InvisibleMe
InvisibleMe is growing. Youโ€™re using an early version โ€” some features are still sprouting. ๐ŸŒฑ

Privacy Policy

Last updated: October 31, 2025

Invisible Me is a quiet space to write what's heavy, share softly, or send a letter to your future self. We keep data collection minimal and explain it plainly here.

Who we are

Invisible Me ("we", "us"). Contact: invisiblemeapp@gmail.com.

What we collect

Anonymous notes ("Quiet Garden"): stored without your name or account. We keep the text, timestamp, and technical logs needed to run the site (e.g., IP in server logs for abuse prevention).

Letters to self: the letter text and the date you choose. If you want it emailed later, we store your email.

Basic analytics: privacy-respecting, aggregate metrics (page views, referrers). We don't build profiles or sell data.

Support messages: anything you send to our contact email.

Moderation signals: we may run automated checks (e.g., for spam/abuse/self-harm risk) on submitted text.

How we use your data

  • Show anonymous notes on the site.
  • Save your letter and deliver it on the date you chose (if you opted for email).
  • Keep the site reliable, secure, and moderated.
  • Respond to you if you contact us.
  • Improve Invisible Me (aggregate, non-identifying analytics).

Legal bases (GDPR/UK GDPR)

  • Contract/Service: to save and deliver your letter; to display your anonymous note.
  • Legitimate interests: security, moderation, analytics, fixing bugs.
  • Consent: marketing emails (only if you opt-in; we're not planning any by default).

How long we keep it

Anonymous notes: kept while the Quiet Garden exists, unless removed for moderation or you ask us to delete a specific note (see "Your rights").

Letters: kept until delivered + a short grace period for reliability, then archived or deleted per our retention schedule (12 months).

Emails for delivery: kept until your letter is delivered; then deleted from the delivery queue logs within X days.

Logs/analytics: typically 30โ€“90 days unless needed longer for security or legal reasons.

Sharing & processors

We don't sell your data. We use trusted providers to run Invisible Me:

  • Hosting/CDN: Cloudflare (Pages, DNS, security).
  • Email delivery: RESEND
  • Error monitoring/analytics: Cloudflare Analytics.

These providers act as processors under data-processing terms. Some may process data outside the UK/EU with safeguards (e.g., SCCs).

International transfers

If data leaves the UK/EU, we use appropriate safeguards (standard contractual clauses or equivalent).

Security

We use HTTPS, access controls, and least-privilege practices. No system is perfect; if we detect a breach that risks your rights, we'll notify you and regulators when required.

Your rights

Depending on where you live (UK/EU), you can:

  • Access, correct, or delete your data.
  • Object to or restrict certain processing.
  • Request portability (data export).
  • Withdraw consent when processing is based on consent.

To exercise these, email invisiblemeapp@gmail.com. For anonymous notes, please include the text + date/time so we can locate the exact entry.

You can complain to a supervisory authority (e.g., ICO in the UK).

Cookies & tracking

We aim to avoid invasive tracking. If we use cookies at all, they're strictly necessary (e.g., CSRF/session) or lightweight analytics without cross-site tracking. We don't run third-party ads.

Children

Invisible Me isn't directed to children under 16 (or the age required by your region). If you believe a child has provided data, contact us to remove it.

Self-harm & safety

If a note appears to indicate immediate risk, we may temporarily hold or remove it and surface crisis resources. We do not provide medical advice.

Changes

We'll update this page if our practices change. Substantial changes will be highlighted on the site.