Privacy Policy

Welcome to Chirp ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information. This Privacy Policy explains our practices regarding data collection and usage when you use our social media platform.

1. Information We Collect

1.1 Information You Provide

When you create an account or use Chirp, we collect:

• Account Information: Full name, email address, username, password (encrypted), and profile picture
• Profile Information: Bio, location, website, date of birth, and other optional profile details
• Content: Posts, stories, messages, comments, likes, and media files you upload
• Communications: Messages you send through our platform and your interactions with other users

1.2 Information Collected Automatically

• Usage Data: Pages viewed, features used, time spent on platform, search queries
• Device Information: IP address, browser type, operating system, device identifiers
• Location Data: Approximate location based on IP address (with your consent for precise location)
• Cookies and Similar Technologies: We use cookies, web beacons, and similar technologies to enhance your experience

1.3 Information from Third Parties

• Social Login: When you sign in using Google OAuth, we receive your name, email address, and profile picture from Google
• Authentication Services: We use Clerk for authentication, which may collect additional account security information

2. How We Use Your Information

We use the collected information for the following purposes:

• Provide Services: Create and manage your account, deliver features, enable communication
• Personalization: Customize your feed, recommend content and connections
• Communication: Send notifications, updates, security alerts, and marketing communications (with consent)
• Security: Protect against fraud, abuse, and security threats; verify user identity
• Analytics: Understand usage patterns, improve features, and develop new services
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service
• AI Features: Process content for AI-powered recommendations and content generation (when you use AI features)

3. Information Sharing and Disclosure

3.1 Public Information

Content you post publicly (posts, stories, profile information) is visible to all Chirp users and may be indexed by search engines.

3.2 With Your Consent

We share information when you explicitly authorize us to do so.

3.3 Service Providers

We share data with trusted third-party service providers who help us operate our platform:

• Cloud Storage: ImageKit for media storage and CDN
• Database: MongoDB Atlas for data storage
• Authentication: Clerk and Google OAuth for secure login
• Email Services: SMTP providers for transactional emails
• Background Jobs: Inngest for task processing
• Payment Processing: Stripe for subscription payments

3.4 Legal Requirements

We may disclose information if required by law, legal process, or government request, or to:

• Comply with legal obligations
• Protect our rights, privacy, safety, or property
• Prevent fraud or illegal activities
• Respond to emergencies

3.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All passwords are hashed using bcrypt with 12 salt rounds
• Secure Transmission: HTTPS/TLS encryption for data in transit
• Access Controls: Limited access to personal data, with strict authentication
• Regular Security Audits: Ongoing monitoring and testing for vulnerabilities
• Session Management: Secure session tokens with httpOnly and secure flags

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

5. Your Rights and Choices

5.1 Access and Correction

You can access and update your account information through your profile settings.

5.2 Account Deletion

You may delete your account at any time. Upon deletion:

• Your profile and content will be permanently removed
• Some information may be retained for legal or security purposes
• Cached or archived content may persist temporarily

5.3 Data Portability

You can request a copy of your data in a machine-readable format by contacting us.

5.4 Marketing Communications

You can opt out of marketing emails by clicking "unsubscribe" or updating your notification preferences.

5.5 Cookies

You can control cookies through your browser settings, but some features may not function properly without them.

5.6 California Privacy Rights (CCPA)

California residents have additional rights including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising privacy rights

5.7 European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights including:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

6. Children's Privacy

Chirp is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

8. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

9. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account Data: Until you delete your account, plus retention period for legal compliance
• Stories: Automatically deleted after 24 hours
• Messages: Retained until deleted by user or account deletion
• Logs and Analytics: Typically retained for 90 days to 2 years

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy with a new effective date
• Sending an email notification (for significant changes)
• Displaying a prominent notice on the platform

Your continued use of Chirp after changes become effective constitutes acceptance of the updated Privacy Policy.

11. Google OAuth Data Usage

When you sign in with Google, we receive limited information from Google:

• Your name and email address (used to create and identify your account)
• Your Google profile picture (optional, used as your Chirp profile picture)

We use this information solely for authentication and account creation. We comply with Google's OAuth policies and do not share your Google data with third parties except as described in this policy.

12. AI and Automated Processing

We use artificial intelligence and automated systems to:

• Generate content recommendations and personalized feeds
• Detect and prevent spam, abuse, and harmful content
• Provide AI-powered features (when you use AI Studio)
• Analyze usage patterns and improve our services

You can opt out of certain AI features through your account settings.