andros/org-social-ios
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
org-social-ios/PRIVACY.md
T
andros d516a08f3e Add privacy policy and 6.5-inch App Store screenshots 
PRIVACY.md spells out that the app is a decentralized client: no
collection, no analytics, no third-party SDKs. Posts go to the user's
own vfile host and the relay sees only public post URLs. Required for
App Store Connect's privacy questionnaire.

The 6.5-inch screenshots are the 5.8/6.1/6.5-inch class size App Store
Connect accepts (1242x2688), resampled from the iPhone 17 Pro captures.
2026-04-28 22:01:28 +01:00

63 lines
3.2 KiB
Markdown
Raw Permalink Blame History

# Privacy Policy
_Last updated: 2026-04-28_
Org Social for iOS ("the app") is a client for the [Org Social](https://github.com/tanrax/org-social) protocol, a decentralized social network based on plain-text `social.org` files served over HTTP. The app is open source.
This document describes, in plain language, what the app does with data.
## Short version
The app does not collect, store, or transmit any personal data to servers operated by the developer. There are no accounts, no analytics, no advertising, no tracking, and no third-party SDKs.
## What stays on your device
The following information is stored locally in iOS preferences and the app's sandboxed file storage. It never leaves your device unless you explicitly publish a post:
- The public URL of your `social.org` feed.
- The vfile upload URL (which already contains its own authentication token) used to publish posts to your chosen host.
- Application preferences (default language, preview-link toggles, relay URL, last-read positions, draft posts).
- A local cache of feeds you read.
You can wipe all of this at any time by deleting the app from your device.
## Where your posts go
When you publish a post, the app uploads your updated `social.org` file to the vfile host you configured in Settings. The developer does not operate any vfile host. You choose the server (for example `host.org-social.org`, your own domain, or any other Org Social host). What that host stores, retains, or makes public is governed by that host's own privacy policy, not this one.
`social.org` files are public by design: anyone with the URL can read them. Do not put information in your feed that you would not publish on a public web page.
## The relay
The app reads timeline data from a public Org Social relay (default: `https://relay.org-social.org`). The relay is operated by a third party, not the developer. The app sends the relay only:
- HTTP `GET` requests with public feed URLs and public post URLs in the query string, to fetch reply threads, reactions, and search results.
- HTTP `POST` to `/feeds/` to register your public feed URL with the relay so it discovers your posts.
The relay does not receive your vfile token, your device identifier, or any private content. You can change the relay URL or disable relay-backed features in Settings. See the relay's own documentation for its data-handling practices.
## Third parties
The app does not embed any analytics, advertising, crash reporting, or tracking SDKs. No data is shared with third parties for marketing or profiling purposes.
External servers the app connects to are limited to:
- The vfile host you configured (to upload your `social.org`).
- The relay you configured (to read public timeline metadata).
- The public URLs of feeds you follow (to read their `social.org` files).
- Avatar image URLs referenced inside those public feeds.
All of these connections use standard HTTPS.
## Children
The app is not directed at children under 13 and does not knowingly collect any data from them. There is no data collection at all.
## Changes
If this policy changes, the new version will replace this document and the "Last updated" date above will be revised.
## Contact
Questions about this policy: `hi@andros.dev`.
Reference in New Issue View Git Blame Copy Permalink