Privacy Policy

Effective April 7, 2026

What We Store

We practice data minimization. We only store what is needed to deliver the service.

  • Your username and a bcrypt hash of your password (we never store plaintext passwords).
  • Your public key, and an encrypted vault containing your private key (we cannot decrypt the vault without your password).
  • Union membership rows — i.e. which usernames belong to which unions — so the app can route messages to the right people.
  • Message, document, vote, and (most) title ciphertext, plus timestamps and sender IDs. The content itself is encrypted on your device with keys we never see.

What We Don't Have

  • Plaintext content: Messages, document bodies, vote choices, and (with rare exception) titles are end-to-end encrypted. We cannot read them.
  • Your real identity: We don't require legal names.
  • Your email: Not required to sign up. (You can optionally add one in Settings for notifications; that value is stored in our database.)
  • Tracking cookies or analytics: No third-party analytics scripts, no advertising trackers.

IP Addresses

We do not persist visitor IP addresses to any log we control. However, we extract the client IP in-memory for a few seconds at a time to rate-limit sensitive operations (signup, login, password reset, recovery-vault lookups, and invite-link lookups). The values are kept in ephemeral cache that resets when the server process recycles; they are not written to disk.

Our hosting provider (Vercel) and our database provider (Supabase) may keep standard web-server access logs that include IP addresses. These logs are outside our direct control and subject to their respective privacy policies.

Local Storage & Cookies

uunn does not use tracking cookies. We use your browser's local storage and session storage solely for cryptographic purposes:

  • Session Storage: Your private encryption key is stored temporarily and cleared when you close the browser or log out.
  • Authentication: A session token is used to keep you logged in. No third-party cookies are involved.

Third-Party Services

uunn uses the following third-party services to operate:

  • Supabase: Database hosting. All sensitive content is encrypted before it reaches Supabase — they cannot read your messages or documents.
  • Google Gemini: Optional AI-assisted document drafting. Used server-side only. No message content or personal data is sent to Google.
  • Vercel: Application hosting. Standard web server logs may be generated by the hosting provider.

Data Retention

Your data is stored for as long as your account exists. When you delete your account, all associated data — including memberships, messages, and documents — is permanently removed from our servers. We do not retain backup copies of deleted accounts.

Your Rights

You have full control over your data.

Delete Account

Permanently remove all your data from our servers. You can delete your account at any time from your Profile Settings.