Privacy Policy | Forgot Soap

Last Updated: October 5, 2025

Our Core Privacy Commitment

Forgot Soap is built on the principle of complete anonymity. We do not collect, store, or share your personal identifying information. This policy explains exactly what data we handle and how we protect your privacy.

1. Information We Collect

1.1 Information You Provide

When you submit a report, we collect only:

Recipient's email address - Required to deliver the anonymous message
Message tone selection - Your choice of message style (Friendly, Concerned, or Serious)
Submission timestamp - The date and time you submitted the report

We do NOT collect:

Your name
Your email address
Your phone number
Your physical address
Any other personally identifiable information about you

1.2 Payment Information

Payment is processed through PayPal. We only receive and store:

PayPal transaction ID - Used solely for payment verification and fraud prevention

We do NOT receive or store:

Credit card numbers
Bank account information
Your PayPal email address
Any financial credentials

PayPal processes all payment information securely. Please review PayPal's privacy policy for details on how they handle your data.

1.3 Automatically Collected Information

Like most websites, we automatically collect certain technical information:

Browser type and version
Operating system
General location data (country/region level only, derived from IP address)
Pages visited and time spent
Referral source (which website directed you to us)

Important: We do NOT store your IP address in connection with any report submission. Technical logs are kept separate from report data and cannot be used to identify report senders.

2. How We Use Your Information

2.1 Primary Purposes

We use the collected information to:

Send the anonymous hygiene reminder to the recipient you specified
Verify payment has been successfully processed
Prevent fraud and abuse of our service
Improve our service quality and user experience
Comply with legal obligations

2.2 We Do NOT Use Your Information To:

Identify who sent a report
Market or advertise to you
Sell or rent to third parties
Build profiles about individuals
Track you across other websites

3. How We Protect Your Anonymity

3.1 Technical Safeguards

We implement multiple layers of protection:

Data separation: Report data is stored separately from any technical logs
No linking: We cannot and do not link PayPal transactions to specific individuals
Minimal retention: Report data is automatically deleted after 90 days
Encryption: All data transmission uses industry-standard SSL/TLS encryption
Secure storage: All stored data is encrypted at rest

3.2 Operational Safeguards

Limited staff access to systems
No customer service representatives can view sender information
Regular security audits and updates
Strict internal policies prohibiting attempts to identify senders

4. Data Retention

Data Type	Retention Period	Reason
Recipient email & message details	90 days	Abuse prevention, customer support
PayPal transaction ID	7 years	Financial record-keeping requirements
Website analytics	26 months	Service improvement
Technical logs	30 days	Security and troubleshooting
Opt-out list	Permanent	Prevent unwanted communications

5. Information Sharing and Disclosure

5.1 Service Providers

We share minimal data with essential service providers:

PayPal: Processes payments (they have their own privacy policy)
Email delivery service: Receives only the recipient's email address and pre-written message content
Web hosting provider: Hosts our infrastructure but does not have access to unencrypted report data

All service providers are bound by strict contractual obligations to protect data and use it only for specified purposes.

5.2 Legal Requirements

We may disclose information if required by law or legal process:

In response to valid subpoenas or court orders
To comply with legal obligations
To protect our rights, property, or safety
To prevent illegal activity or suspected fraud

However, given our data practices, we have very limited information to provide even if legally required to do so.

5.3 We Do NOT Share Data For:

Marketing purposes
Advertising
Sale or rental to third parties
Any purpose not directly related to providing our service

6. Opt-Out System and Communication Preferences

6.1 Unsubscribe Links in Every Notice

Every anonymous hygiene reminder we send includes a clear and prominent opt-out link. Recipients can immediately unsubscribe from receiving any future communications from our service.

6.2 Permanent Opt-Out Protection

When someone opts out:

Their email address is immediately added to our permanent opt-out list
They will never receive another anonymous notice from our service
The opt-out applies globally - no one can send them a notice through our platform once they've opted out
This protection is permanent and cannot be reversed

6.3 Opt-Out List Security

Our opt-out list:

Is stored separately from other data
Is encrypted and secured
Is checked against every outgoing message
Prevents any communication to opted-out addresses

One-Time Opt-Out, Permanent Protection

A single opt-out action permanently prevents any future communications to that email address through our service. Our system automatically checks the opt-out list before sending any message and blocks delivery to any address on the list.

