Privacy Policy
Last updated: February 10, 2026
TL;DR — Your privacy in 30 seconds
- No accounts — We never ask you to sign up.
- No tracking — No analytics cookies, no ad pixels, no fingerprinting.
- Secret keys are hashed — We cannot read them, even with database access.
- We never sell or share data — Period.
- You can delete everything — One click on your manage page removes all data permanently.
- Minimal data — We only store what's needed to display your page.
What We Collect
| Data | Why | Protection |
|---|---|---|
| Page content | To display your page to the recipient | Encrypted in transit (HTTPS). Deletable anytime. |
| Email address | To notify you when someone responds | Only used for notifications. Never shared. |
| Secret key | To protect your page from unauthorized access | Hashed (SHA-256). We cannot read it. |
| Manage token | To let you edit/delete your page | Hashed (SHA-256). Shown once, never stored in plaintext. |
| View count | To show you page analytics | Anonymous counter only. No visitor tracking. |
What We Don't Collect
Security Measures
Hashed secrets
Secret keys and manage tokens are hashed using SHA-256 with HMAC. Even with direct database access, these values cannot be recovered.
Rate limiting
All API endpoints are rate-limited to prevent brute-force attacks and abuse — this is an industry-standard security practice used by every major web service. Secret key verification is strictly limited to 5 attempts per minute.
HTTPS everywhere
All data in transit is encrypted. We enforce HTTPS on all connections.
Input sanitization
All user input is validated and sanitized to prevent XSS and injection attacks.
Content Security Policy
Strict CSP headers prevent unauthorized scripts from running.
Your Rights
Delete your data
Visit your manage page and click “Delete this page & all data”. This permanently removes your page, all responses, analytics, and payment records. No questions asked.
Contact us
For any privacy questions or data requests, email us at cupid@meandmy.world.
About Free (Open) Pages
Free pages don't use a secret key — anyone with the link can view them. This is by design: these pages are meant to be shared openly with your special person.
What's on the page? Just the fun, creative content you typed — names, messages, choices. No personal identification data, no contact details, no browsing history.
Can the site owner read my page? Technically, page content is stored in our database to display it. But we have no reason, interest, or mechanism to browse individual pages. Think of it like a greeting card service — they print your message but don't read it.
Want privacy? Add a secret key when creating your page (available with premium). It's hashed so even we can't bypass it.
Third-Party Services
| Service | Purpose | Data shared |
|---|---|---|
| Vercel | Hosting | Standard web request data (routing only) |
| Turso | Database | Your page data (stored encrypted at rest) |
| Razorpay | Payment processing | Payment info only (we never see card details) |
| Cloudflare Turnstile | Bot protection | Challenge token only (no cookies) |
We believe in transparency. If you have any questions about how your data is handled, reach out to us at cupid@meandmy.world.