privacy

What we keep, and what we don't.

Last updated: May 2026

What we never collect

  • No accounts, no passwords, no email addresses.
  • No cookies. No localStorage. No persistent client-side identifiers.
  • No tracking or analytics scripts. No third-party trackers.
  • No phone numbers, no contact lists, no social profiles.
  • No images, no audio, no video — the service is text-only.

What we store, and for how long

When you create a message, we store:

  • Encrypted ciphertext— the message text after AES-256-GCM encryption, done in your browser. We can't read it.
  • The IV (a random number that goes with the ciphertext) and the emotion tag you picked.
  • Sender name — only if you typed one. Optional.
  • A SHA-256 hash of a preview token — never the raw token. The raw token lives only in your preview link.
  • A random slug for the URL, plus timestamps for when the message was created and when it expires.

All of this is deleted as soon as the message is opened, or 24 hours after it was created — whichever comes first. We do not keep backups of opened or expired messages.

The encryption key never reaches us

The AES-256 key is generated in your browser and lives only in the URL fragment — the part after the #. Browsers do not send fragments to servers. So our database holds ciphertext we cannot decrypt. Even if our database were stolen, the messages would be unreadable without the link itself.

IP addresses

For abuse protection (basic rate limiting), we briefly hash your IP address with SHA-256 and keep that hash in memoryon the server, evicted whenever the server restarts or memory pressure clears it. We never store raw IPs. We never log them. They aren't written to disk.

Third parties

The site runs on Vercel (hosting) and Supabase (database). They see encrypted traffic and encrypted ciphertext respectively. We do not share data with anyone for advertising, analytics, or any other purpose.

Children

The service is intended for users 16 and over. We don't knowingly collect any data from children under that age — and since we don't collect personal data from anyone, this is mostly a formality.

Your rights

Because we don't identify you, there's nothing tied to you to request, correct, or delete. If you want a specific message-slug invalidated, contact us through doctorstatus.in and we'll handle it.

Changes

If we change anything material here, the updated date at the top will move and the change will be visible. We won't silently start collecting things we said we wouldn't.