← Back to Sorted

Your data stays on your device.

Sorted is a local-first web app. There is no backend, no login, no analytics, and no advertising network. Nothing about your situation, your saved letters, or your searches is ever sent to us.

What we don’t collect

We do not collect, store, transmit, or have any way of accessing:

• Your name, email address, postal address, phone number, or National Insurance number
• The text of any letter you paste into Sorted
• The questions you type into the “Ask Sorted” box
• The results you save to your Passport
• Your browser fingerprint or device identifiers
• Cookies of any kind
• Page views, click events, time on page, or any analytics
• Anything else, full stop

Note: your IP address is briefly visible to our hosting provider (Netlify) and to Google Fonts when your browser first loads the site — this is how the internet works and is unavoidable for any website. We do not see, log, or store those IPs ourselves. Details in the “outbound requests” section below.

How that’s technically possible

Every feature in Sorted runs in JavaScript inside your own browser. When you paste a letter, the regex pattern-matching that classifies it executes on your phone or computer, not on a server. When you save a result to your Passport, it is stored in your browser’s localStorage — a sandboxed area on your own device that only Sorted (loaded from sorteduk.uk in this browser) can read.

The Sorted website itself is a single static HTML file served from a content delivery network. Once that file has loaded, it can run entirely offline.

The outbound requests your browser makes

For completeness and transparency, there are a small number of places where your browser may make a network request when using Sorted. In each case it is your browser making the request directly to a third party — not via us — and we never see the content:

• Hosting (Netlify) — the Sorted HTML file, manifest, service worker, fonts and image assets are served from Netlify’s global CDN. Your IP address is briefly visible to Netlify to deliver the file. Netlify publishes their own privacy notice. We do not configure any analytics on Netlify.
• Web fonts (Google Fonts) — Sorted uses the Cormorant Garamond, Inter and IBM Plex Mono typefaces loaded from Google Fonts. Your browser fetches the font files directly from fonts.googleapis.com and fonts.gstatic.com, which means your IP address is visible to Google for the duration of that request. Google states fonts.gstatic.com sets no cookies. If you would prefer the fonts not be loaded, install a browser extension that blocks Google Fonts (e.g. uBlock Origin) — Sorted will fall back to system fonts and continue to work.
• Postcode lookup — if you type a UK postcode into the Postcode Finder tool, your browser sends that postcode to postcodes.io (a free, non-commercial UK postcode service). They publish their own privacy notice. We never see the postcode.
• Photo OCR (optional) — if you choose to upload a photo of a letter, Sorted loads Tesseract.js from a CDN to read the text from your image. The image and the extracted text never leave your device.
• External links — when you click a link to GOV.UK, NHS, Citizens Advice or any official source we recommend, your browser navigates to that website directly. Their privacy policies then apply.

Who is the data controller?

Sorted is operated by an independent UK sole trader (transitioning to SortedUK Ltd — filed at Companies House on 5 June 2026 via yourcompanyformations.co.uk, Order #5935479, awaiting incorporation under the new ECCTA 2024 director identity verification rules; Company Number will be published here once issued, expected within 14-21 days). Because Sorted does not collect, store, or transmit personal data via any backend, the controller role is engaged only for the limited third-party requests listed above (hosting IP via Netlify, font request IP via Google Fonts, postcode query via postcodes.io). The legal basis for these is UK GDPR Art. 6(1)(f) (legitimate interest in delivering a free public-information website). When SortedUK Ltd is incorporated, it will register with the ICO as a Tier 1 Data Controller (£40/yr) before any user-account or backend functionality is added.

For any privacy enquiry, including subject access requests, contact privacy@sorteduk.uk. Postal contact can be provided on request.

Your rights under UK GDPR

Because Sorted itself does not store any of your personal data, several UK GDPR rights have nothing to act on — there is no profile to access, no record to export, and nothing on our side to delete. If you clear your browser data or use a different device, your saved Sorted items will be gone — only you control that.

For completeness, the UK GDPR gives you the following rights and you may exercise any of them by contacting privacy@sorteduk.uk:

• Right of access — ask what (if any) data we hold about you
• Right to rectification — ask us to correct any inaccurate data
• Right to erasure (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object to processing based on legitimate interests
• Right to withdraw consent for any opt-in feature, at any time
• Right to lodge a complaint with the Information Commissioner’s Office

Children

Sorted is designed for UK adults dealing with paperwork, money, scams and rights. It is not directed at children under 13. Because we collect no data, we have no way of knowing the age of anyone using Sorted.

Future changes (and your control)

If Sorted ever adds a feature that calls a server — for example, an opt-in AI letter analyser or an anonymous feedback button — every such feature will be OFF by default, require explicit per-feature consent, and the home-page trust badge will change from “Nothing leaves your device” to a clear notice that you have enabled an outbound feature. You can revoke consent at any time and revert to fully-local operation.

Contact

Questions? Email privacy@sorteduk.uk. We will respond within 7 days.