Privacy Policy
Last updated: May 24, 2026
This Policy explains what FolksOut collects, why, who we share it with, and how to control it. We try to keep this short and plain. The TL;DR: we collect what we need to run the app, we don't sell your data, and you can delete everything from in-app at any time.
1. What we collect
From Sign in with Apple: a stable Apple user identifier (so we can recognize you on return), your email (sometimes via Apple's private-relay address — that's fine), and your display name if Apple shares it.
From your profile: the username, birthday, gender, MBTI (optional), city, social links, profile photos, and the default-avatar slot you pick if you don't upload one. Birthday is stored as a calendar date so age ticks over correctly in your timezone.
From your device: approximate or precise location (lat/lng) when you grant permission — used to filter the activity feed by distance; an Apple DeviceCheck token used to enforce account bans across reinstalls; an APNs push token if you turn on notifications.
From the content you create: activities you host, posts you publish (photos, title, body, auto-generated text-post cover variant), comments you write, topics (#tags) you create or attach, and the user mentions (@username) embedded in your posts and comments.
From your social graph: who you follow, who follows you, your special-follow markers, your block list, and the activity groups you've joined.
From your messages: direct-message and activity-group-chat messages you send, including text, photos, and forwarded post/activity/user cards. We also store the recipient's read state so the "read" tick can render correctly.
About your engagement and discovery: per-user view counts on posts and activities (capped per viewer so refreshing doesn't inflate the total), likes, saves, comments, joins, shares, recommendation events such as impressions/clicks/dwell time/source/rank position, boost campaigns you start, boost vouchers or credits, campaign status, exposure progress, and timestamps for each.
Operational data: IP address at sign-in and request time, basic timestamps, and the read marker for the System messages channel.
2. How we use it
- Run the service — show you a relevant feed, host your activities, deliver photos, route DMs and group messages, etc.
- Geo-filter the feed so you mostly see things near you.
- Power discovery — Following / Recommended / Nearby on both Activities and posts, the topic page, search across users/posts/activities/topics.
- Run Boost — check content eligibility, track boost vouchers or credits, campaign progress, and delivery so users can see boost status and we can prevent abuse.
- Improve recommendations — use engagement and recommendation events to rank content, measure quality, limit spam or abuse, and avoid repeatedly showing irrelevant content.
- Moderate content — photos and text (posts, comments, messages, topic names) are scanned to keep the app safe.
- Enforce bans — DeviceCheck bits and IP history are used to prevent banned users from coming back on the same device.
- Send notifications — only if you turn them on. Pushes cover @mentions, comments, likes, follows, DM/group messages, activity host announcements, and admin-authored broadcasts. You can flip the master switch off at any time in Settings → Notifications.
- Support — diagnose bugs you report.
We don't sell your personal data. We don't run advertising. We don't profile you for advertisers.
3. Privacy controls inside the app
In Settings → Privacy & Safety you can:
- Hide your city, age, or MBTI from other users.
- Limit how far back of your activity history and posts visitors can see (3 days / 6 months / 1 year / hidden).
- Manage your block list — block / unblock anyone at any time.
- Mute individual DM conversations and activity activity chats (mute keeps the unread badge but skips the push).
Note that your gender is used by the activity feed and may be visible on your activity cards.
4. Who we share it with
We use a small set of infrastructure providers that process data on our behalf:
- Apple — Sign in with Apple, push notifications (APNs), DeviceCheck.
- Amazon Web Services (DynamoDB) — primary database, US region.
- Cloudflare R2 — photo and avatar storage.
- Cloudflare — CDN / TLS termination in front of our API.
- OpenAI — automated moderation of uploaded photos, posts, comments, messages, and topic names.
We don't share your personal data with anyone for advertising. We may disclose information if compelled by lawful process or to protect the safety of users.
5. Retention
We keep your data while your account exists.
When you tap Settings → Account → Delete account, your account enters a 30-day soft-delete grace window. During that window:
- You disappear from everyone else's view of the app immediately — your profile returns 404, you're dropped from feeds, search, and suggestion lists.
- Your data is still on disk, untouched.
- Signing back in with the same Apple ID surfaces a recovery sheet — one tap restores the account.
If you don't restore, on day 30 a background sweeper runs the real deletion: we permanently remove your user record, your profile photos and avatar, the posts and activities you've authored (plus their photos and comments), your direct-message threads and message photos, and your topic-creator attribution. Comments and group-chat messages you've written may remain in the surrounding thread but are stripped of identifying author fields. Some operational logs (e.g. sign-in IPs, ban history) may persist briefly for abuse prevention, then roll off.
6. Your rights
You can delete your account at any time from inside the app. If you'd like a copy of your data, or have any other privacy request, email [email protected] and we'll respond within a reasonable timeframe.
7. Children
FolksOut is not directed to children under 13, and we don't knowingly collect data from anyone under 13. If you believe a minor has signed up, contact us and we'll remove the account.
8. International users
FolksOut is operated from the United States; our servers and the third-party services listed above are primarily in the US. By using the app you understand your data is processed there.
9. Changes
If we change this Policy in a material way, we'll surface a notice in-app before the change takes effect. Otherwise minor edits will simply update the date at the top of this page.
10. Contact
Privacy questions: [email protected].