Privacy

Last updated: 8 May 2026.

Short version

• We don’t sell your data, run ads, or use third-party trackers.
• We don’t use cookies for advertising or analytics. We use one cookie to remember your reactions on posts (anonymous), and one cookie if you log in (your session).
• If you sign up, we store the data you give us (name, email, optional city, optional bio). You can delete your account by emailing us.
• Comments are public to anyone who can read the post you commented on.
• We send transactional email (account, invites, replies) via Resend and host on Cloudflare R2 (media) and Render (servers/database).

What we collect

If you visit without an account

We collect standard server logs (IP address, timestamp, page requested) for security and debugging. We don’t use these to track you across sessions or sites.

If you click ❤️ / 👏 / 😮 / 🫡 on a post, we set an anonymous cookie called unmarked_readerso we can show you which reactions you’ve already left. The cookie holds a random ID, not anything identifying.

If you request an invite

We store the name, email, optional city, and optional message you submit, plus your IP address and submission timestamp. This is used only to decide whether to issue you an invitation. If we don’t invite you, we keep the row to detect spam patterns.

If you have an account

We store your email (for sign-in and notifications), display name, slug (for your /authors/<slug>URL), optional bio, and an encrypted password hash if you set one. If you sign in with Apple or Google, we store the provider’s stable user identifier — never your password from that provider.

We log every administrative action you take (create, update, delete on journeys, postcards, comments, etc.) to an append-only audit log, visible to OWNER-level users only.

Comments and reactions

When you leave a comment, you can optionally provide an email so we can email you when someone replies. The display name + comment body are public; the email is not.

Sharing your content

Authors choose the visibility of every journey and postcard:

• Private — only you and the site owner.
• Link— visible only to people holding a share link you’ve issued. Default for new content.
• Public — visible to everyone on the public feed.

Share links are revocable at any time. When you revoke a link, anyone currently using it is locked out at the next page load.

Email

We send transactional email via Resend: sign-in invitations, password resets, comment-reply notifications, post-published notifications to subscribers. Every recurring email includes a one-click unsubscribe header per RFC 8058.

Hosting

Web servers, application servers, and the primary database are hosted on Render in the Oregon region. Photos and videos are stored on Cloudflare R2. Backups are made nightly to a separate R2 bucket and retained for 30 days.

Your rights

You can request a copy of your data, correction of any field, or deletion of your account by emailing hello@unmarked.blog. We respond within seven days.

← Back home