# Privacy Policy _Last updated: 2026-04-28_ Org Social for iOS ("the app") is a client for the [Org Social](https://github.com/tanrax/org-social) protocol, a decentralized social network based on plain-text `social.org` files served over HTTP. The app is open source. This document describes, in plain language, what the app does with data. ## Short version The app does not collect, store, or transmit any personal data to servers operated by the developer. There are no accounts, no analytics, no advertising, no tracking, and no third-party SDKs. ## What stays on your device The following information is stored locally in iOS preferences and the app's sandboxed file storage. It never leaves your device unless you explicitly publish a post: - The public URL of your `social.org` feed. - The vfile upload URL (which already contains its own authentication token) used to publish posts to your chosen host. - Application preferences (default language, preview-link toggles, relay URL, last-read positions, draft posts). - A local cache of feeds you read. You can wipe all of this at any time by deleting the app from your device. ## Where your posts go When you publish a post, the app uploads your updated `social.org` file to the vfile host you configured in Settings. The developer does not operate any vfile host. You choose the server (for example `host.org-social.org`, your own domain, or any other Org Social host). What that host stores, retains, or makes public is governed by that host's own privacy policy, not this one. `social.org` files are public by design: anyone with the URL can read them. Do not put information in your feed that you would not publish on a public web page. ## The relay The app reads timeline data from a public Org Social relay (default: `https://relay.org-social.org`). The relay is operated by a third party, not the developer. The app sends the relay only: - HTTP `GET` requests with public feed URLs and public post URLs in the query string, to fetch reply threads, reactions, and search results. - HTTP `POST` to `/feeds/` to register your public feed URL with the relay so it discovers your posts. The relay does not receive your vfile token, your device identifier, or any private content. You can change the relay URL or disable relay-backed features in Settings. See the relay's own documentation for its data-handling practices. ## Third parties The app does not embed any analytics, advertising, crash reporting, or tracking SDKs. No data is shared with third parties for marketing or profiling purposes. External servers the app connects to are limited to: - The vfile host you configured (to upload your `social.org`). - The relay you configured (to read public timeline metadata). - The public URLs of feeds you follow (to read their `social.org` files). - Avatar image URLs referenced inside those public feeds. All of these connections use standard HTTPS. ## Children The app is not directed at children under 13 and does not knowingly collect any data from them. There is no data collection at all. ## Changes If this policy changes, the new version will replace this document and the "Last updated" date above will be revised. ## Contact Questions about this policy: `hi@andros.dev`.