Summary (not a substitute for the full Policy)
Chrono-first discovery
Your primary feed stays newest-first. Discovery happens in opt-in Lenses that always show transparent "Why" reasons.
Human-first platform
We don't use AI to curate your feed or manipulate your experience. You're free to share AI content, but our systems stay human-controlled.
Minimal data collection
We gather account basics, posts/replies, settings, and coarse device logs. Payments flow through Stripe; we never store card numbers.
No AI model training
We use your content to operate features but do not train generative AI models on it.
Your data, your call
Access, download, correct, or delete your data in Settings. We honor opt-out signals such as Global Privacy Control where required.
Security baseline
Same-origin + CSRF, strict headers, Zod validation, SSRF-safe fetches, and rate limits underpin every mutating route.
1. Who we are & scope
This Privacy Policy explains how Alinkah Labs, Inc. ("Alinkah," "we," "us," "our") collects, uses, shares, and protects information in connection with Alinkah websites, apps, and services that link to this Policy. If you live in the EU/EEA, EFTA States, or the UK, Alinkah Labs Europe Ltd. acts as the controller or representative for your region (see Section 12).
2. Information we collect
2.1 Information you provide
- Account & profile. Display name, username, password or passkey, email and/or phone, date of birth (where required), and profile details you choose to add (bio, avatar, links).
- Content. Posts, replies, attachments, Collections, Spaces you create or join, and the visibility settings you apply (Public / Followers / Trusted).
- Settings & preferences. Privacy and discovery choices, notification settings, saved Lenses, and default Lens selections.
- Payments. Stripe sends us payment confirmations and metadata (status, amount, currency). We never collect or store full card numbers.
- Support & communications. Messages you send to us such as support requests or reports.
2.2 Information we collect automatically
- Usage & device logs. IP address, browser and OS, app version, language, referring URLs, timestamps, and basic event logs (sign-ins, post creation, error telemetry).
- Approximate location. Derived from IP to localize content and fulfill legal requirements. Precise location is off unless you enable it for a specific feature.
- Cookies & similar technologies. Cookies keep you signed in, secure the Service, remember preferences, and measure coarse service health (see Section 9).
2.3 Information from others
- Service providers. We receive limited data from vendors that host, store, deliver email, provide analytics, or process payments.
- Other users. Reports, blocks, or references to your profile or posts (for example, moderation flags).
- Authorized integrations. If you connect another service to Alinkah, we receive only the data required to provide that feature.
3. How we use information
- Provide and improve the Services. Operate accounts, deliver chronological feeds, Spaces, Collections, and opt-in Lenses with visible reasons; fix bugs and enhance reliability.
- Safety & integrity. Authenticate logins, prevent fraud/abuse, enforce policies, and comply with law.
- Privacy-light analytics. Measure coarse usage (e.g., DAU, performance) without tracking you across the web.
- Customer support & communications. Respond to requests and send essential service notices. Marketing messages are opt-in.
- Paid features. Process purchases, tips, and subscriptions; provide receipts and support.
Summaries & assistive features. When you opt in to "Summarize thread," we temporarily process eligible posts to return a summary and short reasons. Audience checks and safety limits apply. We do not use this content to train generative AI models; processing is short-lived and scoped to the requesting viewer.
5. Your choices & controls
- Settings. Manage privacy, discovery, notifications, and your default Lens in Settings.
- Access, correction, portability. Download your data at `/settings/data-export` or request a portable copy from us.
- Deletion. Deactivate or request deletion at `/settings/account/delete`; we may retain limited data where required by law, security, or dispute resolution.
- Opt-out signals. We honor browser-based opt-out signals (including Global Privacy Control) for applicable data uses where required.
- Communications. Opt out of non-essential emails through Settings or unsubscribe links.
6. Data retention
We retain information only as long as needed to provide the Services and for legitimate business and legal purposes. Examples include:
- Account & profile: kept for the life of the account.
- Posts & replies: stored until you delete them or your account; backups may persist briefly.
- Logs & analytics: generally retained ≤ 12 months (shorter where feasible and permitted).
- Payments & receipts: retained as required by tax, accounting, and payments law.
- Reports & enforcement records: kept as needed to prevent abuse and comply with legal obligations.
Public content may continue to exist in caches or third-party copies beyond our control.
7. Children
The Services are not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child under 13 has used the Service, contact us so we can investigate and take appropriate steps, including account removal.
8. Security
We use administrative, technical, and organizational measures aligned with our security baseline: same-origin + CSRF for mutating routes, strict security headers (CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy), input validation, SSRF-safe fetches, rate limits, and key rotation. Enable strong passwords or passkeys and two-factor authentication where available. No method of transmission or storage is completely secure.
10. International data transfers
We operate globally and may transfer, process, and store information in countries other than where you live. When we transfer personal data internationally, we use lawful mechanisms (such as Standard Contractual Clauses) and take steps designed to protect your rights. Contact us if you need a copy of relevant safeguards.
11. Your rights (region-specific)
Depending on where you live, you may have rights to access, correct, delete, restrict, object to processing, or request portability of your personal information, and to appeal certain decisions. You may also have the right to opt out of the sale or sharing of personal information for targeted advertising; we do not engage in those activities.
If we cannot resolve your concern, you may have the right to contact your local data protection authority.
12. Controllers, representatives & contacts
United States & rest of world (outside EU/EEA, EFTA, UK)
Alinkah Labs, Inc. · 548 Market Street, PMB 12894, San Francisco, CA 94104, USA
Email: privacy@alinkah.com
EU/EEA, EFTA, or UK residents
Alinkah Labs Europe Ltd. · 28-32 Pembroke Street Lower, Dublin 2, D02 NT02, Ireland
Email: eu-privacy@alinkah.com
13. Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will provide reasonable notice (for example, in-app notice or email). The "Last updated" date shows the current version. Continuing to use Alinkah after changes take effect means you agree to the revised Policy.
Additional product notes
- Chronological default; Lenses are opt-in with visible "Why."
- Audience visibility is enforced at query time; we do not leak non-visible content.
- Human-first platform; we don't use AI to curate feeds or manipulate your experience.
- Private reactions and reputation display as a Bayesian-smoothed percentage of 5.0.
- Stripe powers payments; webhook signatures are verified and card PANs are never stored.
Contact
Support: support@alinkah.com
Data protection: privacy@alinkah.com
Postal: 548 Market Street, PMB 12894, San Francisco, CA 94104, USA