org-social/org-social-ios
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
org-social-ios/PRIVACY.md
T
andros b04da850e4 EULA gate, block accounts and 24h moderation commitment 
App Store guideline 1.2 requires four UGC controls; this lands three of
them and updates the privacy policy with the 24 h response commitment.

EULA gate: a fullScreenCover is shown over RootView whenever the stored
eulaAcceptedVersion is below EULAView.currentVersion. The view links to
the Apple Standard EULA and spells out the project-specific zero-tolerance
clause that the rejection letter quoted verbatim. Bumping currentVersion
forces re-acceptance after the terms change. Settings -> About -> "Terms
of Use" reopens the same view in read-only mode.

Block accounts: BlockList is an @Observable singleton that persists a
JSON array of FollowCoordinator-normalised feed URLs in UserDefaults.
ProfileView gains a Block / Unblock button next to View social.org for
non-own profiles. Settings exposes the list with an Unblock action per
row. Filtering happens at render time in TimelineView and NotificationsView
so blocking from a profile removes content from the feed instantly, as
the rejection letter requires; load-time filtering in the view models
stays as defense in depth.

PRIVACY.md grows a "Moderation and reports" section that names the three
tools, commits to acting on reports within 24 hours, and restates the
zero-tolerance policy. Apple expects this text in the public privacy
policy; the same wording will go into the App Review Information Notes
when we resubmit.

Report post and the in-app mirror of the 24 h paragraph remain open;
both depend on the developer-notification channel decision.
2026-05-02 08:45:41 +02:00

75 lines
4.2 KiB
Markdown
Raw Permalink Blame History

# Privacy Policy
_Last updated: 2026-04-28_
Org Social for iOS ("the app") is a client for the [Org Social](https://github.com/tanrax/org-social) protocol, a decentralized social network based on plain-text `social.org` files served over HTTP. The app is open source.
This document describes, in plain language, what the app does with data.
## Short version
The app does not collect, store, or transmit any personal data to servers operated by the developer. There are no accounts, no analytics, no advertising, no tracking, and no third-party SDKs.
## What stays on your device
The following information is stored locally in iOS preferences and the app's sandboxed file storage. It never leaves your device unless you explicitly publish a post:
- The public URL of your `social.org` feed.
- The vfile upload URL (which already contains its own authentication token) used to publish posts to your chosen host.
- Application preferences (default language, preview-link toggles, relay URL, last-read positions, draft posts).
- A local cache of feeds you read.
You can wipe all of this at any time by deleting the app from your device.
## Where your posts go
When you publish a post, the app uploads your updated `social.org` file to the vfile host you configured in Settings. The developer does not operate any vfile host. You choose the server (for example `host.org-social.org`, your own domain, or any other Org Social host). What that host stores, retains, or makes public is governed by that host's own privacy policy, not this one.
`social.org` files are public by design: anyone with the URL can read them. Do not put information in your feed that you would not publish on a public web page.
## The relay
The app reads timeline data from a public Org Social relay (default: `https://relay.org-social.org`). The relay is operated by a third party, not the developer. The app sends the relay only:
- HTTP `GET` requests with public feed URLs and public post URLs in the query string, to fetch reply threads, reactions, and search results.
- HTTP `POST` to `/feeds/` to register your public feed URL with the relay so it discovers your posts.
The relay does not receive your vfile token, your device identifier, or any private content. You can change the relay URL or disable relay-backed features in Settings. See the relay's own documentation for its data-handling practices.
## Third parties
The app does not embed any analytics, advertising, crash reporting, or tracking SDKs. No data is shared with third parties for marketing or profiling purposes.
External servers the app connects to are limited to:
- The vfile host you configured (to upload your `social.org`).
- The relay you configured (to read public timeline metadata).
- The public URLs of feeds you follow (to read their `social.org` files).
- Avatar image URLs referenced inside those public feeds.
All of these connections use standard HTTPS.
## Moderation and reports
Org Social is a federated client; the app does not host any feed and does not algorithmically promote content. Even so, the app provides in-app moderation tools so you can curate what reaches you and report abuse:
- **Mute words**: filter posts containing words or phrases you do not want to see.
- **Block account**: hide every post and notification from a specific feed URL, instantly.
- **Report post**: flag a post you find objectionable.
We act on objectionable-content reports within 24 hours by removing the offending post from any local index we maintain and ejecting the reported author from features that depend on us. Because Org Social is decentralised, removal from the public web requires action on the host that serves the feed; we cooperate with hosts and platforms when their terms apply.
By using the app you agree to these terms and to a zero-tolerance policy for harassment, hate speech, sexual content involving minors, doxxing, intellectual-property infringement, and any content that violates applicable law.
## Children
The app is not directed at children under 13 and does not knowingly collect any data from them. There is no data collection at all.
## Changes
If this policy changes, the new version will replace this document and the "Last updated" date above will be revised.
## Contact
Questions about this policy: `hi@andros.dev`.
Reference in New Issue View Git Blame Copy Permalink