Privacy Policy

1. Introduction

TidyFeed ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our browser extensions (Chrome, Firefox), web dashboard, and related services.

Our Privacy Principles:

• Data Minimization: We only collect data that is necessary for the Service to function
• User Control: You have full control over your data and can delete it at any time
• Transparency: We clearly explain what data we collect and why
• Security: We use industry-standard security measures to protect your data

2. Information We Collect

2.1 Account Information (Required for Service)

When you create an account using Google Sign-In, we collect only what is necessary:

• Email address (for account identification and communication)
• Display name (for personalization)
• Profile picture URL (for display in the interface)
• Unique Google identifier (for account authentication)

This information is required to create your account and provide the Service. Without it, core features will not function.

2.2 Social Media Account Information (Optional)

If you choose to link your X/Twitter account (optional feature), we collect:

• Twitter username, display name, and user ID
• Profile picture URL

This is optional. You can use the Service without linking social media accounts, though some features (like bot interactions) will not be available.

2.3 Content You Save (Required for Core Features)

When you save social media content, we store only what you choose to save:

• Tweet text and metadata (author, timestamp, etc.)
• Author information (publicly available data)
• Media URLs (images, videos) you choose to download
• HTML snapshots (for offline viewing)
• Your personal notes and tags (created by you)

We only save content when you explicitly choose to save it. We do not automatically collect or scan your social media activity.

2.4 Local Storage Data (Stored on Your Device)

The extension stores data locally on your device using browser storage APIs:

• Your filter settings and blocked keywords
• Usage statistics (count of filtered items, stored locally)
• Extension preferences (your configuration choices)
• Authentication tokens (using chrome.cookies API for secure access)

Local data never leaves your device except for authentication tokens needed to access our cloud services.

2.5 AI Features Data (Opt-In Only)

AI features (like tweet summarization) are disabled by default. If you choose to enable them:

• Tweet content is sent to our AI service provider only when you explicitly request a summary
• Generated summaries are stored and associated with the tweet
• Custom AI prompts you configure are saved in your account settings

You must explicitly enable AI features in settings. You can disable them at any time, which stops all data transmission to AI services.

3. How We Use Your Information

We use your information only for the following purposes:

• Authentication: To verify your identity and provide access to your account
• Core Features: To save, organize, and sync your content across your devices
• Optional Features: To provide AI features (only if enabled by you)
• Media Download: To download and store media files you explicitly request
• Bot Interactions: To process bot commands (only if you link your social account)
• Service Improvement: To fix bugs, improve performance, and develop new features
• Support: To respond to your questions and support requests
• Storage Management: To enforce storage quotas (500MB for free accounts)

We do not use your data for advertising, marketing, or selling to third parties.

4. Data Storage and Security

4.1 Storage Infrastructure

Your data is stored securely using Cloudflare infrastructure:

• Database: Cloudflare D1 (SQLite) for structured data (encrypted at rest)
• Media Storage: Cloudflare R2 (S3-compatible) for images, videos, and snapshots
• CDN: Cloudflare CDN with HTTPS for all data transfers
• Data Centers: Located in the United States and European Union

4.2 Security Measures

We implement multiple layers of security:

• Encryption: All data is transmitted over HTTPS/TLS 1.3
• Authentication: JWT tokens with HttpOnly, Secure, SameSite cookies
• Service Authentication: Internal service-to-service communication using encrypted keys
• Access Controls: Least-privilege access to production systems
• Regular Updates: Security patches and dependency updates
• Monitoring: 24/7 security monitoring and intrusion detection

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information.

5.1 When We Share Data

We only share data in limited circumstances:

• Service Providers: With companies that power our infrastructure (see Section 6)
• Legal Requirements: When required by law, court order, or to protect our rights
• Business Transfer: In connection with a merger or acquisition (with notice)
• With Your Consent: When you explicitly give us permission

5.2 Aggregated Data

We may share anonymized, aggregated statistics (e.g., "50% of users filtered 100+ tweets") that cannot reasonably be used to identify you.

6. Third-Party Services

Our Service integrates with third-party services. Each integration is necessary for the Service to function:

• Google OAuth: Required for user authentication. Google's privacy policy applies.
• Cloudflare (Workers, D1, R2, CDN): Required for hosting and data storage. Cloudflare's privacy policy applies.
• TikHub API: Required to fetch public Twitter data. TikHub's privacy policy applies.
• BigModel AI: Optional - only used if you enable AI features. Privacy policy applies.
• Fly.io: Required for hosting background workers (bot, video downloader). Fly.io's privacy policy applies.

We carefully vet all third-party providers to ensure they meet our security standards.

7. Your Rights and Control

You have complete control over your data:

7.1 Access and Portability

• View: Access all your saved content through the dashboard
• Export: Export your saved posts, tags, and notes at any time
• Download: Download all your data in a machine-readable format

7.2 Deletion

• Delete Individual Items: Remove any saved post, tag, or note
• Delete Account: Permanently delete your account and all associated data
• Unlink Accounts: Disconnect linked social media accounts
• Disable Features: Turn off AI features, bot interactions, etc.

Account deletion removes all data from our production servers within 30 days. Backups may persist for up to 90 days before being permanently destroyed.

7.3 Opt-Out Choices

• AI Features: Disabled by default. Enable only if you choose to.
• Bot Interactions: Optional. Link your account only if you want to use this feature.
• Local Storage: Clear extension data anytime through browser settings.

8. Data Retention

Retention Period: We retain your data for as long as your account is active. If you delete your account or specific items, they are removed according to our deletion policy.

Storage Quotas: Free accounts are limited to 500MB. When you reach this limit, you must delete existing content to save new items. We will notify you when you approach your limit.

9. Cookies, Storage, and Browser Permissions

9.1 Cookies

We use essential cookies required for the Service to function:

• auth_token: HttpOnly session cookie for authentication (required)

These cookies cannot be disabled as they are necessary for the Service to function.

9.2 Browser Storage

The extension uses:

• localStorage/chrome.storage: For your preferences and settings
• chrome.cookies API: To securely access authentication tokens

9.3 Browser Permissions

The extension requests only necessary permissions:

• storage: Required to save your settings locally
• cookies: Required to read authentication cookies for API requests
• activeTab: Required to inject features into social media sites you visit
• scripting: Required to add UI elements and functionality
• alarms: Required for periodic background sync tasks
• Host permissions: Required for x.com and twitter.com (only interacts with these domains)

Each permission is used solely for the stated purpose and nothing more. We do not collect data from other websites or use permissions for undisclosed purposes.

10. Bot Interactions (Optional Feature)

Our Twitter bot (@TidyFeedBot) is an optional feature. If you choose to use it:

• Your public tweets mentioning the bot are processed
• Tweet IDs are extracted for saving (no private DMs are accessed)
• Bot verifies your linked Twitter account before processing

This feature is opt-in. You can use the full functionality of the Service without ever using the bot.

11. International Data Transfers

Your information may be stored and processed on servers located in the United States and European Union. We ensure appropriate safeguards are in place to protect your data, including:

• EU-US Data Privacy Framework compliance
• Standard Contractual Clauses with third-party providers
• Adequacy decisions for countries recognized by the EU

By using our Service, you consent to this international data transfer.

12. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or for legal and operational reasons. We will notify you of material changes by:

• Updating the "Last updated" date at the top
• Displaying a prominent notice in the dashboard for 30 days
• Sending an email notification for significant changes

Your continued use after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, our data practices, or to exercise your rights, please contact us:

Email: [email protected]

Website: https://tidyfeed.app

Data Protection Officer (EU): [email protected]

We will respond to your inquiry within 30 days.