if you're privacy-conscious

Staying private

Some people will (reasonably) hesitate before submitting weekly meeting data tied — even loosely — to their employer. This page is for them. It explains what we protect, what we can't, and what you can layer on top.

disclaimer first

Always follow your employer's acceptable-use policy. Some employers explicitly prohibit sharing internal operational data — even aggregated or anonymized. We can't make that judgment for you. If in doubt, don't submit, or talk to your legal/HR team.

What we can't change

Verifying that you work at a real company requires a work email. That means an OTP lands in your corporate inbox — and your employer's mail server logs that delivery, regardless of what device you use to check it. We have no control over those logs. If your company monitors inbound email at the server level, they could see that yourname@company.com received a message from us.

This is the honest tradeoff: work-email verification is the only credible way to anchor submissions to real employers. Without it, anyone could claim to work anywhere, and the data would be worthless. If that tradeoff isn't acceptable for your situation, don't submit.

What we protect on our side

  • Raw email is never written to the database. We store only an HMAC-SHA256 hash, keyed with a server-side secret. We cannot reverse it to your address.
  • Your identity on every public page is an opaque, randomly-generated alias like quiet-fox-4821. Aliases are not linkable to your email, employer, name, or anything else.
  • Companies are not shown publicly until at least 5 employees verify (k=5 anonymity gate). At 1–4 contributors, no company page appears at all.
  • No third-party analytics. No tracking cookies. One signed, strictly-necessary session cookie. Web analytics are cookieless.
  • One-click data deletion: your account row and every submission disappear immediately and permanently.

Full mechanics on the FAQ and Privacy pages.

What you can do to reduce exposure

These steps reduce what we see about you, and what others on your network can see — they don't affect your employer's mail server logs.

  • Use a personal device and personal network. This prevents your employer's network from logging a connection to recurring.fyi, and keeps our site out of your work browser history.
  • Get the OTP, then switch contexts. Retrieve the verification code from your work email (in whatever app you normally use), then open recurring.fyi in a separate private window or browser to complete the submission. This separates the work-email session from your activity on our site in browser history and cookies.
  • Delete the OTP email afterwards. The 10-minute code expires in our cache automatically. The email in your inbox does not — delete it if you'd rather not have it sitting there.
  • Consider a VPN. A trustworthy VPN (PrivacyGuides recommendations) hides your IP address from us and from network observers. It doesn't affect your work mail server.
  • Be careful with shareable receipts. Receipt pages show only your alias — but a screenshot with your inbox or work tabs visible leaks more than you intended. Crop, or share the bare permalink.

in plain terms

What we protect: your identity in our system. We don't know who you are, and we can't tell anyone. What we can't protect: the mail server trail created when we send you an OTP. Those are separate things, and we won't pretend otherwise. For most people, the defaults are more than enough. This page exists for the people who want the full picture.

More resources: privacyguides.org — independent, non-commercial reviews of privacy tools.