← Back to feed

Privacy Policy

Last updated: February 2025

1. Introduction

Tchoff (“we,” “our,” or “the Service”) respects your privacy. This policy describes what data we collect, how we use it, and your rights. By using the Service, you agree to this policy and our Terms of Use.

2. Data We Collect

Account data: When you sign up, we collect email, a hashed password (we never store plaintext passwords), and username. We use this to create and secure your account.

Content: Images, audio, captions, and metadata you upload. We store and serve this to operate the Service.

Reports: When you report content, we store the report details, your user ID, and content identifiers for review.

Usage: We may log IP addresses, request metadata, and error logs for security, abuse prevention, and debugging. Data is retained only as necessary.

3. How We Use Data

We use your data to: provide and improve the Service; authenticate you; store and display your content; process reports; enforce our Terms; comply with legal obligations; and protect security. We do not sell your personal data.

4. Security

Passwords are hashed using PBKDF2-HMAC-SHA256 with industry-standard iterations. Authentication uses JWTs. We use HTTPS and secure hosting (Cloudflare). We implement access controls and follow security best practices appropriate to the Service.

5. Data Retention

We retain account and content data for as long as your account exists. Reports are retained for compliance and review. Logs are retained for a limited period. You may request deletion of your account and associated data.

Disabled accounts: When you disable your account, it becomes inactive 30 days after your request. Your content is hidden from all users, but we retain your data (account info, images, sounds) and do not delete it, consistent with our backup and compliance practices.

6. Your Rights

You may: access your account data; update your username; disable your account (takes effect after 30 days; data retained but content hidden); and request information about the data we hold. Residents of the EU/EEA and California may have additional rights under GDPR and CCPA. Contact us to exercise these rights.

7. Cookies and Storage

We use localStorage to store your session token for signed-in users. We do not use third-party advertising or tracking cookies.

8. Third Parties

We use Cloudflare for hosting and D1 for database storage. They process data on our behalf. We do not share your data with advertisers or other third parties for marketing.

9. Children

The Service is not intended for users under 13. We do not knowingly collect data from children under 13.

10. Changes

We may update this policy. Continued use after changes constitutes acceptance. Check the “Last updated” date for the current version.

11. Contact

For privacy questions or to exercise your rights, contact us via the contact information on the Service.