What we never see.

Letters is built so that even if our servers were copied tomorrow, your conversations would still be unreadable. Here is what that means, in plain words.

  1. 01

    End-to-end encrypted in your browser

    Every message is encrypted with AES-GCM 256 inside the sender's browser before it leaves the device. The key lives only in the URL fragment after the # — a part of the address that browsers never send to servers. Our database stores only ciphertext.

  2. 02

    What the database holds

    For each room we store: a random 12-character room id, the chosen language codes, an anonymous per-browser identifier (random UUID — not an account), and the encrypted bytes of each message. No emails, no phone numbers, no names unless you type one in.

  3. 03

    How translation works

    We use Google Gemini to translate. Translation happens client-side: the original text and the translated text are encrypted before they reach our database. Gemini sees only the message text plus its language pair — no room id, no user id, no metadata. We never log what Gemini receives or returns.

  4. 04

    No analytics

    There are no Google Analytics, Meta pixels, Plausible counters, or session replays anywhere on this site. Server-side logs record only request status and latency, never message content.

  5. 05

    Twenty-four hours, then gone

    Every room is deleted automatically twenty-four hours after creation. You can end a conversation immediately from the Settings drawer. Either way, when a room is deleted, every ciphertext and every participant record is removed by cascade. The encryption key was never on our servers, so there is nothing left to decrypt.

  6. 06

    Questions

    If something here is unclear, write to the email address printed in this project's README on GitHub. We will answer in plain words.