📬 Privacy Policy

Last updated: June 6, 2026

1. Information We Collect

When you use Misdelivered, we may collect:

• Photos of misdelivered mail — These images may contain names, addresses, and other personally identifiable information (PII) visible on the mail piece.
• OCR-extracted data — Text extracted from mail photos, including sender and recipient addresses.
• Contact information — Email address and optional phone number when you register or provide them.
• Usage data — How you interact with the service (submissions, shares, referral activity).
• Device information — Browser type, IP address, and standard technical data collected by web servers.

2. How We Use Your Information

We use collected information to:

• Process misdelivered mail reports and match them to registered senders
• Notify senders and recipients about misdelivered mail
• Improve our OCR accuracy and matching algorithms
• Track environmental impact (CO₂ saved, trees equivalent)
• Communicate with you about your submissions (if you provide contact info)
• Prevent fraud and abuse of the platform

3. Photo Handling & Retention

Mail photos contain highly sensitive personal information. Our practices:

• Photos are stored securely and encrypted at rest
• Photo deletion depends on retention policy and legal guidance
• Photos are never shared with third parties for marketing or advertising
• Only extracted address data (text) is retained long-term for matching purposes
• You may request early deletion of your photos at any time

4. Data Sharing

We do not sell your personal information. We share data only as necessary to operate the service:

• Registered senders receive notification when mail addressed to them is reported — this includes the sender address (which is already their own data) and confirmation that a report exists.
• Service providers — We may use third-party services for email delivery, payment processing (Stripe), and hosting. These providers are bound by their own privacy obligations.
• Legal requirements — We may disclose information when required by law, such as in response to a valid legal process.

5. Sender Portal Data

Businesses that register as senders provide:

• Company name and email address
• Business addresses for matching purposes
• Payment information (processed by Stripe — we never see full card details)

Sender data is used solely for the purpose of matching misdelivered mail and providing the sender dashboard service.

6. Data Security

We implement reasonable security measures including:

• Encrypted data transmission (HTTPS/TLS)
• Encrypted password storage (bcrypt hashing)
• JWT-based authentication for sender accounts
• Rate limiting to prevent automated attacks
• Regular security reviews of our systems

No system is perfectly secure. We encourage you to use strong, unique passwords and to contact us immediately if you suspect unauthorized access.

7. Your Rights

You have the right to:

• Request a copy of the personal data we hold about you
• Request deletion of your personal data
• Opt out of any non-essential communications
• Request correction of inaccurate data

To exercise these rights, contact us at [email protected].

8. Cookies

We use minimal cookies:

• Authentication tokens — JWT tokens stored as cookies for sender portal access
• We do not use tracking cookies, advertising cookies, or third-party analytics cookies

9. Children's Privacy

Misdelivered is not intended for use by children under 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users via email of any material changes. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy questions or requests, contact us at:

[email protected]