🎯 What This Policy Covers

This privacy policy applies to the Play Post app for Playdate and the hosted service at playpost.cc. If you self-host the Play Post server, you control all data and this policy doesn't apply to your instance.

📬 How Letters Are Delivered

When your child sends a letter, here's what happens:

• Voice upload: The voice recording is uploaded from the Playdate to our servers on Cloudflare.
• Transcription: The audio is sent to Google Gemini to convert speech to text.
• Secure storage: Both the audio file and transcription are stored securely on Cloudflare.
• Email notification: The recipient gets an email with a secure link — the actual letter content is not included in the email.
• Secure viewing: Recipients click the link to view a private web page where they can read the transcription and listen to the original voice recording.

This approach means your child's words stay protected even if the recipient's email is compromised.

👶 Children's Privacy

Play Post is designed for children to use. We take this responsibility seriously:

• No account required: Children don't need to provide any personal information to use Play Post. No name, email, password, or age is collected from the child.
• Parent-controlled setup: Only a parent or guardian can configure the app and add contacts.
• No direct contact: Children can only communicate with contacts that parents have explicitly approved.
• No advertising: Play Post contains no ads and never will.
• No behavioral tracking: We don't track how children use the app.

📝 What We Collect

We collect only what's necessary to deliver letters:

• Voice recordings: Stored securely until the letter expires (30 days), so recipients can listen to your child's voice.
• Letter content: The transcribed text of voice messages and any replies from recipients.
• Contact information: Names and email addresses of contacts that parents add during setup.
• Device credentials: A randomly generated device ID and secret (stored as a secure hash) to authenticate the Playdate.

🗑️ Data Retention

We don't keep data longer than necessary:

• Letters and voice recordings: Automatically deleted 30 days after creation.
• Setup sessions: Temporary data expires after 5 minutes.
• Device data: Retained while the device is registered. You can request deletion at any time.

🔒 How We Protect Data

• Encryption in transit: All data is transmitted over HTTPS.
• Secure credentials: Device secrets are hashed using PBKDF2 and never stored in plain text.
• Minimal access: Reply tokens are opaque and don't expose email addresses to recipients.
• No third-party tracking: We don't use analytics services, cookies, or tracking pixels.

🤝 Third-Party Services

We use the following services to operate Play Post:

• Google Gemini: For voice-to-text transcription. Audio is sent to Google's API for processing. See Google's Privacy Policy.
• Resend: For sending emails. Recipient email addresses are shared with Resend. See Resend's Privacy Policy.
• Cloudflare: For hosting, storage, and email receiving. See Cloudflare's Privacy Policy.

🌍 Data Location

Data is processed and stored on Cloudflare's global network. Transcription requests are sent to Google's servers. Email delivery is handled by Resend's infrastructure.

✅ Your Rights

You have the right to:

• Access: Request a copy of data associated with your device.
• Delete: Request deletion of all data associated with your device.
• Self-host: Run your own instance of Play Post for complete control over all data.

To exercise these rights, contact us using the information below.

👨‍👧‍👦 About the Creator

Hi, I'm Josh Crowley, a UX designer based in Sydney. I built Play Post for my own family.

I wanted an easy way for my kids to stay in touch with grandparents, aunts, uncles, and family friends — and I loved the idea of them being able to send letters before they could even write or read. Recording a voice message is something even a toddler can do.

Building it for the Playdate was important to me because it's a device I can give to my kids safely, knowing they won't accidentally end up on YouTube or anywhere else on the internet. It's just games and now, letters.

I encourage you to consider self-hosting this project for complete control over your family's data. But when you're trying it out, feel free to use my pre-configured infrastructure — that's what it's there for.

You can find me on Twitter/X if you have questions or just want to say hi.

🔍 Open Source Transparency

The Play Post server infrastructure is fully open source under the MIT License. You can review exactly what data we collect and how we handle it by examining the server code:

• github.com/joshcrowley/playpost

This includes the Cloudflare Worker that processes letters, the website, and all database migrations. Security researchers and privacy advocates are welcome to audit the code and report any concerns.

📧 Contact Us

📝 Changes to This Policy

We may update this privacy policy from time to time. We will notify users of any material changes by updating the "Last updated" date at the top of this page. For significant changes, we may also post a notice on our homepage.