, service
changes or new policies. You can’t opt out of this type of
“transactional” email (unless you delete your account). But, you
can opt out of non-administrative emails such as digests,

newsletters, and activity notifications by contacting
When you interact with an email sent from
(such as opening an email or clicking on a particular link in an
email), we may receive information about that interaction. We
won’t email you to ask for your password or other account
information. If you receive such an email, please send it to us so
we can investigate.

Changes to this Policy may periodically update this Policy. We’ll
notify you about significant changes to it.


We welcome feedback about this policy

Data Protection Statement for
European Union Users

Description of Processing Activity collects and stores personal information
about its users to customize their reading experience and enable
personalized distribution of content. It shares minimal data with
its service providers.

Purposes of Processing

 Provide, test, promote, and improve the services

 Gather usage statistics of services
 Provide customized reading experience
 Publish and distribute user-generated content
 Fight spam, fraud, and other abuse of services

Legal Bases

In order to provide the services, collects and
stores personal data about its users on the legal basis of consent
given when you create an account and agree to the Privacy Policy. also pursues its legitimate interests by
collecting minimal data of logged out users to provide the services,
as outlined above.
Where collects and stores personal data
about non-users, it does so under performance of contract
obligations with users who use the services to publish content on
web sites hosted by In such cases, users
authoring such content containing personal data of third parties
are responsible for that content. will consider
related complaints in compliance with the General Data Protection
Regulation’s rights of the data subject, as well as rights of
expression and access to information.

Public Nature of Personal Data

Logged-in users may choose to interact publicly with the Services in the form of sharing links on
connected social media accounts or writing original letters. Where
such personal data may reveal special category protected data, it is
processed on the basis that it is manifestly made public by the
user. Additional information on potential consequences of such
processing can be found below. If you do not agree to this public

usage, do not create an account or use these features of Services.

Categories of Personal Data Collected

Logged out users
 Reading history
 IP address
 Browser information
 DNT status
Logged in users:
 Username
 Display name
 Bio
 Email address (non-public)
 Session activity (security)
 Linked social media accounts (optional)
 IP address
 Browser information
 Reading history (on network only)
 Network interactions
 Letters, responses, or series published by user

 Billing information and history
 Bank account for payments

Categories of Recipients shares minimal personal data with third-
party processors in order to provide the Services. These processors
offer at least the same level of data protection as that set out in this
statement. This includes the following categories of recipients:
 Hosting, Storage, & Other Infrastructure
 Security
 Analytics
 Communication & Support
 Payment Processors
Search engines will index user profiles, public interactions, and
any user-generated content. Users may also share links to your
content on social media.

Payment Processors provides Services in conjunction with several
payment processors, including: Stripe and PayPal, through which
users may pay for services. Those companies
acting as payment processors may collect and store personal data
related to your billing information and history in order to provide
their services and may collect and store personal data and
business data to prevent fraud and other abuse.
When you delete your account, deletes your personal data as outlined in this

document. However, to delete your payment or billing
information, you will need to do so with your payment provider, as only has minimal secure access to those
records as needed to provide the services.

Embedded Content letters may contain third-party embeds,
which may in some cases collect and store personal data. The use
of personal data by embedded content providers is not covered by
this statement, but by the privacy policies of those sites or services.

Existence of Automated Decision-making collects and stores personal data about its
users to customize reading. This includes automated decision-
making to promote content tailored to the preferences and
interests indicated by the user, and to their browsing history and
network interactions. also filters content for the purposes of
fighting and preventing spam, fraud, and other forms of abuse.

Potential Consequences of Processing

By creating an account on, users may make
certain personal data about themselves public and accessible to
others on their profile and through network interactions. This may
in some cases constitute special category protected data which is
considered manifestly made public by the user.
Due to the public nature of information written on, it may be possible for third parties to derive
identifying personal data from letters, whether by reading,
inference, supplemental research, or automated extraction and

Users may choose to use the service without posting data or
engaging in network interactions. However, if you do not agree
with and accept the risks of such usage, you may not use the

Cross-border Transfers is hosted in the United States. By using Services, you authorize
to transfer, store, and use your information in the United States
and any other country where we operate. Where your data is
disclosed to our processors, it is subject by contract to at least the
same level of data protection as that set out in this statement.

Retention retains personal data associated with your
account for the lifetime of your account. If you would like to delete
your personal information, you can delete your account at any
time. Deleted account profile pages will yield an error 404 “file not
found” page, immediately upon initiating deletion, and will
become unrecoverable in our system after a period of fourteen
days. It may take several additional days for your personal data to
be de-indexed from search engines, depending on those search
engines’ practices, over which may have
limited or no control.
To delete your payment or billing information, you will need to do
so with your payment provider, as only has
minimal secure access to those records as needed to provide the

Rights of Data Subjects

1. If you sign up for a account, you may at
any time request an export of your personal information by
2. You may correct information associated with your account.
3. You may withdraw consent by deleting your account at any
time, which will erase your personal information completely
within 14 days (except to the extent is
prevented by law from deleting your information).
4. You may object at any time to the use of your personal data by
contacting If your complaint
relates to alleged misuse of your personal data by a third party,
it may result in suspension of that letter or account in keeping
with relevant law, public interest, our contractual obligations,
and the rights of expression and access to information of
5. You may at any time lodge a complaint regarding the
processing of your personal data by with
the Supervisory Authority of your EU member state.

Contact Information
Zibly Services, LLC
PO Box

Representative: Head of Account