Privacy Policy

Last updated: March 13, 2026

1. Who We Are

Purefeed ("we", "us", "our") operates the purefeed.ai service. For privacy-related questions, contact us at privacy@purefeed.ai.

2. Information We Collect

2.1 Information You Provide

  • Account registration: email address, username, and password (stored as a bcrypt hash — we never store plaintext passwords)
  • Profile information: display name, avatar, X/Twitter handle, Telegram ID
  • Content: signals, search queries, and other content you create within the service

2.2 Information from OAuth Providers

When you sign in with Google or X/Twitter, we receive your email address, display name, and profile picture from the provider. We do not access your contacts, posts, or other account data beyond what is needed for authentication.

2.3 Automatically Collected Information

  • Authentication cookies: session tokens required to keep you signed in (see Section 8)
  • Usage data: pages visited, features used, and interaction patterns

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

  • Contractual necessity (Art. 6(1)(b)): to create and maintain your account, provide the service, and process your requests
  • Legitimate interest (Art. 6(1)(f)): to operate, secure, and improve the service, prevent fraud, and ensure platform stability
  • Consent (Art. 6(1)(a)): where applicable, such as for optional email communications — you may withdraw consent at any time

4. How We Use Your Data

  • Provide, maintain, and improve the service
  • Authenticate your identity and manage your account
  • Send transactional emails (password resets, verification)
  • Respond to support requests

5. Third-Party Service Providers

We share data with the following processors:

  • Supabase — database hosting, authentication, and storage (data processor under GDPR)
  • Vercel — web application hosting and CDN
  • Google — OAuth authentication provider (only when you choose to sign in with Google)
  • X/Twitter — OAuth authentication provider (only when you choose to sign in with X)

We do not sell your personal data to third parties.

6. Data Retention

  • Account data: retained for as long as your account is active. Deleted when you delete your account.
  • Usage data: retained for up to 12 months, then anonymized or deleted.
  • Backups: may persist for up to 30 days after deletion as part of standard backup cycles.

7. Your Rights (GDPR)

If you are in the EU/EEA, you have the following rights:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate data via your Profile Settings
  • Erasure: delete your account and all associated data from Profile Settings using the "Delete Account" button
  • Restriction: request that we limit processing of your data
  • Portability: receive your data in a machine-readable format
  • Objection: object to processing based on legitimate interest

To exercise these rights, use the self-service options in your Profile Settings or email us at privacy@purefeed.ai. We will respond within 30 days.

8. Cookies

We use only strictly necessary cookies for authentication and session management. These cookies are essential for the service to function and cannot be disabled.

  • Session cookie (sb-*-auth-token): stores your encrypted session token to keep you signed in. Expires when your session ends or after the configured timeout.

We do not use any analytics, advertising, or tracking cookies. No cookie consent banner is required because we only use cookies that are strictly necessary under the ePrivacy Directive (Art. 5(3)).

9. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising CCPA rights

We do not sell personal information. To exercise your rights, contact privacy@purefeed.ai.

10. Security

We protect your data through:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest for stored data
  • Passwords hashed with bcrypt (never stored in plaintext)
  • Row-Level Security (RLS) policies on all database tables

11. International Transfers

Your data may be processed outside the EU/EEA. Our service providers (Supabase, Vercel) maintain appropriate safeguards including Standard Contractual Clauses (SCCs) for international data transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, contact us at:
privacy@purefeed.ai