Privacy Policy · v4.2

How we handle your data.

We wrote this in plain language first, lawyer-speak second. Every section has a one-sentence summary. If plain English and the legal text ever disagree, the plain English is what we meant.

Effective: March 14, 2025 Last updated: March 14, 2025 Next review: Sep 2025
Download PDF Changelog Exercise my rights

What we collect

The minimum to run the product: email for account recovery, a hash of your password, and metadata needed to deliver posts to the right people.

What we don't

We don't scan your messages, build ad profiles, or sell data. Ever. There is no ad product and no plan to build one.

?

Who sees it

A small engineering and support team, subject to access logs and annual third-party audits. No law enforcement access without a valid warrant.

Your rights

Export, delete, correct, or port your data at any time — from inside the app. No forms, no waiting for a human.

1. Data we collect

In short: account basics (email, password hash), content you post, and minimum metadata needed to deliver messages. Not your contacts, not your location, not your browsing history outside Clikkin.

Account data

  • Email address — for recovery and system notifications. Not used for marketing unless you opt in.
  • Password hash — Argon2id. We cannot read or recover your password.
  • Display name & avatar — only what you choose to show.

Content

  • Posts, messages, media, and reactions you create. Visible to the audience you choose.
  • Direct messages are end-to-end encrypted. We cannot read them.

Metadata

  • Device type and OS version (for compatibility debugging).
  • Aggregate usage counts (posts per day, etc.) — no per-session tracking.
  • IP address at signup only (abuse prevention). Discarded after 30 days.
Show the full legal version

"Personal Data" means any information relating to an identified or identifiable natural person as defined under GDPR Article 4(1), CCPA §1798.140(v), and equivalent provisions in applicable jurisdictions. The categories enumerated in this Section constitute the complete scope of Personal Data processed by Clikkin, Inc. ("Clikkin," "we," "us"), acting as Controller within the meaning of GDPR Article 4(7)…

(Continues for another 1,400 words. Download the PDF if you want the whole thing.)

2. How we use it

In short: to deliver the service, keep it safe, and reply to you. That's the whole list.

Operate the service

Route posts, deliver notifications, sync your vault. Legal basis: contract (GDPR 6(1)(b)).

Security & abuse

Detect bots, prevent spam, respond to verified reports. Legal basis: legitimate interest (GDPR 6(1)(f)).

Support

Answer your questions. We only access your account when you grant explicit, time-limited permission.

Product improvement

Aggregate crash reports and opt-in diagnostics. Never individual content review.

Advertising

We don't. No ad targeting, no look-alike audiences, no pixel trackers, no "anonymized" profile resale.

Training AI models

We do not train AI models on your messages, posts, or media. Full stop.

3. Who we share with

In short: sub-processors listed publicly, audited annually. Nobody else.

Sub-processorPurposeRegionSince
AWSCloud hosting (US regions)US-East, US-West2021
HetznerEU hosting mirrorGermany, Finland2022
CloudflareDDoS + edge CDN (no request content retained)Global edge2021
PostmarkTransactional emailUS2021
StripePayment processingUS / EU2022
Apple & GooglePush notifications (token only)US2021

We notify admins 30 days before adding or changing a sub-processor. Subscribe to the list.

4. Storage & security

In short: encrypted at rest, encrypted in transit, DMs end-to-end encrypted. SOC 2 Type II audited.

  • TLS 1.3 for everything over the wire.
  • AES-256 at rest. Keys managed in AWS KMS with automatic rotation.
  • Direct messages use the Signal protocol. We hold no private keys.
  • Annual third-party penetration test. Latest report: Feb 2025.
  • Bug bounty program with payouts up to $10,000. Scope and rules at trust.html.

5. Retention

In short: we keep it as long as you have an account, unless you ask us to delete sooner.

Posts & profileUntil you delete them, or your account
Direct messagesStored encrypted on your device. We hold them briefly for delivery only.
Signup IP30 days
Support tickets90 days after resolution
Access & security logs180 days
Billing records7 years (US tax requirement)
BackupsEncrypted, rotated every 35 days

6. Your rights

In short: you own your data. Export, delete, correct, or port it from Settings → Privacy. No forms, no delays.

Export everythingZIP with posts, media, contacts, settings · ~30s Delete my account72-hour grace period, then purged from all systems Correct infoEdit any field from your profile screen Port to another serviceActivityPub-compatible export Object or restrictEmail contact@clikkin.com Withdraw consentRevoke per-feature permissions in Settings

We respond to rights requests within 30 days, typically the same day for app-initiated ones. If you think we got it wrong, you may lodge a complaint with your local Data Protection Authority.

7. Children

In short: 13+ in most jurisdictions, 16+ in the EU. If we learn we've collected data from a child below the age of consent, we delete it immediately.

Clikkin is not directed at children under 13 (or under 16 in the EU / UK). We don't knowingly collect data from them. If you believe we have, email contact@clikkin.com and we'll delete it within 24 hours.

8. International transfers

In short: EU data stays in the EU by default. Other transfers use Standard Contractual Clauses.

If you sign up with an EU billing address or phone country code, your account is provisioned on our Frankfurt region and never leaves unless you opt to travel it. For cross-border support or global sub-processors, we rely on the EU Commission's Standard Contractual Clauses and the UK IDTA where applicable.

9. Cookies & analytics

In short: one session cookie and, on the marketing site, one self-hosted analytics pixel that doesn't fingerprint. No third-party trackers.

cl_sessionSession cookie · keeps you logged in · expires when you log out
cl_csrfCSRF protection · session-only
cl_analyticsSelf-hosted Plausible page counter · no cross-site, no fingerprint · opt-out: here

10. Law enforcement requests

In short: valid warrant required. We publish a transparency report twice a year. We will challenge overbroad requests.

We require a court order or subpoena issued under US law, served to our registered agent. We do not respond to informal requests, foreign government requests without MLAT, or requests for bulk data. Where legally permitted, we notify the affected user before disclosure.

Transparency report →

11. Changes to this policy

In short: 30 days' notice for anything material. Every change is logged.

v4.2Mar 14, 2025Added EU Frankfurt region as default for EU billing addresses.
v4.1Nov 02, 2024Clarified we don't train AI models on user content. Always been true, now explicit.
v4.0Jul 18, 2024Rewrote for plain-language first, added the at-a-glance summary.
v3.3Feb 09, 2024Added Hetzner as EU hosting sub-processor.
v3.2Aug 22, 2023CCPA updates; added California rights section.

12. Contact our DPO

Our Data Protection Officer is reachable at contact@clikkin.com. EU representative for GDPR Article 27: Clikkin EU Rep, c/o Privee Representatives, Dublin 2, Ireland. UK representative: Clikkin UK Rep, c/o Privee Representatives UK Ltd, London EC2A 4NE.

Need the formal version?

Download a timestamped PDF of this policy, signed with our PGP key. Suitable for vendor questionnaires and DPA attachments.