Privacy Policy

When you create an account, we collect:

• Your name and email address — provided by your OAuth sign-in provider (Google or Apple), or entered by you directly if you sign up with an email sign-in link.
• A display name and handle you choose during onboarding.
• An optional bio (up to 320 characters) and profile picture.
• Your OAuth provider ID, used to link your account to your sign-in method.
• If you use Apple's private relay email, we note that your email is a relay address.
• An invite code used during registration, including which existing user referred you.

You may optionally add the following to your profile:

• Work (job title or occupation).
• Website (a personal URL).
• Birthday, with a visibility setting you control (full date, month and day only, or hidden).
• Schools (up to 5 institutions with graduation years), selected from a public US colleges dataset (IPEDS).
• Location / hometown, selected from a public US cities dataset (GeoNames).

The Human Network lets you register a WebAuthn passkey (FaceID, TouchID, or device PIN) as a sign-in credential. The data used to unlock your passkey (fingerprint, face scan, PIN) never leaves your device and is never transmitted to our servers. We store only:

• A credential ID (a public identifier for your passkey).
• A public key (used to verify signatures — not your private key).
• A counter (to prevent replay attacks).
• A transport type (e.g., "internal" for on-device biometrics).

We store the content you create on the platform, including:

• Posts, replies, and reposts (text content up to 2,000 characters).
• Images you upload (stored in AWS S3, max 5 MB, formats: JPG, PNG, WebP, GIF, HEIC).
• Videos you upload (processed by Mux, max 50 MB, 1 upload per 24 hours). Video assets are automatically deleted after 7 days.
• Likes, reposts, and other interactions with posts.
• AI-content flags (when you flag a post as potentially AI-generated, along with your stated reason).
• Reports you file against content (your report reason and timestamp).

• Who you follow and block.
• Which topics you subscribe to.
• Your reply policy (who can reply to your posts).
• Your DM policy (who can send you direct messages: everyone, followers, mutuals, or nobody).
• Your visibility preference for AI-flagged content (show all, show less, or hide).

Direct messages are stored for 30 days in our database, after which they are automatically deleted. Before deletion, messages are archived to cold storage (AWS S3) where they are retained for up to 1 year, then permanently purged. Message metadata includes: sender, recipient, timestamp, and conversation ID.

Notifications (e.g., "someone liked your post") are stored for 30 days, then automatically deleted. We track the last time you viewed your notifications to calculate your unread count.

We collect limited analytics to improve the platform:

• Custom usage events (e.g., feature interactions, share events via native share or clipboard).
• Your IP address, recorded with analytics events and used transiently for rate limiting and abuse prevention.
• A server-side timestamp for each event.

Analytics events are batched and stored in AWS S3. Analytics data is retained for up to 1 year, then permanently purged.

We also collect anonymous, aggregated analytics — such as page views, feature usage counts, and general traffic patterns — that cannot be linked back to any individual user. This data contains no user IDs, IP addresses, or other personal identifiers.

For analytics, we do not collect advertising device identifiers (AAID, IDFA, etc.), and we do not use analytics data to build advertising or marketing profiles. Separately, our integrity and anti-abuse system (Section 2.11) reads certain browser-environment characteristics solely to detect automated abuse — see that section for exactly what it collects and why.

We record a last active timestamp for your account (updated periodically, not on every action) to support features like online presence indicators. We do not track which specific pages you visit, which posts you read, or how long you spend on any content.

• Reports filed against content (reporter ID, reason, timestamp). Posts receiving 5 or more reports are flagged for review.
• Ban records: if your account or email is banned, we store the ban expiration date and reason.
• Admin review of public actions: platform administrators may review your publicly visible activity — including posts you have written, likes you have given, accounts you follow, and reposts you have made — for the purpose of enforcing our Terms of Service and community guidelines. Administrators cannot access your private messages, search history, or browsing behaviour. All administrative actions (bans, content removal) are permanently logged in an audit trail for accountability.

To keep the network free of bots, spam, and coordinated automated abuse, we maintain a server-side integrity assessment for each account. This is used only for safety and abuse prevention — never for advertising, never for feed personalisation, never sold or shared, and never shown to you or any other user. The signals we use are:

• Automation characteristics of your browser. When you load the site, a one-time check reads environment characteristics (such as whether automation / webdriver mode is active, plugin and language availability, media-codec support, and window dimensions) and computes a single automation-likelihood score. We retain only that derived score — not the underlying readings.
• Network type. We derive the kind of network your IP belongs to (e.g. residential ISP vs. commercial datacenter or VPN) using a locally-stored reference database. The lookup happens on our servers and sends nothing to any third party. We do not retain your IP address in these integrity records.
• Behavioural patterns of your account. We look at patterns in your own activity — such as the regularity of posting intervals and follow/post volume relative to account age — that distinguish humans from scripts. These are computed from activity you already perform on the platform.
• Sign-up velocity. We count registrations per network and per inviter over short time windows to detect coordinated bulk sign-ups.
• Interaction integrity checks. Occasionally and at random, the platform performs subtle, low-impact checks (for example, briefly delaying a response, or including a hidden element that only automated tools would interact with) to distinguish human use from automation. These are imperceptible in normal use and never cause you to lose content or actions.

From these signals we compute an internal suspicion score and tier plus a per-signal record. Accounts assessed as automated may have the reach of their public posts quietly limited — their content remains fully visible to themselves and their existing followers. A human reviewer can confirm or reverse any assessment, and all such reviews are logged in the audit trail. These records are server-only and are never disclosed to you or to other users.

On our mobile app (not yet launched), with your operating-system permission, we may additionally use approximate device location (GPS), device-motion (accelerometer) summaries, and hardware attestation tokens (Apple App Attest / Google Play Integrity) for this same integrity purpose. We will update this policy before activating any of these.

You can delete your account yourself at any time from Settings → Delete account. Deletion requires a typed confirmation, and is immediate and irreversible: we erase your personal data — profile, posts, messages, interactions, social graph, media, and credentials — across all of our systems, and email you a signed deletion certificate confirming what was removed. Anonymised, aggregated analytics that cannot be linked to you may persist until their 1-year retention period expires. If you are unable to use the in-app flow, you can still request deletion by emailing legal@thehumannetwork.social.

You may request a copy of your data by emailing legal@thehumannetwork.social. We will provide your data in a machine-readable format within 30 days of your request.

You can delete your own posts and media at any time through the platform. Deleted posts are replaced with a tombstone record and are no longer visible to other users.