Privacy Policy

Version 2.3-2026-05-13. Effective: May 13, 2026.

SocialHuman ("we", "us") is a mobile social network where every post is captured live and verified by forensic analysis. This policy explains what personal data we process, why, for how long, and your rights over it, in line with the EU General Data Protection Regulation (GDPR). You can exercise any data-subject right from Settings > Data & Account in the app, or by emailing olli@socialhuman.dev.

In this policy

1. Controller
2. What we collect
3. Why we process it
4. Who we share with
5. International transfers
6. How long we keep it
7. Your rights
8. Automated decisions and Trust Score
9. Minors
10. Cookies
11. Changes
12. Changelog
13. Contact

1. Controller

Olli Airola, Helsinki, Finland. Email: olli@socialhuman.dev. SocialHuman is below the threshold requiring a formal DPO (Art. 37); Olli handles all privacy questions directly.

2. What we collect

• Account data. Email (or Apple relay), username, display name, avatar, human number, birth_year (year only, for the 18+ check), auth provider ID.
• Content. Photos, videos, audio, captions, comments, stories, reactions, highlights, and direct messages. Direct messages are stored as ciphertext only; encryption keys are held on your device, not on our servers. No keystroke timing, composition replays, or other verification signals are collected for direct messages.
• Verification signals. EXIF metadata, accelerometer/gyroscope readings, keystroke timing and text composition replays (snapshots of how your text was typed, including cursor position), short raw video segments, and audio fingerprints collected during capture and when composing posts, comments, circle names and descriptions, story overlays, highlight titles, report details, and profile edits. Keystroke timings, composition replays, and device motion are biometric-adjacent; we treat them as special-category data under Art. 9 and process them on the basis of explicit consent given at signup.
• Verification results. Analyzer scores, verdicts (verified/rejected/flagged), and Trust Score inputs.
• Device diagnostics. App version, OS, device model, and crash data via Sentry (sendDefaultPii: false).
• Subscription status. Premium entitlement and renewal state via RevenueCat. We never see payment card numbers.
• Waitlist data. Email, consent version, unsubscribe token, signup timestamp, IP, and user-agent.
• Consent audit trail. Timestamped record of every consent you give, including policy version, IP, and user-agent (Art. 7(1)).
• Support correspondence. If you email us, we keep the thread.

3. Why we process it (Art. 6)

Activity	Lawful basis
Account, sign-in, feed, messages, subscriptions	Art. 6(1)(b) contract performance.
Verification analysis (forensic analyzers)	Art. 6(1)(f) legitimate interest (anti-bot/deepfake). For biometric-adjacent signals: Art. 9(2)(a) explicit consent.
Trust Score	Art. 6(1)(f) legitimate interest. See Section 8.
Push notifications	Art. 6(1)(a) consent (OS permission prompt).
Waitlist (transactional confirmations)	Art. 6(1)(b) pre-contract steps.
Waitlist marketing emails	Art. 6(1)(a) consent. Every email has a one-click unsubscribe link.
Crash reporting (Sentry)	Art. 6(1)(f) legitimate interest, with PII minimisation.
Security and abuse prevention	Art. 6(1)(f) legitimate interest.
Legal obligations	Art. 6(1)(c) compliance.

4. Who we share with (Art. 28)

Each processor is bound by a data processing agreement. Full details at /legal/processors.

• Supabase (Frankfurt, EU) - database, auth, edge functions.
• Cloudflare R2 (EU) - media storage.
• Fly.io (Stockholm, EU) - verification microservice.
• Sentry (Frankfurt, EU, de.sentry.io) - crash reporting.
• RevenueCat (US, SCCs + DPF) - subscription management.
• Expo / EAS (US, SCCs) - builds, OTA updates, push routing.
• Apple - Sign in with Apple, APNs.
• Google - Sign in with Google, FCM.
• Vercel (US, SCCs + DPF) - website hosting.

We self-host fonts and do not use analytics, advertising, or tracking SDKs.

5. International transfers

Core infrastructure (database, media, verification) runs in the EU. US-based processors operate under Standard Contractual Clauses 2021/914 and, where applicable, the EU-US Data Privacy Framework.

