Privacy Policy

Effective Date: October 16, 2024

Last Updated: October 16, 2024

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide when using our Service:

• Account Information: Username, email address, password, display name, bio, and profile picture
• Content: Posts, comments, messages, photos, videos, and other content you create or share
• Communications: Messages you send to other users, support tickets, and feedback
• Payment Information: Billing details for subscriptions (processed securely by PayPal)

1.2 Information Collected Automatically

When you use Slash Social, we automatically collect certain information:

• Usage Data: Pages viewed, features used, time spent on the Service, and interaction patterns
• Device Information: Device type, operating system, browser type, IP address, and unique device identifiers
• Location Data: General location based on IP address (not precise GPS location)
• Cookies and Similar Technologies: Session cookies, preference cookies, and analytics data

1.3 Information from Third Parties

• Google OAuth: When you sign up or log in with Google, we receive your name, email, and profile picture
• PayPal: Payment and subscription information for premium features

2. How We Use Your Information

We use your information for the following purposes:

2.1 Provide and Improve the Service

• Create and manage your account
• Enable you to post content and communicate with others
• Personalize your experience and show relevant content
• Develop new features and improve existing ones
• Analyze usage patterns to optimize performance

2.2 Communications

• Send verification emails and account notifications
• Respond to your inquiries and support requests
• Send service updates and important announcements
• Send promotional emails (only if you opt-in)

2.3 Safety and Security

• Detect and prevent fraud, abuse, and violations of our Terms of Service
• Protect against security threats and unauthorized access
• Enforce our policies and comply with legal obligations
• Verify user identity and prevent account takeovers

2.4 Legal Compliance

• Comply with court orders, subpoenas, and legal processes
• Respond to law enforcement requests (see Section 8)
• Protect the rights, property, and safety of Slash Social and our users

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Public Content

Content you post publicly (posts, profile information, comments) is visible to other users and may be searchable by search engines.

3.2 With Other Users

• Messages you send to other users are visible to those recipients
• Your profile information is visible to users who visit your profile (subject to privacy settings)
• Group chat participants can see all messages in the group

3.3 Service Providers

We share information with third-party service providers who help us operate the Service:

• Cloud Hosting: Server infrastructure and data storage
• Email Services: Gmail API for sending verification and notification emails
• Payment Processing: PayPal for subscription payments
• Analytics: Usage analytics and performance monitoring

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.4 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests:

• Court orders and subpoenas
• Law enforcement investigations
• National security requests
• To prevent harm or illegal activity

3.5 Business Transfers

If Slash Social is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4. Data Retention and Deletion

4.1 How Long We Keep Your Data

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

• Active Accounts: Information is retained while your account is active
• Deactivated Accounts: Information is retained for 90 days after deactivation, then archived
• Deleted Content: Soft-deleted (see Section 4.2 below)
• Legal Compliance: Some data may be retained longer for legal, security, or safety purposes

4.2 Soft Delete Policy (Important)

4.3 Permanent Deletion

You can request permanent deletion of your account and all associated data by contacting us at privacy@slash-social.com. Please note:

• Deletion requests are processed within 30 days
• Some information may be retained for legal compliance (e.g., if under investigation)
• Publicly shared content may remain in archives or backups
• We cannot delete content that has been copied or shared by other users

5. Your Privacy Rights and Controls

5.1 Access and Portability

You have the right to:

• Access: Request a copy of your personal information
• Portability: Receive your data in a structured, machine-readable format
• Export: Download your content, posts, and messages

To request your data, go to Settings > Privacy > Download My Data

5.2 Correction and Update

You can update your account information at any time through Settings. This includes:

• Profile information (name, bio, avatar)
• Email address (requires verification)
• Password
• Privacy settings

5.3 Privacy Settings

You control who can see your content and contact you:

• Profile Visibility: Public, followers only, or private
• Message Requests: Allow or block message requests from non-followers
• Email Notifications: Control which emails you receive
• Search Visibility: Control if your profile appears in search results

Manage these settings at: Settings > Privacy

5.4 Marketing Communications

You can opt-out of promotional emails by:

• Clicking "Unsubscribe" in any promotional email
• Adjusting email preferences in Settings > Notifications

Note: You cannot opt-out of service-related emails (account verification, security alerts, etc.)

