Last updated December 15, 2017
Privacy is in our name: write as yourself; write as anyone. Without anyone closely examining you, you can write freely. It's a core principle and the mission of both our products and entire business to protect your identity.
The short story is that we never share your data, and we minimize what we know about you. The information we do collect may be needed for a moment, but we permanently delete it as soon as it's no longer needed.
When you publish anonymously on Write.as, we don't know who you are. Information about what you've published is kept on the browser or device you use to interact with Write.as. This helps ensure we can't link your posts together.
If you decide to sign up for Write.as, we don't ask for your real name, date of birth, home address, or anything like that. It's none of our business, it doesn't provide any value for you, and it diminishes the protection we can give you.
We aim to protect free expression on our platform by collecting as little user data as possible, and encouraging our users to use the protective technologies available to them, like a VPN or Tor (see our onion service: writeasw4b635r4o3vec6mu45s47ohfyro5vayzx2zjwod4pjswyovyd.onion).
We consider the necessity of every piece of data we keep, only retaining what we need to give you a smooth experience. This data will never be used for any other purpose.
We don't use any third-party services that might put cookies in your browser.
Write.as works well even when you're entirely anonymous to us. But we also provide some features that aren't technically feasible without a unifying "account." If you'd like these features, you can create one on Write.as.
We ask you to provide a password and/or email address when you create an account with us, so that you can log into your account again in the future. We store this information for as long as your account is active. We only use your email address to send you a link to log in with whenever you request it.
As a paying user, we also store small pieces of your payment information so you can see how you're paying for Write.as. This includes the last 4 digits of your credit card number and its expiration date. We never see, nor store, your name, credit card number, or related information (it's only handled by Stripe, our payment processor).
We protect your personally identifying information with encryption. We salt and hash your passwords (that is, encrypt them without a way to decrypt them) and encrypt any identifying information in our database, like your email address.
We store log files, or data about what happens on our servers. This helps us prevent abuse and ensure no one is accessing our servers that shouldn't be.
Our web servers temporarily store information about what IP address connected when. This data is accessed exclusively by our system administrators and developers as needed, and is permanently deleted after seven (7) days.
If you email or otherwise contact us, our customer support team may retain information you'd find in an email, like first and last name, email address, and any online handles. This data is accessed exclusively by customer support and developers as needed, and helps us provide support, fix things, and generally talk directly to you. In the rare case we need to know your Write.as username, we delete its association with your identifying information as soon as we're done talking.
We use an open-source application, called Matomo (formerly Piwik), to analyze visitor statistics. Using Matomo ensures that this data never leaves our servers, and big analytics companies like Google never see your data. It enables us to improve our product while still protecting your identity and data.
Our business team and developers use Matomo to see where visitors come from, how they navigate around the site, and where they potentially get stuck. We often make small improvements to the site simply from seeing this high-level, anonymous data.
We will never share your data for advertising, marketing, or world domination purposes. We will never change our stance on this.
Access to our servers requires a valid search warrant signed by a judge. We will comply with lawful orders for the small amount of personal data we have on our users, but we (and our lawyers) will critically review every request we get, and promise to reject requests with insufficient legal backing.
We publish a quarterly warrant canary to notify users of any secret warrants we receive.
We'll announce any major changes to this policy on our Mastodon account. You should also see a prominent notification on the site the next time we update this.