7. Cookies and Tracking Technologies

7.1 Essential Cookies

We use minimal cookies necessary for the website to function:

Session management cookies
Security cookies to prevent fraud

7.2 Analytics

We use privacy-focused analytics to understand:

How many people visit our site
Which pages are most useful
General traffic patterns

This data is aggregated and cannot be used to identify individuals.

7.3 Third-Party Cookies

PayPal may set cookies during the payment process. We do not control these cookies. Please review PayPal's privacy policy for more information.

Cookie Policy

We use cookies and similar technologies to:

Necessary: Enable basic website functionality
Analytics: Understand how visitors use our site
Marketing: Deliver relevant advertisements

You can manage your cookie preferences at any time by clicking "Cookie Preferences" in the footer or clicking here.

8. Your Rights and Choices

8.1 Right to Information

You have the right to know what data we have collected. However, by design, we cannot identify which data belongs to specific individuals who submit reports.

8.2 Right to Deletion

You may request deletion of data, though we have limited information to delete. Report data is automatically deleted after 90 days regardless.

8.3 Right to Object

You can object to data processing, though this may prevent us from providing our service to you.

8.4 Communication Preferences

As a recipient of our anonymous notices, you have complete control:

Use the opt-out link in any message to permanently stop all communications
One opt-out action applies to all future messages from our service
Opt-out requests are processed immediately and permanently

8.5 Exercising Your Rights

To exercise these rights, contact us at: contact@forgotsoap.com

Please note that due to our privacy-focused design, we may not be able to verify your identity or locate specific data associated with you.

9. Business Solutions and Enterprise Customers

Organizations using our enterprise solutions may have different data handling agreements. Enterprise privacy practices are outlined in individual service agreements and may include:

Aggregate reporting and analytics
Configurable anonymity settings
Custom data retention policies
Dedicated data processing agreements

Enterprise customers should refer to their specific service agreement for details.

10. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect information from children. If we become aware that we have collected data from someone under 18, we will delete it immediately.

11. International Data Transfers

Our service is operated in the United States. If you access our service from outside the US, your information may be transferred to, stored, and processed in the US. By using our service, you consent to this transfer.

We implement appropriate safeguards to protect data transferred internationally, including:

Encryption during transmission
Secure storage practices
Contractual protections with service providers

12. Data Security

12.1 Our Security Measures

We implement industry-standard security measures:

SSL/TLS encryption for all data transmission
Encrypted storage of all sensitive data
Regular security assessments and updates
Access controls and authentication
Monitoring for suspicious activity
Regular backups stored securely

12.2 Your Responsibility

While we implement strong security measures, no system is completely secure. You can help protect privacy by:

Using secure internet connections
Not sharing details about reports you've sent
Using a private browsing mode if desired

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

Changes in our practices
Legal or regulatory requirements
New features or services

When we make changes:

We will update the "Last Updated" date at the top
Material changes will be prominently posted on our website
Continued use of the service constitutes acceptance of the updated policy

Notification of Changes

Because we don't collect your email address, we cannot notify you directly of policy changes. We recommend checking this page periodically if you use our service regularly.

14. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to say no to the sale of personal information
Right to access your personal information
Right to equal service and price

Important: We do not sell personal information. By design, we collect minimal data and cannot identify report senders.

15. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Rights related to automated decision-making

To exercise these rights, contact us at contact@forgotsoap.com

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: contact@forgotsoap.com
Subject Line: Privacy Policy Inquiry

We will respond to all legitimate requests within 30 days.

Privacy by Design

Forgot Soap was built from the ground up with privacy as a core principle, not an afterthought. Our business model does not depend on collecting or monetizing personal data. We exist to provide a useful service while maintaining your complete anonymity.

17. Transparency Report

We believe in transparency about data requests and our privacy practices:

We have never received a National Security Letter
We have never received a FISA order
We have not been subject to any gag orders

We will update this section if our status changes, to the extent legally permitted.

Questions About Privacy?

We understand privacy can be complex. If anything in this policy is unclear or if you have specific questions about how we handle your data, please reach out to us at contact@forgotsoap.com. We're here to help.