Cartita.← Back to home

Last updated June 12, 2026

Privacy Policy

Effective Date: June 12, 2026 · Last Updated: June 12, 2026

Cartita ("Cartita," the "App," the "Service," "we," "us," or "our") is operated by Santiago Sánchez, an individual based in Montevideo, Uruguay (the "Operator"). The Operator is the data controller responsible for your personal data as described in this Privacy Policy.

Contact: santiago@cartita.co
Website: https://cartita.co

This Privacy Policy explains what data we collect, why we collect it, who we share it with, how long we keep it, and the rights you have over it. It applies to the Cartita iOS application and any related services we operate.

By creating an account or using Cartita, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Service.

1. A Plain-Language Summary

  • Cartita lets you write anonymous letters and exchange them with strangers. Your username and identity are hidden from other users — but not from us. We store your account data and your content, and we can review content for safety and moderation.
  • We collect: account data (Sign in with Apple), your letters and messages, push notification tokens, subscription status, usage data (streaks, moods, activity), and basic device/technical data.
  • We use trusted third-party processors to run the Service: Supabase (database and authentication), OneSignal (push notifications), RevenueCat (subscription management), and Apple (payments and app distribution).
  • We do not sell your personal data, and we do not show third-party advertising.
  • You can delete your account and all associated data directly in the app (Profile → Settings → Delete Account). This is the primary deletion method; you can also contact us by email with questions.
  • Cartita is for adults only (18+).

2. What "Anonymous" Means on Cartita

Cartita is designed so that other users cannot identify you. It is important that you understand exactly what is and is not hidden:

Hidden from other users:

  • Your Apple ID and any email address associated with your sign-in
  • Your real name (we never ask for it)
  • Your device information, location, IP address, and technical data
  • Your subscription status and purchase history

Visible to other users:

  • Your anonymous username and any profile details you choose to add
  • The content of the letters and messages you send
  • Anything you voluntarily write inside a letter or message — if you include your real name, contact details, social handles, or other identifying information in your content, you are disclosing it yourself, and we cannot un-share it once another user has seen it

Not hidden from the Operator:

  • Anonymity applies between users — it does not mean your content is invisible to us. We store letters and messages on our servers, linked to your account, and we (or systems acting on our behalf) may review content for moderation, safety, abuse prevention, legal compliance, and customer support. Cartita is not an end-to-end encrypted or zero-knowledge service.

3. Data We Collect

3.1 Account and Authentication Data

What: An authentication identifier provided by Apple through Sign in with Apple (the only sign-in method Cartita supports), including the email address Apple shares with us; your anonymous username; profile information you choose to provide; account creation date; user ID.

Why: To create and secure your account, authenticate you, prevent abuse and duplicate or ban-evading accounts, and communicate with you about your account when necessary.

Legal basis (GDPR): Performance of a contract (Art. 6(1)(b)); legitimate interests in security and abuse prevention (Art. 6(1)(f)).

Where: Stored with Supabase.

Hide My Email:Because Sign in with Apple is the only sign-in method, you can use Apple's "Hide My Email" feature to keep your real email address private even from us. This is the most private way to use Cartita, and we encourage it.

3.2 User-Generated Content

What: The letters you write, the replies and messages you send and receive, drafts, reports you submit, and blocks you apply.

Why: To operate the core function of the Service; to moderate content, investigate reports, enforce our Terms, and keep the community safe; to comply with legal obligations.

Legal basis (GDPR): Performance of a contract (Art. 6(1)(b)); legitimate interests in safety and moderation (Art. 6(1)(f)); legal obligation where applicable (Art. 6(1)(c)).

Important: Letters often contain personal, emotional, or sensitive information. You choose what to write. We strongly recommend you never include identifying details in your letters. To the extent your content reveals sensitive information, we process it only to deliver the Service and for moderation/safety purposes, on the basis of your deliberate act of writing and sending it.

3.3 Push Notification Data

What: Push notification tokens, a device identifier, device model, OS version, app version, language, and timezone, as processed by OneSignal; your notification preferences; an internal user identifier.

Why: To send you push notifications (new letters, replies, streak reminders, announcements), only if you grant notification permission in iOS.

