Back to legal documents

Legal beta

Privacy policy

Summary of the data processed by Socially, purposes, user rights and processors.

Updated on May 10, 2026

Controller

Socially is published on a non-professional basis. For GDPR requests, contact hippolyte.devweb@gmail.com.

Data processed

  • Account data: name, email, password handled by the authentication system, OAuth provider when applicable.
  • Profile data: display name, username, avatar, banner, bio, language, theme, categories and onboarding information.
  • Social activity: posts, post images, comments, likes, follows, blocks, notifications, reports and search history.
  • Private messaging: 1-to-1 conversations, messages, read status and participants.
  • Technical data: sessions, IP address and user-agent when retained by authentication, error logs, rate limiting and security data.
  • First-party acquisition data: cookie consent, UTMs, referrer domain, language and visit count before signup.

Purposes and legal bases

  • Providing the social network: performance of the terms of use.
  • Authenticating users and protecting accounts: service performance and legitimate security interest.
  • Displaying public profiles, posts, comments and interactions: service performance.
  • Moderation, abuse prevention, reports and security: legitimate interest and applicable legal obligations.
  • Non-essential cookies and acquisition measurement: consent.
  • Support, GDPR requests and disputes: legal obligation or legitimate interest depending on the request.

Export and deletion

The data area lets users download a product export of the main account and activity data. This export is not presented as an exhaustive GDPR copy of every stored item.

A more complete access, correction, objection, restriction or deletion request can be sent by email.

Account deletion happens in two steps: the public profile is hidden quickly, then application data is anonymized or deleted after 30 days, unless minimal retention is required for security, moderation or legal reasons.

Processors and external services

  • Vercel: hosting, deployment and web infrastructure.
  • IONOS: domain name registration.
  • Cloudinary: storage and delivery of profile images, banners and post images.
  • OpenAI: assistance with automatic moderation of submitted text and images.
  • Resend: transactional email delivery.
  • Sentry: application error monitoring and technical diagnostics.
  • Pusher: real-time notifications and messaging.
  • Upstash Redis: rate limiting and anti-abuse mechanisms.
  • Google and Microsoft: OAuth authentication when selected by the user.

Transfers outside the European Union

Some providers may process data outside the European Union. Socially relies on the contractual safeguards and mechanisms provided by those providers where such transfers exist.

User rights

You may request access, correction, deletion, restriction, objection, portability where applicable, or withdrawal of consent by emailing hippolyte.devweb@gmail.com. You may also contact the French CNIL if you believe your rights are not respected.