Privacy Policy
Last Updated: February 28, 2026
This Privacy Policy describes how we collect, use, and share your personal information when you use our community platform ("Service").
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Username and email address (required)
- Password (stored securely using bcrypt hashing; never stored in plain text)
- Full name, bio, location, website, and avatar (optional, provided at your discretion)
1.2 Social Login Data
If you sign in using Google or Apple via Firebase Authentication, we receive from those providers:
- Your unique identifier (Firebase UID)
- Email address
- Display name
- Profile picture URL
We do not receive or store your Google or Apple account password.
1.3 Content You Create
We store content you voluntarily post, including:
- Threads and comments
- Direct messages to other users
- Poll responses and votes
- Emoji reactions
- Reports you submit about other content or users
- Images you upload (JPEG, PNG, GIF, WebP; max 10 MB per file)
1.4 Usage and Activity Data
We automatically collect:
- Activity timestamps (account creation date, last active time)
- Engagement statistics (streak counts, active days, post and comment counts)
- Interaction data (likes, favorites/bookmarks, thread views)
1.5 Device and Notification Data
If you opt in to push notifications, we collect:
- Firebase Cloud Messaging (FCM) token for delivering push notifications
- Platform type (iOS or Android)
- Notification preferences you configure
1.6 Cookies
We use cookies strictly for authentication:
- Authentication token cookie — contains your encrypted session token (JWT), expires after 7 days, set with SameSite: Strict
We do not use advertising cookies, tracking cookies, or third-party analytics cookies.
2. How We Use Your Information
We use the information we collect to:
- Provide the Service — create and manage your account, display your profile, deliver your content to other users
- Authenticate you — verify your identity when you log in and maintain your session
- Send notifications — deliver push notifications and in-app notifications based on your preferences (e.g., replies to your threads, new messages, likes)
- Enable communication — facilitate direct messaging between users
- Moderate content — review reports, enforce community guidelines, and maintain platform safety
- Track engagement — calculate activity streaks and statistics visible on your profile
- Improve the Service — understand how features are used to improve functionality
3. How We Share Your Information
3.1 Publicly Visible Information
The following is visible to other users of the Service:
- Username, avatar, bio, location, and website (if provided)
- Threads, comments, and poll votes you post in communities
- Your activity statistics (streak, post counts)
3.2 Third-Party Service Providers
We use the following third-party services:
- Firebase (Google) — Used for authentication (Google/Apple sign-in) and push notifications (FCM). Data shared includes: Firebase UID, email, name, profile picture, and FCM device token.
- MongoDB — Used for database storage. All data described in this policy is stored here (self-hosted).
3.3 Legal Requirements
We may disclose your information if required to do so by law, regulation, legal process, or governmental request.
3.4 No Sale of Data
We do not sell your personal information to third parties.
4. Data Storage and Security
- Passwords are hashed using bcrypt and are not reversible
- Authentication uses JSON Web Tokens (JWT) signed with a secret key
- Uploaded images are stored on our servers with unique generated filenames
- We use HTTPS for data transmission (in production)
- Access to administrative functions is restricted to authorized admin accounts
While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure.
5. Your Rights and Choices
5.1 Access and Update
You can view and update your profile information (name, bio, location, website, avatar) at any time through your account settings.
5.2 Notification Preferences
You can control notifications granularly, including:
- Global notifications on/off
- Push notifications on/off
- Sound and vibration settings
- Per-event-type preferences (thread comments, likes, message replies, new threads)
5.3 Delete Your Account
You can delete your account, which removes your user data from our system. Note that some content you posted in public communities (threads, comments) may persist in an anonymized form.
5.4 Change Your Password
You can change your password at any time through your account settings.
6. Data Retention
- Your data is retained for as long as your account is active
- Deleted notifications are soft-deleted (marked as deleted) and may be retained temporarily
- If you delete your account, your core user data is removed from our database
- Uploaded images can be deleted individually; images are removed from the server upon deletion
- We do not have an automated data purge schedule for inactive accounts at this time
7. Children's Privacy
The Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.
8. International Data Transfers
If you use the Service from outside the country where our servers are located, your information may be transferred across international borders. By using the Service, you consent to such transfers. Additionally, Firebase (operated by Google) may process data in various countries pursuant to Google's data processing terms.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy or your personal data, please contact us at: