How we keep you safe

Last updated: February 19, 2026

Security & Privacy

TellSafe was built with privacy as a core promise — not an afterthought. Here's exactly how it works, in plain language.

The three privacy modes

Every TellSafe form lets you choose how private you want to be.

Identified

You share your name and email openly.

Organizers can reply to you directly.

Stored: Your name and email are stored in plain text on the feedback record.

Anonymous

You share nothing — no name, no email.

No way to identify you, ever.

Stored: Only your feedback text and category are stored. Nothing else.

Anonymous Relay

You stay hidden, but can receive replies.

Two-way conversation, zero identity exposure.

Stored: Your email is stored encrypted. Organizers never see it.

AES-256-GCM encryption — what does that mean?

AES-256 is a military-grade encryption standard used by banks, governments, and security agencies worldwide. The “256” refers to the key length — there are more possible keys than atoms in the observable universe. In short: it's unbreakable with modern technology.

When you submit a Relay message, your email address is encrypted before it ever reaches our database. The encryption key is stored separately from the data. The only time your email is briefly decrypted is when our server needs to forward a reply to you — and it's never logged in plain text.

The relay flow, step by step

Here's exactly what happens when you send a Relay message — and what the organizer can and cannot see.

1. You

Type your message and provide your email on the form

Your own input

2. TellSafe server

Encrypts your email with AES-256. Stores encrypted blob. Sends notification to organizer — no email address included.

Encrypted email (unreadable to humans)

3. Organizer

Sees your anonymous message and responds through the TellSafe dashboard

Your feedback text only — no email, no name

4. TellSafe server

Decrypts your email temporarily to forward the reply. Email is never logged.

Email decrypted in memory only — never written to logs

5. You

Receive the reply in your inbox from TellSafe — the organizer's identity is also protected

The reply. The organizer never knew who you were.

What we store — and what we don't

What we store

  • Your feedback text
  • The category you selected
  • Your submission mode (anonymous/identified/relay)
  • For identified: your name and email (visible to organizer)
  • For relay: your encrypted email (never visible to organizer)
  • Timestamp of submission

What we never store

  • Your IP address
  • Browser fingerprint or device info
  • Location data
  • Cookies for anonymous users
  • Anonymous relay email in plain text
  • Any data we don't explicitly need

What TellSafe staff can and cannot see

Staff can see

  • Feedback text (for moderation/abuse investigation only)
  • Organization metadata (name, plan, settings)
  • Encrypted email blobs (unreadable without decryption key)

Staff cannot see

  • Relay sender identities (email encrypted at rest)
  • Anonymous submissions linked to any identity
  • Passwords (hashed by Firebase Auth)
  • Your browsing behavior

Our data promise

We will never sell, share, or analyze your personal data for advertising or any purpose other than operating this service. TellSafe is funded by subscriptions — not data. Your feedback belongs to the organization you shared it with.

For the full legal version, see our Privacy Policy and Terms of Service.