Snailpost · slow letters, meaningful connections · Last updated July 13, 2026
Dear reader,
This Privacy Policy explains what information Snailpost ("Snailpost", "we", "us", "our"), operated by Pulkit Aggarwal, collects when you use the Snailpost app and website, how that information is used and shared, and the choices and rights you have. We have tried to write it the way we write everything: plainly, so you can actually read it. By using Snailpost you agree to this policy. Snailpost is for people aged 16 and older.
At a glance
Everything in this section exists because you typed it, chose it, or attached it.
| Category | What it includes | Why we need it |
|---|---|---|
| Account & sign-in | Your name and email address, received from Apple or Google when you sign in with them (Apple may share a private relay address if you choose to hide your email), or the email you register with directly. | To create your account, sign you in, and contact you about your account when necessary. |
| Profile | Your pen name, date of birth, optional gender, country, a city you choose, the languages you write in and how well you speak them, your interests, what you are hoping for from a pen pal, your writing preferences (letter length, reply pace, how much writing help you want), an optional bio and profile photo, and answers to profile prompts. | To introduce you to other writers and suggest kindred pen pals. Your date of birth is stored in a private area of your account that other members can never read; only your age is shown on your profile. |
| Letters & content | The letters you write, photos you attach, open letters you post to the community board, messages cast in bottles, wax-seal reactions, stamps and gifts, and any appeal you send to our Post Office desk. | To deliver your correspondence. This is the heart of the service. |
| Reports & support | Reports you file about content or members (including the reason and category), and anything you send to our support email. | To keep the community safe and to help you. |
Some records come into existence simply by using the app:
| Purpose | What is used |
|---|---|
| Delivering letters and running the service | Your account, profile, content, delivery metadata, and push token. |
| Suggesting pen pals | Your country, languages, age, interests, and hopes. Your profile and intro letter may also be processed, including with AI, to derive interest tags that improve suggestions. |
| Community safety and moderation | Reported content, letters flagged by automated screening (see section 5), safety records, and usage counters. |
| Notifications | Your push token and per-type notification preferences. Every notification type can be switched off in Settings. |
| Purchases | Subscription status from the app store you bought through. Payment is processed entirely by Apple or Google; we never see your card details. |
| Support and legal obligations | Whatever you send us, and the minimum records needed to comply with law. |
Which features use AI
What leaves our servers, and what never does
When you use an AI feature, the text that feature needs (your draft, or the letter being translated) is sent over an encrypted connection to our server and from there to an external AI provider (currently DeepSeek) for processing on that provider's servers, which may be located outside your country. To make suggestions relevant, pseudonymous context may accompany the text: pen names, age, country, languages, and interests. We never send your real name, your email address, or your account identifiers to the AI provider, and the provider is used purely as a processor to generate the response.
Because letters are personal, please do not put information you would not want processed this way (such as government ID numbers, passwords, or financial details) into text you submit to an AI feature. Letters you send without using any AI feature are not sent to the AI provider, except as part of the automated safety screening described below.
Automated safety screening
To protect members from scams and serious abuse, outgoing letters, bottles, and board posts may be checked by an automated classifier while they are still undelivered. The screening is deliberately conservative: only content the system is highly confident is seriously harmful is held back, uncertain cases are delivered and may be reviewed by a human, and a technical failure always lets the letter through rather than guessing. If something you sent is ever held, you are told inside the app and can appeal directly to our Post Office desk; a human reviews every appeal.
Limits and honesty
| Content | Visible to |
|---|---|
| Your profile (pen name, age, country, city name, interests, bio, photo) | Signed-in Snailpost members. Your email, date of birth, and private data are never visible to anyone. |
| Letters and attached photos | Only you and the one person you wrote to. |
| Open letters on the board | The Snailpost community inside the app. |
| Bottle messages | The single member who finds the bottle. |
| Reported or held content | Our moderation team, so reports and appeals can actually be reviewed by a human. |
We share data only with the processors needed to run Snailpost, each bound by its own terms and privacy commitments:
| Provider | What they do for Snailpost |
|---|---|
| Google Firebase / Google Cloud | Authentication, database, file storage for photos, server functions, push notifications, and crash reporting. Our primary servers are in the asia-south1 (Mumbai, India) region. |
| Apple App Store / Google Play | Sign-in (Apple and Google accounts) and subscription billing. We receive subscription status, never payment card details. |
| External AI provider (currently DeepSeek) | Processes text for the optional AI features and safety screening described in section 5. |
Beyond that: we may disclose information if required by law, legal process, or to protect the safety of members or the public (child-safety matters in particular, see section 10). If Snailpost is ever acquired or merged, your information may transfer under this same policy, and we would notify you. We never sell personal information.
All data travels over encrypted connections (HTTPS/TLS). Access to stored data is restricted by server-side security rules enforced on every read and write, so one member can never read another member's private data even with a modified app. Sensitive server credentials live only on the server. No system is perfectly secure, but we design so that the blast radius of any failure is as small as possible, and we act quickly when something needs fixing.
You can permanently delete your account at any time, directly inside the app (Profile → Settings → Delete account) or from our account deletion page. Deletion removes your sign-in account, profile, private data, your letters and their photos, push tokens, and other account-linked app data. Deletion is immediate and cannot be undone.
We keep limited safety records (for example, records connected to abuse reports, moderation enforcement, or legal obligations) only where and for as long as genuinely required for abuse prevention or by law. Routine backups that may briefly contain deleted data are purged on a rolling basis.
Snailpost is not directed at children and is not for anyone under 16. We remove accounts we learn belong to under-16s. We have zero tolerance for child sexual abuse and exploitation: such content is reported to the relevant authorities, and we cooperate with law enforcement. Our full standards are published in our Child Safety Standards. To report a child-safety concern, email hi@pulket.in and it will be treated as urgent.
Snailpost's primary infrastructure is in India (Google Cloud, asia-south1). Because our providers, including the external AI provider, operate globally, your information may be processed in countries other than your own. Wherever it is processed, it stays protected by this policy and by the safeguards our providers offer.
Depending on where you live (including under the EU GDPR, the UK GDPR, India's DPDP Act, and similar laws), you may have the right to: access a copy of your personal information; correct it; delete it; object to or restrict certain processing; data portability; and to complain to your local data-protection authority. Profile information can be viewed and edited directly in the app, and deletion is built in (section 9). For anything else, email us and we will respond within 30 days. We may need to verify you are the account holder before acting on a request. We will never treat you worse for exercising your rights.
When you sign in with Apple or Google, those providers handle your credentials under their own privacy policies; we never see your password. You can review or revoke Snailpost's access from your Apple ID or Google account settings at any time. If you used Apple's "Hide My Email", correspondence from us reaches you through Apple's private relay.
If we change this policy, we will update the date at the top. For material changes we will also tell you inside the app before the change takes effect. Continuing to use Snailpost after a change means you accept the updated policy.
Snailpost is operated by Pulkit Aggarwal. For any privacy question, request, or concern, write to hi@pulket.in with the subject "Snailpost Support". Letters get answered; it is rather the point of the whole thing.
Note: Snailpost was previously published under the name "Dearly". This policy applies to the same app and service under its new name.
yours patiently,
the Snailpost desk
Snailpost · slow letters, meaningful connections