Legal

Privacy Policy

Last updated 13 May 2026

Froodl exists so people can read and write. We collect the minimum data needed to make that work, keep it as long as we need it, and never sell it.

1. The short version

  • We collect what you give us at sign-up (email, handle, name) and what you create on Froodl (stories, comments, follows, reactions).
  • We log basic technical metadata (IP, user-agent, pages visited) to keep the service safe and fast.
  • We use PayPal for payments and Brevo for transactional email. We never store your card on Froodl.
  • We don't sell your data. We don't run third-party ad networks on Froodl.
  • You can delete your account from Settings → Account at any time.

2. What we collect

You give us:

  • Account data — email, handle, display name, password (stored hashed; never recoverable in plain text).
  • Profile data — avatar, banner, bio, pronouns, profession, birthday, social handles, timezone, language. These are all optional except a profile photo, which is required before you can post or engage.
  • Content — stories, drafts, cover images, comments, follows, bookmarks, likes, reports.
  • Billing data — billing country and address you enter for tax/PayPal compliance. Card data goes to PayPal, not to us.
  • Messages you send us — emails to [email protected] and contact-form submissions.

We collect automatically:

  • Technical logs — IP address, user-agent, referrer, the path you visited, the time. Used for security and analytics.
  • Visitor identifier — for logged-out visitors, we set an anonymous cookie (fvid) so we can count distinct visitors without identifying you.
  • Session cookies — used to keep you logged in. See Cookie Policy.

3. How we use it

  • To operate the service — sign-in, publish, comment, follow, search, payments, notifications.
  • To moderate content — detect spam, abuse, and policy violations using banned-word filters and an AI quality classifier.
  • To improve Froodl — understand which features people use and where things break.
  • To send transactional email (welcome, password reset, receipts, "someone liked your story", admin notices). You can mute non-essential notification emails from Settings → Notifications.
  • To comply with law — respond to lawful requests, prevent fraud, protect our users.

4. Cookies and tracking

We use a small number of first-party cookies to keep you logged in, remember your theme preference, and count distinct visitors. We don't run third-party advertising trackers. Full breakdown on the Cookie Policy page.

5. Who we share data with

Froodl only shares data with vendors we need to run the service. Today that's:

  • Cloudflare — CDN and DDoS protection. Sees request metadata (IP, headers, path).
  • PayPal — payment processing. You hand them your billing details directly during checkout.
  • Brevo — transactional email (welcome, receipts, notifications). Receives your email address and the message content.
  • OpenAI — only the visible text of stories you publish, in order to score quality and detect policy violations. We don't send personal identifiers like your email or password.
  • Our hosting provider — for infrastructure.

We may disclose data when required by law (court order, subpoena), or when we believe in good faith that disclosure is necessary to prevent harm. We'll push back on overbroad requests and tell you unless gagged.

We do not sell your personal data. Full stop.

6. How long we keep it

  • Account + content: as long as your account exists.
  • After you delete your account: profile and personal data are removed within 30 days; published stories are anonymised (author detached); comments may be soft-deleted depending on context.
  • Technical logs: up to 90 days unless needed longer for an active security investigation.
  • Email log: append-only audit of mails we sent you, kept for 12 months.
  • Payments: kept as long as we're legally required to (typically 7 years for invoicing/tax).

7. Your rights and choices

Depending on where you live, you have rights to access, correct, delete, or export your personal data, and to object to certain processing. On Froodl you can:

For anything you can't do from your account, write to [email protected]. We respond within 30 days.

8. Children

Froodl isn't for children under 13. If you believe a child has created an account, please tell us and we'll delete it.

9. International transfers

Froodl is hosted on servers in the United States and our vendors operate globally. By using Froodl, you understand that your data may be processed in countries other than where you live. Where required, we rely on standard contractual clauses or equivalent mechanisms with our vendors.

10. Security

We protect your data with TLS in transit, hashed passwords (bcrypt with legacy MD5 lazy-rehash on next login), access controls, web-application firewalling, rate limits, and CSRF protection on every state-changing endpoint. No system is perfectly secure, but we treat security as a feature.

Found a vulnerability? Please email [email protected] with the subject line "Security".

11. Changes

If we change anything material in this policy, we'll update the "Last updated" date at the top and, for substantive changes, notify registered users by email and post a notice on the homepage at least 14 days before the change takes effect.

12. Contact

Privacy questions: [email protected] or use the contact form.