6. How long we keep it (Art. 5(1)(e))

• Account and profile. Life of the account. Deletion has a 14-day grace period, then a scheduled job removes all data and media.
• Raw sensor traces and video segments. Purged 7 days after the post reaches a terminal verdict. Only aggregate scores and the verdict remain.
• Keystroke timing and composition replays. Raw keystroke events and text replay frames are purged 30 days after creation for all content types (posts, comments, circle names and descriptions, profile edits, story overlays, highlight titles, and report details). For posts specifically, purging waits until the post reaches a terminal verification verdict. Aggregate typing metrics (speed, pause count, paste attempts) are retained for ongoing verification analysis.
• Verification scores and sensor fingerprints. Per-post analyzer scores, verdicts, Trust Score inputs, and sensor fingerprints (one-way hashes of sensor characteristics) are retained for the life of the account to detect replays and support ongoing fraud prevention.
• Posts, stories, comments, messages. Life of the account or until you delete the item.
• Sentry events. ~90 days.
• Waitlist email. Until you unsubscribe.
• Support correspondence. 24 months, or longer if required by a legal hold.
• Security/abuse logs. 90 days, longer if tied to an investigation.

7. Your rights (Arts. 15-22, 77)

Exercise any right from Settings > Data & Account or by emailing olli@socialhuman.dev. We respond within 30 days (extendable by two months for complex requests).

• Access (Art. 15) - export your data as JSON with media download links.
• Rectification (Art. 16) - edit your profile in-app, or email us for fields not in the UI.
• Erasure (Art. 17) - delete your account (14-day grace period, then permanent removal).
• Restriction (Art. 18) - email us to pause processing during a dispute.
• Portability (Art. 20) - same JSON export as access.
• Object (Art. 21) - object to legitimate-interest processing. For verification, this may mean we can no longer offer the service.
• Automated decisions (Art. 22) - request human review of any verdict or Trust Score. See Section 8.
• Withdraw consent (Art. 7(3)) - at any time; does not affect prior processing.
• Complain (Art. 77) - contact your local DPA. In Finland: Tietosuojavaltuutetun toimisto.

8. Automated decisions and Trust Score (Art. 22)

Each post is scored by forensic analyzers (moire, EXIF, sensor, keystroke, video, audio, JPEG forensics) producing a verdict of verified, rejected, or flagged. Your account-level Trust Score summarises your verification history and affects discovery ranking. Neither produces a legal or similarly significant effect under Art. 22(1), but you can request human review of any verdict or score adjustment by emailing olli@socialhuman.dev.

9. Minors

SocialHuman is for users aged 18+, enforced by a birth-year check at signup. Accounts found to belong to a minor are removed. Child sexual abuse material (CSAM) and all forms of child exploitation are prohibited; violating accounts are terminated and reported to authorities where required by law.

10. Cookies

The website sets no tracking, analytics, or advertising cookies. The mobile app stores an auth session on your device via the Supabase client library; this is not shared with third parties.

11. Changes

Material changes are announced at least 14 days before they take effect via an in-app banner and a note on socialhuman.dev. Minor clarifications may be made without notice.

12. Changelog

• v2.3-2026-05-13. Direct messages no longer collect composition data (keystroke timing). Extended 30-day retention to comments, circle name/description, report detail, and highlight title proofs. Disclosed permanent retention of verification scores and sensor fingerprints. Clarified composition proof collection scope across all content types.
• v2.2-2026-05-12. Disclosed text composition replays in Section 2. Added 30-day retention period for raw keystroke events and composition replay frames in Section 6.
• v2.1-2026-04-13. Tightened and reorganised for clarity. No changes to data processing, rights, or retention. Merged sensor-data and marketing sections into their parent topics. Removed standalone security and breach sections (not required by Art. 13).
• v2.0-2026-04-13. Comprehensive GDPR overhaul: lawful-basis table, processor disclosures (including Sentry), retention periods, Art. 22 transparency, consent audit trail, 18+ gate, deletion grace period, in-app data-rights flows. Corrected sensor-data retention description. Self-hosted Inter font.
• v1.0-2026-04-11. First published.

13. Contact

Olli Airola, Helsinki, Finland. olli@socialhuman.dev