Privacy Policy
What we store, and what we can never see.
Last updated: 15 July 2026
The Last Relay is an encrypted dead-man’s switch operated by Unthinking AI, LLC (“we”, “us”). This policy explains, in plain language, exactly what we hold about you, what we have deliberately built ourselves out of being able to read, and who else touches your data.
The one thing to know
Your capsule’s contents — your message and your files — are encrypted on your device before they ever reach us. We store only ciphertext. We never receive your encryption keys or your recipients’ unlock phrases, so we cannot read your capsule — and neither can anyone who breaches us or compels us to hand it over.
On this page
01 What we store
- Account & identity. Your email address(es) and their verification status, and your passkey credentials (WebAuthn public keys and credential identifiers). We never store passwords — sign-in is passkey-only.
- Capsule ciphertext. The sealed capsule — your message and files — as an opaque encrypted container. It is encrypted with XChaCha20-Poly1305, and the key that unlocks it is itself wrapped with a key derived (via Argon2id) from a phrase we never receive.
- Routing & delivery data. The email addresses of the recipients and the trusted contact(s) you designate, a per-recipient identifier, and any optional display name or note you choose to include in an invitation. We need these to deliver invitations, reachability checks, and the capsule itself.
- Capsule configuration & state. Your check-in schedule, countdown and threshold settings, your release policy, and the current lifecycle state (draft, armed, overdue, in verification, released, deleted, and so on).
- Activity log. An append-only, timestamped record of the events that drive your switch — check-ins, arming, contact responses, releases, deletions. This is how the switch works, and it doubles as your audit trail.
- Technical logs. Ordinary server and security logs (such as IP address, timestamp, and user agent), kept transiently for security, abuse prevention, and debugging.
02 What we deliberately can’t see
By design, we do not hold — and cannot obtain — any of the following:
- The plaintext of your message or files. They are encrypted on your device before upload.
- Your encryption keys, in any usable or unwrapped form.
- Your recipients’ unlock phrases. Each recipient’s six-word phrase exists only on the card you hand them and in their memory.
The practical consequence: we cannot read, recover, reconstruct, or produce the readable contents of any capsule — not for you, not for a recipient who lost their phrase, and not for anyone who compels us.
03 How we use what we store
- To operate the switch: track your check-ins, run countdowns, ask your trusted contact whether they can reach you, and deliver the capsule to your recipients under the conditions you set.
- To communicate: send verification, check-in, invitation, reachability, security-notice, and release emails.
- To keep it safe: detect abuse, prevent fraud, and diagnose problems.
We do not sell your data, share it for advertising, or build behavioural profiles. There is no ad tech here.
04 Who else touches the data
We rely on a small set of infrastructure providers, each acting only on our instructions as a processor:
- Vercel — hosting, serverless functions, encrypted blob storage, and scheduled jobs.
- Neon — the PostgreSQL database that holds account, routing, configuration, state, and log data.
- Resend — delivery of our transactional email.
- Apple — passkey (WebAuthn) and associated-domain verification.
Ciphertext stored with these providers stays ciphertext. None of them can read your capsule either.
05 Email
Every message we send is transactional — there is no marketing list to join or leave. Security-sensitive actions, such as a check-in or a sign-in, trigger a notice to all of your verified addresses, so you always know when your switch has been touched.
06 Retention & deletion
- Draft content stays on your device until you arm your capsule. Only then is ciphertext uploaded.
- You can delete your capsule at any time. Deletion is subject to a safety cooldown and a fresh passkey confirmation — so that no one can silently destroy your switch. After the cooldown, the ciphertext and its wrapped keys are erased.
- After a capsule is released and every recipient confirms they have downloaded it, the ciphertext is erased from our servers.
- Once a recipient downloads and decrypts a capsule onto their own device, those files are theirs. We cannot retrieve, revoke, or delete copies that have left our system.
- Routing data and logs are kept only as long as needed to operate your switch and to meet security and legal obligations, then deleted.
07 Your choices & rights
- View and adjust your account, capsule configuration, recipients, and contacts in the app.
- Delete your capsule and account, subject to the safety cooldown described above.
- Depending on where you live (for example under the GDPR or CCPA), you may have rights to access, correct, port, or erase the personal data we hold about you. Contact us to exercise them. Note that we cannot produce the readable contents of a capsule, because we do not have them.
08 Security
End-to-end encryption, passkey-only authentication, private storage reached through short-lived signed links, and security notices on sensitive actions. No system is perfectly secure, but the architecture is built so that a breach of our servers exposes ciphertext and routing metadata — never the contents of a capsule.
09 Legal requests
Because capsule contents are end-to-end encrypted and we hold neither your keys nor your recipients’ phrases, the most we can ever produce in response to a lawful request is ciphertext and metadata — account and routing information, timestamps, and logs. We cannot decrypt a capsule for anyone. How we handle legal process is described in our Terms of Use.
10 Children
The Last Relay is not intended for anyone under 18, and we do not knowingly collect data from children.
11 International processing
Your data may be processed in the United States and in other countries where our providers operate. Wherever it is processed, the encryption model is the same.
12 Changes to this policy
We may update this policy from time to time. We will revise the date at the top, and for material changes we will make a reasonable effort to notify you.
13 Contact
Questions about privacy? Email info@ai-created.com.