Privacy Policy
Last updated: July 2026
Curious If ("we," "us") is a small, single-question-a-month website at curiousif.blog, operated by Jon Cartwright. This page explains what we collect, why, and what you can do about it — written in plain language, not legal boilerplate.
What we collect
If you just read answers or write one anonymously: nothing tied to you. Answers are public by design — that's the whole point of the site — but you don't have to give us anything to write one, and you can sign your answer with as much or as little identifying detail as you like (a name, initials, a city, or nothing at all).
If you give us your email (to get notified when your answer goes live, to subscribe to the monthly question, or because a friend invited you), we store it — but not in plain text. Your email is encrypted before it ever touches our database, using AES-256-GCM encryption. We keep a separate, one-way "blind index" of your email (not the email itself) so we can look up your subscription without ever storing your address in a readable form. Practically: even someone with direct access to our database cannot read your email address.
If you invite a friend, we store their email (same encryption) long enough to deliver the invite and track whether they've answered, plus whatever personal note you wrote them. Invite links use a random, one-time token — not their email — so the link itself never contains anyone's address.
What we don't do
- We don't sell your data. Ever, to anyone.
- We don't track you across other websites.
- We don't use cookies for advertising. Our analytics (Plausible) is cookie-free and doesn't collect any personally identifiable information — it just tells us how many people visited, in aggregate.
- We don't require an account, a password, or any identifying information to answer a question.
Who we share data with
Only the services that make the site work, and only what they need to do their job:
- Resend — sends our emails (subscription confirmations, invites, notifications).
- Supabase — hosts our database.
- Vercel — hosts the website itself.
- OpenAI — automatically screens submitted answers for content that violates our community guidelines, before they're published. It sees the text of your answer, not your email or identity.
- Plausible Analytics — aggregate, anonymous visit statistics. EU-hosted, no cookies, no personal data.
None of these companies get to use your data for their own purposes — they're processors acting on our instructions, not owners of your information.
Your rights
You can:
- Unsubscribe at any time — every email we send has a one-click unsubscribe link, and it actually works instantly (no "please allow up to 10 business days").
- Ask us to delete your data. Email hello@curiousif.blog and we'll erase your email address and any identifying information tied to it from our systems. (Answers you've written stay up — that's the permanent-archive promise of the site — but they get anonymized, with nothing left that connects them back to you.)
- Ask what we have on you. Same email address, same response.
We aim to respond to any of the above within a few days — this is a small, independently-run project, not a company with a dedicated privacy team, and we treat every request personally.
How long we keep things
Public answers stay up indefinitely — permanence is a core part of what this site is. Email addresses and any other identifying data are kept only as long as you're subscribed or until you ask us to remove them.
Children
Curious If isn't directed at children, and we don't knowingly collect information from anyone under 13.
Changes to this policy
If this policy changes in any meaningful way, we'll update the date at the top and, if the change is significant, mention it on the site.
Questions
Email hello@curiousif.blog. A real person (Jon) reads and answers these, not a support queue.