Where: Processed by OneSignal. You can disable notifications at any time in iOS Settings.

3.4 Subscription and Purchase Data

What: Subscription status, product identifier, purchase and renewal dates, original transaction identifier, price and currency, and a pseudonymous app user ID. All payments are processed by Apple. We never receive or store your credit card number, billing address, or full payment details.

Where: Processed by RevenueCat and Apple.

3.5 Usage and Activity Data

What: Streak counts, mood selections, letters written/received counts, feature usage, in-app activity timestamps, and similar engagement metrics.

Why: To operate features that depend on activity, to understand how the Service is used in aggregate, and to improve the App.

3.6 Technical and Device Data

What: Device model, OS version, app version, language/locale, timezone, IP address (processed transiently in server logs), and crash/error information.

Why: Security, debugging, fraud and abuse prevention, localization, and keeping the Service running.

3.7 Data We Do NOT Collect

  • We do not collect your precise location (GPS).
  • We do not collect your contacts, photos, microphone, or camera data.
  • We do not use third-party advertising SDKs or sell data to advertisers or data brokers.
  • We do not knowingly collect data from anyone under 18.

4. How We Use Your Data

We use the data described above to:

  1. Provide, maintain, and operate the Service, including delivering letters and messages between users;
  2. Authenticate you and secure your account;
  3. Process and manage subscriptions and entitlements;
  4. Send push notifications you have enabled;
  5. Moderate content, investigate reports, enforce our Terms, and protect users;
  6. Detect, prevent, and respond to fraud, abuse, ban evasion, security incidents, and illegal activity;
  7. Respond to your support requests;
  8. Comply with legal obligations and respond to lawful requests from authorities;
  9. Analyze aggregated, de-identified usage to improve the App.

We do not use the content of your letters for advertising, and we do not sell or rent personal data.

5. Content Moderation and Review

Because Cartita involves anonymous exchanges between strangers, safety requires that content can be reviewed. By using the Service, you acknowledge and agree that:

  • Letters, messages, usernames, and profile content may be reviewed by the Operator, automated systems, or trusted individuals acting on the Operator's behalf, for moderation, abuse prevention, responding to reports, legal compliance, and support;
  • We may retain content that has been reported or removed, along with related account data, for a reasonable period to investigate, enforce our Terms, defend legal claims, or comply with law — even after the content is no longer visible or your account is deleted;
  • Where we believe content indicates a credible risk of serious harm, or illegal activity (including any content involving the sexual exploitation of minors), we may report it to relevant authorities or child-safety organizations, together with associated account information, as permitted or required by law.

6. Third-Party Processors

We share personal data only with service providers ("processors") that we need to operate Cartita, under their applicable data processing terms. We do not authorize them to use your data for their own independent purposes beyond providing services to us (except where they act as independent controllers, such as Apple processing payments).

ProviderRoleData ProcessedLocation
SupabaseDatabase, authentication, backend hostingAccount data, content, usage data, technical dataCloud infrastructure (US and/or other regions)
OneSignalPush notification deliveryPush tokens, device identifiers, device/technical data, notification eventsUnited States
RevenueCatSubscription management and entitlement validationPseudonymous user ID, purchase/subscription metadataUnited States
Apple Inc.App distribution, payment processing, Sign in with ApplePayment/billing data (held by Apple), App Store account data, Apple ID auth tokens, Hide My Email relay addressesGlobal

We may also disclose data: (a) to comply with laws, regulations, or enforceable governmental requests; (b) to enforce our Terms or investigate violations; (c) to detect, prevent, or address fraud, security, or technical issues; (d) to protect the rights, property, or safety of users, the Operator, or the public; and (e) in connection with a transfer of the Service.

7. International Data Transfers

Cartita is operated from Uruguay and serves users worldwide. Our processors operate infrastructure in the United States and other countries, so your data may be transferred to and processed in countries other than your own, including countries that may not provide the same level of data protection as your home jurisdiction.

Where required (including for users in the EEA, the UK, and Switzerland), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and/or recognized frameworks (e.g., the EU–U.S. Data Privacy Framework, where applicable). Uruguay has been recognized by the European Commission as providing an adequate level of data protection.

