Last updated: June 2025
This threat model outlines what [@fuck.it] protects you from - and what we don’t. We believe in honesty, not false promises.
We do not provide built-in end-to-end encryption. Your data is encrypted in transit and at rest on our servers, but [@fuck.it] staff with elevated access can access your inbox if required by law. If that bothers you, use additional encryption tools.
We comply with valid legal requests. If we’re allowed, we’ll notify you. We do not build backdoors or offer mass access to anyone.
We work with a hosting company and payment provider. These services only have the data needed to do their jobs. We vet their security but can’t guarantee perfection.
Security isn’t a product - it’s a posture. We do our part. You do yours. Together, it works.
No bullshit.
No guarantees.
Just good security sense.