recurring.fyi

if you're privacy-conscious

Staying private

Some people will (reasonably) hesitate before submitting weekly meeting data tied — even loosely — to their employer. This page is for them. It explains the protections we've built in, and what you can layer on top if you want belt-and-suspenders.

disclaimer first

Always follow your employer's acceptable-use policy. Some employers explicitly prohibit sharing internal operational data — even aggregated or anonymized. We can't make that judgment for you. If in doubt, don't submit, or talk to your legal/HR team.

What we already do for you

  • Raw email is never written to the database. We store only an HMAC-SHA256 hash, keyed with a server-side secret.
  • Your identity on every public page is an opaque, randomly-generated alias like quiet-fox-4821. Aliases are not linkable to your email, employer, name, or anything else.
  • Companies are not shown publicly until at least 5 employees verify (k=5 anonymity gate). At 1, 2, 3, or 4 employees, no one — not even us, casually — can single you out.
  • No third-party analytics. No tracking cookies. One signed, strictly-necessary session cookie. Web analytics are cookieless.
  • One-click data deletion: your user row + every submission you've made disappears immediately.

The full mechanics are documented on the FAQ and Privacy pages.

What you can do, if you want extra layers

These aren't required. But if your threat model is "anyone with subpoena power over my employer could possibly correlate things later," these are reasonable habits.

  • Don't submit from your work device or your work network. Use a personal laptop/phone, on home or mobile data.
  • Don't sign in to your work email on the same browser profile you use to submit. Use a separate browser, profile, or private window.
  • Consider a VPN or Tor. A trustworthy VPN (PrivacyGuides VPN recommendations) masks your network origin from us, your ISP, and your employer's network. For higher-stakes contexts, the Tor Browser gives stronger guarantees.
  • Be careful with shareable receipts. Our receipt cards show your alias, not your name — but if you screenshot one with your inbox open in a nearby tab, the screenshot leaks more than you intended. Crop, or share the bare permalink.
  • Use the verification email then archive it. The 10-minute OTP lives only in our edge cache; the email it arrives in lives in your inbox forever unless you delete it.

in plain terms

recurring.fyi was designed to make the worst-case outcome — someone trying to identify a single contributor — statistically very hard. Layering on standard privacy hygiene (separate device, VPN, careful sharing) gets you most of the way to "even an adversary with my employer's cooperation can't be sure I submitted." For most people, our defaults are more than enough. This page exists for the people who want more.

More resources: privacyguides.org — independent, non-commercial reviews of privacy tools.