Privacy & data

Last updated: 8 July 2026

tidings is operated by Fork Studio Limited (company number 726783), registered at Rathmore, Baltimore, Co Cork, P81 HW84, Ireland. Fork Studio Limited is the data controller for the personal data described below.

What we collect and why

We collect the minimum needed to run the service. tidings is end-to-end encrypted: your letters are encrypted in your browser before they reach us, and your private key stays inside your sealkey on your own device — we never receive it. Here is what tidings stores and the reason for each item:

We do not use analytics or tracking scripts. We do not build advertising profiles. We do not sell your data or share it for marketing.

Cookies

tidings does not use cookies. Your sign-in is kept in your browser's local storage, on your device, and is sent only to authenticate your own requests. We use no analytics cookies and no third-party tracking cookies. Because there is no non-essential cookie, cookie consent is not required under ePrivacy rules, but we document it here.

Who processes your data

We use a small number of service providers to run tidings. Each processes data only as needed to provide their service to us:

Service What they handle Where
Scaleway App hosting, object storage for encrypted letters and account data, and transactional email Paris, France (EU)
Stripe Payments and billing for stamps EU and US (privacy policy)
Cloudflare DNS (domain-name resolution) only Global network (privacy policy)

Your encrypted letters and account data are hosted on EU infrastructure in Paris (Scaleway). We deliberately keep private data on EU-hosted services and do not route it through a US-based CDN or edge network. The one third-party your browser touches directly is Stripe, a US-based payment processor, and only when you buy stamps — its script is loaded at that point only, never on the letter-writing pages.

Your data belongs to you

Everything you write in tidings belongs to you: your letters, their words, images, and styling. We do not claim ownership or intellectual property rights over your content.

You give us permission to store, process, publish, and transmit your content only as needed to provide the service. For example, tidings needs to store the encrypted ciphertext of a letter so you can keep and re-read it, and to deliver that ciphertext to the recipient you send it to.

Open letters are public

Private letters are encrypted and readable only by you and the person you send them to. When you publish an open letter, its page and content are intended to be accessible to anyone with the link. Do not publish private, confidential, sensitive, or restricted material as an open letter unless you are comfortable making it public.

Keep your own copies — and guard your sealkey

Your sealkey file is your login and holds your private key. If you lose the original sealkey image and the copy stored in this browser, your account and the letters delivered to you cannot be recovered — we cannot reset it, because we never hold your private key. Never share or modify the sealkey file, and keep a safe backup of it. tidings is a live letter service, not your primary backup: keep your own copies of letters that matter to you somewhere you control. We take care with storage and infrastructure, but no online service can guarantee zero data loss.

How long we keep your data

Your rights

Under GDPR you have the right to:

Contact

For anything related to your data or this policy, email hello@tidings.app.

Fork Studio Limited, Rathmore, Baltimore, Co Cork, P81 HW84, Ireland.

← back to tidings