Privacy Policy

This policy applies to the Random Penpal Chrome extension and its backend server (the “Service”).

1. Information We Collect

• Account: email, nickname, password (stored as a hash)
• Verification: email verification codes (stored temporarily)
• Security: user-agent and IP at signup for abuse prevention
• Content: letters you write or receive and their read status

2. How We Use Information

• To provide core features (authentication, sending/receiving letters, unread badge)
• To prevent abuse (rate limiting, verification attempt limits)

3. Retention & Protection

• Email verification codes expire and are deleted (e.g., in 5 minutes).
• Passwords are stored only as hashes; we never keep plaintext passwords.
• Data is transmitted over HTTPS. JWTs are sent only via the Authorization header.

4. Sharing

We do not sell personal data or share it with third parties beyond what is necessary to operate the Service.

5. Data Minimization

We collect and process only what is required to provide the Service.

6. Contact

For privacy-related inquiries, contact us at:
Email: jaejeong212@gamil.com

Effective date: 2025-01-01