6. Security

We implement industry-standard security measures to protect your information:

6.1 Technical Safeguards

• Encryption: HTTPS/TLS encryption for data in transit
• Password Security: Passwords are hashed using bcrypt
• Session Management: Secure session tokens with Redis
• Rate Limiting: Protection against brute force attacks
• Security Headers: Helmet.js for enhanced security

6.2 Access Controls

• Administrative access is limited to authorized personnel
• Multi-factor authentication for admin accounts
• Regular security audits and vulnerability assessments
• Logging and monitoring of suspicious activity

6.3 Your Responsibilities

You can help keep your account secure by:

• Using a strong, unique password
• Enabling two-factor authentication (if available)
• Not sharing your password with others
• Logging out on shared devices
• Reporting suspicious activity immediately

6.4 Data Breaches

In the event of a data breach that affects your information, we will:

• Notify affected users within 72 hours
• Provide details about what information was compromised
• Explain steps we're taking to address the breach
• Recommend actions you should take to protect yourself

7. Cookies and Tracking

7.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve the Service.

7.2 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (login sessions, security)
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how you use the Service
• Session Cookies: Temporary cookies that expire when you close your browser

7.3 Managing Cookies

You can control cookies through your browser settings:

• Block all cookies
• Accept only first-party cookies
• Delete cookies after each session

Note: Blocking cookies may affect the functionality of the Service.

8. Law Enforcement and Legal Requests

8.1 When We Disclose Information

We may disclose user information (including deleted content) in response to:

• Valid court orders
• Subpoenas
• Search warrants
• Emergency requests (imminent threat of death or serious injury)
• National security letters (with proper legal authority)

8.2 Deleted Content Access

Important: As described in Section 4.2, deleted conversations and messages are retained in our database and can be accessed by law enforcement with proper legal documentation.

This includes:

• Messages you've deleted from your view
• Conversations you've removed
• Content deleted by other users

8.3 Our Review Process

Before disclosing information, we:

• Verify the legal validity of the request
• Ensure the request is appropriately narrow in scope
• Object to overly broad or vague requests
• Notify affected users when legally permitted

8.4 Audit Trail

All law enforcement data access is logged with:

• Date and time of request
• Requesting agency and officer
• Legal document reference
• Data accessed
• IP address of requester

8.5 User Notification

We will attempt to notify users before disclosing their information, unless:

• We are legally prohibited from doing so
• There is an imminent threat to life or safety
• The request involves child safety
• A court order prohibits notification

9. Children's Privacy

Slash Social is intended for users aged 13 and older. We comply with the Children's Online Privacy Protection Act (COPPA):

• We do not knowingly collect information from children under 13
• If we learn that a child under 13 has created an account, we will delete it immediately
• Parents who believe their child has created an account should contact us at privacy@slash-social.com

Users aged 13-17 should have parental consent before using the Service.

10. International Data Transfers

Slash Social is operated in the United States. If you access the Service from outside the U.S.:

• Your information will be transferred to and stored in the United States
• U.S. privacy laws may differ from those in your country
• By using the Service, you consent to this transfer

We implement appropriate safeguards for international data transfers in compliance with GDPR and other applicable laws.

11. Third-Party Services

Slash Social may contain links to third-party websites and services. This Privacy Policy does not apply to:

• External websites linked from our Service
• Third-party apps that integrate with Slash Social
• Websites where our content is embedded

We are not responsible for the privacy practices of these third parties. Please review their privacy policies separately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

• We will update the "Last Updated" date at the top of this page
• For material changes, we will notify you via email or in-app notification
• Continued use of the Service after changes constitutes acceptance
• You can review previous versions by contacting us

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your information.

13. Your California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

13.1 Right to Know

• What personal information we collect
• The sources from which we collect it
• Our business purposes for collecting it
• Third parties with whom we share it

13.2 Right to Delete

You can request deletion of your personal information, subject to certain exceptions for legal compliance.

13.3 Right to Opt-Out of Sale

We do not sell your personal information.

13.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

13.5 How to Exercise Your Rights

Email us at privacy@slash-social.com with the subject line "California Privacy Request"

14. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of Access: Obtain a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@slash-social.com

You also have the right to lodge a complaint with your local data protection authority.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

We will respond to your request within 30 days.

---

Summary of Key Points

This Privacy Policy is effective as of October 16, 2024, and was last updated on October 16, 2024.