🎵🎶🎵🎶Ciripi
ciripi
your moment of nature
CiripiCiripi
Log inSign up

Legal

Privacy Policy

Last updated: May 24, 2025

1. Introduction

Ciripi ("we", "our", "us") operates the Ciripi social platform accessible at ciripi.com and as a Progressive Web App. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.

By using Ciripi you agree to the collection and use of information in accordance with this policy. If you disagree with any part, please discontinue use of the service.

2. Data we collect

2.1 Account data

When you create an account we collect:

  • Email address (for authentication and communications)
  • Username (your chosen public display name)
  • Password (stored as a cryptographic hash — never in plain text)

2.2 Profile data

Optionally, you may provide:

  • Profile photo and cover image
  • Bio text
  • Interests / tags

2.3 Location data

Location data is entirely optional. If you enable location-based filtering we store:

  • Latitude and longitude of your pinned location
  • Your chosen range radius (km)
  • A human-readable location label you choose (e.g. "Berlin")

Your coordinates are never shared with other users. They are used solely to filter your feed server-side.

2.4 User-generated content

We store all content you create: posts, comments, images, videos, and reactions.

2.5 Usage data

We may collect anonymised analytics data including page views, feature usage, and performance metrics via web vitals (no personal identifier is attached).

2.6 Technical data

Standard server logs may include IP address, browser type, device type, and timestamps. Logs are retained for a maximum of 30 days.

3. How we use your data

  • Providing and improving the Ciripi service
  • Filtering your feed by geographic range
  • Sending notifications you opted in to receive
  • Enforcing our Terms of Service and community guidelines
  • Detecting and preventing abuse, fraud, and security incidents
  • Responding to support requests

We do not sell your personal data to third parties, serve targeted advertising, or use your data to build a commercial profile.

4. Cookies and local storage

Ciripi uses two categories of storage:

  • Essential cookies — authentication tokens required for you to stay logged in. These cannot be disabled.
  • Performance cache (optional) — we store recently fetched feed data in your browser's localStorage to speed up page loads. Only enabled after you accept cookies. You can clear this at any time by logging out or clearing site data in your browser settings.

A cookie consent banner appears on your first visit. Choosing "Essential only" limits us to authentication cookies only.

5. Data sharing

We share data only with:

  • Supabase — our database and authentication provider. Data is stored in EU data centres. Supabase is GDPR-compliant.
  • Vercel — our hosting provider for edge delivery. No personal data is retained by Vercel beyond standard access logs.

We never share data with advertisers, data brokers, or analytics companies that track users across the web.

6. Data retention

  • Account data is retained while your account is active.
  • Deleted posts are removed from the database immediately.
  • On account deletion, all personal data is permanently erased within 30 days.
  • Server logs are purged after 30 days.

7. Your rights

Under GDPR and similar regulations you have the right to:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct inaccurate data via your profile settings.
  • Erasure — request permanent deletion of your account and data.
  • Portability — request an export of your content in machine-readable format.
  • Objection — object to processing where we rely on legitimate interests.
  • Restriction — ask us to limit processing in certain circumstances.

To exercise any of these rights, email us at privacy@ciripi.com. We will respond within 30 days.

8. Security

We use industry-standard security measures: HTTPS everywhere, bcrypt-hashed passwords, row-level security (RLS) on all database tables, and least-privilege API key scopes. No system is 100% secure; in the event of a breach we will notify affected users within 72 hours as required by GDPR.

9. Children

Ciripi is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has created an account, please contact us and we will delete the account immediately.

10. Changes to this policy

We may update this policy periodically. When we do, we update the "Last updated" date at the top and, for material changes, notify users via email or an in-app notice. Continued use after changes constitutes acceptance.

11. Contact

Questions about this policy or your data? Contact us at privacy@ciripi.com.