to reset choice: browser devtools → Application → Cookies → delete cookie_notice
one cookie: cookie_notice — remembers whether you accepted or declined.
expires in 365 days. no other cookies, no localStorage.
when you submit a message through the letterbox, the server records your IP address and browser user-agent alongside the message. this is stored in Redis and visible only to the site owner.
it is used only for security — to identify and block threatening or abusive senders. it is never shown publicly.
the IP is read from the X-Real-IP header set by Nginx from
$remote_addr — the actual connecting IP. if you use a VPN,
the VPN exit node IP will be recorded instead of your real IP.
if you are concerned, use a VPN or Tor before submitting.
no tracking — no analytics, no google analytics, no plausible.
no ads — no ad networks, no monetisation of any kind.
no fingerprinting — no screen size, gpu, font enumeration.
no third parties — except google fonts & tenor gifs (decorative).
google fonts —
JetBrains Mono loaded from fonts.googleapis.com.
google may log the request IP.
tenor —
decorative gifs from media.tenor.com.
purely visual, no tracking.