8. Data Retention

We keep personal data only as long as needed for the purposes described above:

  • Account data: Retained while your account is active. Deleted when you delete your account, except as noted below.
  • Letters and messages: Retained while your account is active. When you delete your account, your content is deleted from production systems; copies already delivered into another user's inbox may persist in that user's view, displayed without your account association.
  • Reported/removed content and enforcement records: May be retained for up to 24 months after the relevant action (or longer where required by law) to investigate abuse, prevent ban evasion, and defend legal claims.
  • Subscription records: Retained as required for accounting, tax, and legal purposes.
  • Push tokens: Deleted or deactivated when you delete your account or uninstall the App.
  • Backups and logs: Residual copies may persist in encrypted backups and server logs for a limited period (typically up to 30 days) before being overwritten or purged.

9. Account Deletion

You can delete your account and associated data at any time:

  • In-app (primary method): Profile → Settings → Delete Account. This is immediate, fully self-service, and does not require contacting us.
  • Questions: If you have questions about deletion, contact santiago@cartita.co. If you used Hide My Email, we may be unable to match an email request to your account, which is why the in-app method is the primary path.

Deletion removes your account, profile, letters, messages, usage data, and push registration from production systems, subject to the limited retention described in Section 8. Deleting your account does not cancel an active App Store subscription — you must cancel separately in your Apple ID settings.

10. Your Rights

10.1 Rights for Everyone

Regardless of where you live, you can: access the data in your account; correct your profile information in the App; delete your account and data; and contact us with any privacy question at santiago@cartita.co. We aim to respond to all requests within 30 days.

10.2 European Economic Area, UK, and Switzerland (GDPR/UK GDPR)

If you are in the EEA, UK, or Switzerland, you have the right to:

  • Access your personal data and receive a copy;
  • Rectify inaccurate or incomplete data;
  • Erase your data, subject to legal exceptions;
  • Restrict processing in certain circumstances;
  • Data portability in a structured, machine-readable format;
  • Object to processing based on legitimate interests;
  • Withdraw consent at any time where processing is based on consent;
  • Lodge a complaint with your local data protection supervisory authority.

10.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what categories of personal information we collect, the purposes, and the categories of third parties with whom it is shared;
  • Access the specific pieces of personal information we hold about you;
  • Delete your personal information, subject to exceptions;
  • Correct inaccurate personal information;
  • Non-discrimination for exercising your rights.

We do not sell personal information and we do not share personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. Because we do not sell or share, no opt-out is necessary.

10.4 Other Jurisdictions

Users in other regions (including Brazil under the LGPD, Canada under PIPEDA, Australia, and US states such as Virginia, Colorado, Connecticut, and Utah) may have similar rights. We honor such requests in line with applicable law — contact santiago@cartita.co. Users in Uruguay have rights under Law No. 18.331 and may contact the Unidad Reguladora y de Control de Datos Personales (URCDP).

11. Age Requirement (18+)

Cartita is intended exclusively for adults aged 18 or older. We do not knowingly collect personal data from anyone under 18. If we learn that an account belongs to a person under 18, we will terminate the account and delete the associated data. If you believe a minor is using Cartita, please contact santiago@cartita.co immediately.

12. Security

We take reasonable technical and organizational measures to protect your data, including encryption in transit (TLS), encrypted storage with our infrastructure providers, access controls, and collecting only what we need. However, no system is perfectly secure, and we cannot guarantee absolute security. The strongest protection for your privacy on Cartita is simple: do not put identifying information in your letters. In the event of a data breach that creates risk to your rights, we will notify affected users and/or competent authorities as required by law.

13. Changes of Operator or Service

If the Service or its assets are transferred to another individual or entity (for example, through a sale, incorporation of a company, merger, or similar transaction), your data may be transferred as part of that transaction, subject to this Privacy Policy or a successor policy offering comparable protection. We will notify you of any such transfer through the App or by email where required.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top reflects the latest version. For material changes, we will provide notice through the App (and/or by email) before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

15. Contact

For any questions, requests, or complaints about this Privacy Policy or your data:

Data Controller: Santiago Sánchez (individual), Montevideo, Uruguay
Email: santiago@cartita.co
Website: https://cartita.co

← Back to home