privacy policy
everything you keep on dy.ing is encrypted in your browser before it reaches us, so we can’t read it — not even under a court order. this page is about the little we actually hold.
last updated: 2026-06-16 · alpha quality · see also the threat model.
who we are
“dy.ing”, “we”, and “the operator” all mean the same person running this service. we operate pseudonymously. privacy or data questions go to privacy@dy.ing, or use the contact in our security.txt.
what we cannot see
your content is encrypted on your device with keys we never get. on our side it’s just ciphertext. that covers:
- note contents and titles
- file contents and file names
- the contents of mail received at your masks and mailbox
we can’t read it, hand it over, or get it back for you. we don’t have the keys.
one exception: if you send mail out to an external address (admin mailboxes only, for now), that message is plaintext in transit, since the recipient holds no key. mail you receive always stays sealed.
what we do handle
- a usernameyou choose one. we never ask for an email address, phone number, or real name.
- authentication materiala login check-value computed in your browser, plus your encryption key locked under another key we can’t reproduce. we store both, but neither one lets us work back to your password or your data.
- ciphertext blobsyour encrypted content, plus minimal sizing/quota metadata needed to store and bill space.
- a session cookieone HttpOnly cookie to keep you logged in. no tracking or advertising cookies, ever.
- minimal operational recordsaggregate, non-identifying counters — including rounded page-view and visitor counts (see /stats) — plus a security audit log. we estimate unique visitors with a salted, daily-rotating hash and never store or log a raw IP. none of it is linked to your content.
the one public part: profiles
if you turn on a public profile at /@yourname, that page is the one thing here we can read — because it’s meant to be seen by anyone. the display name, bio, links, and any avatar or banner you upload are stored as plaintext. it’s entirely opt-in, it’s built only from what you put there (never from your sealed notes, files, or mail), and it stays private until you choose to publish it.
your account & recovery
your encryption key is derived in your browser. if you lose your credentials, the one-time 24-word recovery code is the only way back in. we can’t reset it or recover it for you, and without it we can’t decrypt your data either. lose the recovery code and your data is gone for good.
no trackers, no third parties in your browser
- no third-party scripts, fonts, analytics, or ads. strict content-security-policy, everything self-hosted
- we don’t sell, rent, or share personal data. there’s basically none to sell anyway
- a CDN edge may serve your files, but only as ciphertext it can’t read
- hosting and storage providers only ever touch encrypted blobs and the minimal records above
retention & deletion
you can delete your content whenever you want; that pulls the ciphertext out of active storage. encrypted backups stick around for a short rolling window in case of disaster, then expire on their own. the aggregate counters hold no personal data, so we keep them indefinitely. audit hashes we keep only as long as security needs them, then purge.
your rights
you can access and export your (encrypted) data, and delete your account. because we hold almost no personal data and can’t read your content, a lot of the usual data-subject requests don’t have much to act on here. depending on where you live you may have other statutory rights; contact us to use them.
children
dy.ing is not directed to children and is not intended for anyone under the age of majority in their jurisdiction.
changes & governing law
we may update this policy; material changes will be noted by the “last updated” date above. we run dy.ing pseudonymously and haven’t tied it to a single jurisdiction yet; until we do, this policy is applied to the fullest extent permitted by applicable law.