Privacy & Encryption

Your words. Yours alone. Until the moment they're meant to be read.

WordsLater is built so that the most private words you'll ever write - letters to your children, final messages, deeply personal memories - stay private. Encrypted on your device, encrypted on our servers, encrypted in transit, and only ever readable by the people you choose, at the time you choose. Here's how.

Privacy Built Into Every Layer

Six pillars that protect your messages from the moment you write them.

AES-256 Encryption at Rest

Every message, attachment, photo, and recording is encrypted with AES-256 before it's written to storage. The same standard trusted by banks and governments worldwide.

TLS 1.3 in Transit

Everything moving between your device and our servers - and from our servers to your recipients - is wrapped in modern TLS encryption with forward secrecy.

Per-Message Keys

Each message gets its own encryption key. A compromise of one message can never cascade to expose others. Keys are managed by a hardware-backed key service.

Zero-Knowledge Posthumous Vault

Messages marked for posthumous delivery are sealed in a vault that no WordsLater employee can open. Only the verified release process can decrypt them, only at the time of delivery.

Strict Access Controls

Internal access to any production system requires SSO, hardware MFA, and a documented business reason. Every access event is logged and reviewed.

Minimal Data Collection

We collect only what we need to deliver your messages reliably - and nothing we'd rather not have if a breach ever happened. No ad tracking, no data brokering, ever.

The Journey of a Message

Follow your message from the moment you write it to the moment it arrives.

1

You write

As you compose, drafts are saved over an encrypted TLS connection to your account.

2

We encrypt

When you save, your message is encrypted with a unique AES-256 key. The key is wrapped by our hardware-backed key service and stored separately from the data.

3

We store - safely

Encrypted content lives in geographically redundant storage. Without the matching key, the data is unreadable - even by us.

4

We wait

Your message sits sealed until its trigger fires - a date, a milestone, or a verified posthumous release. While waiting, no one can read it.

5

We deliver

When the trigger fires, the message is decrypted and delivered to your chosen recipients over TLS. Delivery is logged; the plaintext is never stored.

6

We clean up

After successful delivery and any retention window you've chosen, the encrypted record is securely destroyed in accordance with our Data Retention policy.

Privacy you can hand down for a lifetime.

Start writing today. No credit card. Full encryption from your very first draft.

Start Free Security Overview

Our Privacy Promises

Clear lines, in plain language.

What we will do

Encrypt every message, every attachment, every time.
Keep your data only as long as you ask us to.
Let you export or permanently delete your data anytime.
Notify you promptly in the rare event of a security incident.
Require multi-step verification for any posthumous release.
Comply with valid legal requests narrowly, and notify you when allowed.

What we will never do

Sell, rent, or share your content with advertisers or data brokers.
Read your messages for marketing, training AI, or any other purpose.
Use third-party ad tracking, behavioral profiling, or pixel networks.
Allow trusted contacts to read your content - they only confirm your status.
Release a posthumous message based on a single unverified report.
Keep deleted content lingering in backups beyond our documented window.
About law enforcement requests: We respond to valid legal process narrowly and only as required by law. Whenever legally permitted, we notify the affected user first so you have a chance to respond. We do not provide bulk access to user data.

Frequently Asked Questions

Can WordsLater employees read my messages?

For posthumous-vault messages: no - they're sealed in a way that no employee can decrypt. For all other messages, access is technically possible only with strict, audited internal controls, and is forbidden by policy except for narrow troubleshooting situations with your consent.

What happens if my account is hacked?

We protect against this with strong password requirements, optional two-factor authentication, anomalous-login detection, and a forced 7-day cooling-off window before any sensitive change (recipient swaps, posthumous release dates, trusted-contact changes) takes effect.

Do you use my messages to train AI?

Never. Your content is not used to train any AI model, ours or anyone else's. We don't share it with third parties for analytics, marketing, or model training under any circumstances.

Where is my data stored?

In geographically redundant, audited data centers in the United States by default, with options for EU residency on enterprise plans. See our Data Retention & Custody page for details.

Can I delete everything if I change my mind?

Yes - permanently. Account deletion securely removes all encrypted content, metadata, and backups after a short cooling-off period (so a malicious actor with momentary access can't wipe a lifetime of work).

What if I lose my password?

You can reset your password using your registered email or phone. For accounts with high-value posthumous content, we recommend turning on two-factor authentication and confirming your recovery contact information during periodic check-ins.

Is WordsLater GDPR and CCPA compliant?

Yes. We honor data access, portability, correction, and deletion requests under both GDPR and CCPA. See our Privacy Policy for the full details on how to exercise your rights.

Are attachments and recordings encrypted the same way?

Yes. Photos, documents, voice notes, and videos are encrypted at rest with per-message keys derived from your account, and re-encrypted in transit on every delivery.