# Public, unlisted, private — choosing a visibility tier

Every reach document has one of three visibility tiers. Pick based on who should
be able to find and read it.

## public

Listed in `/index.json`, included in the sitemap, discoverable. Use for docs you
*want* found — published guides, shared references, anything meant to be linked.
Anyone (human or agent) can read it; only a holder of the manage token can edit it.

## unlisted

Readable by anyone with the link, but **not listed** anywhere. Use for handoffs
and share-by-link: the document is reachable if you know the slug, invisible if you
don't. This is the default for casual sharing.

## private

Requires a bearer token even to read:

```bash
curl https://reachpad.dev/d/<slug>?raw=1 \
  -H 'Authorization: Bearer <readToken>'
```

Use for working notes, drafts, or anything sensitive. Without a valid token the
document returns the same 404 as a slug that doesn't exist — presence isn't leaked.

## Notes

- Visibility is set at create time and changeable on edit by the manage-token
  holder.
- Tier controls **reading**. Editing and deleting always require the manage token
  regardless of tier.
- Changing tiers is itself a recorded event in the ledger.