🏠 Home

🌈 Pryde Social — Privacy Policy

Last Updated: March 27, 2026

1. Overview

Your privacy matters to us. Pryde Social does not sell user data and keeps your information confidential unless required by law.

Pryde Social is a hobby-run platform operated in Australia.

2. Information We Collect

A. Information You Provide

  • Email address
  • Password (hashed with bcrypt — never stored in plain text)
  • Full name (required for account creation)
  • Username and optional display name or nickname
  • Bio (up to 500 characters)
  • Date of birth (used for 18+ verification; encrypted at rest)
  • Location (city/town and optional postcode — you choose what to share)
  • Website URL and social media links
  • Profile and cover photos
  • Interests and connection goals (e.g. friends, support, community, networking)
  • Communication style and safety preferences
  • Posts, comments, reactions, and replies
  • Private messages and Lounge (global chat) messages
  • Journals, longform posts, and photo essays
  • GIF selections (URLs from Tenor — search terms sent to Tenor/Google)
  • Bookmarks and saved content
  • Collections (saved content groups)
  • Circles (friend groups you create and manage)
  • Community tag and group memberships
  • Privacy settings, Quiet Mode, and Deep Quiet preferences
  • Two-factor authentication (TOTP) settings
  • Passkey/WebAuthn credentials (device-bound; key material stays on your device)
  • Anonymous posting preferences
  • Galaxy Mode and accessibility settings (text density, cursor style, high contrast)
  • Push notification preferences (Firebase device token, if enabled)

B. Automatically Collected Information

When you use Pryde, we automatically collect the following for security and platform operation:

  • IP address (used for login security, rate limiting, and fraud detection)
  • Approximate location derived from IP address (city, region, country — used for security monitoring and suspicious login detection)
  • Device type, operating system, and browser
  • User agent string
  • Login timestamps and security event logs
  • Session identifiers and risk scores (used to detect account compromise)
  • Content moderation scores (spam and toxicity analysis applied to posts and comments)

C. Anonymous Analytics (Public Pages Only)

For public-facing pages only (Home, About, Groups listing, Register, Login), we collect anonymous visit data to understand how people discover Pryde. This data contains:

  • Page path visited
  • Referring URL (where you came from)
  • An anonymous session ID generated in your browser (no link to any account; expires after 24 hours)

No IP address, no user ID, no cookies, and no cross-site tracking are used for analytics. Authenticated users are excluded entirely. Analytics data is automatically deleted after 30 days.

D. Sensitive Information (Optional)

You may choose to add to your profile:

  • Gender identity (encrypted at rest)
  • Sexual orientation (encrypted at rest)
  • Pronouns (encrypted at rest)

You control what is visible on your profile. Sensitive fields are encrypted using AES-256-GCM and can be removed at any time from your profile settings.

3. How We Use Your Information

To:

  • Operate the platform
  • Protect community safety
  • Display content
  • Moderate harmful behavior
  • Send necessary notifications
  • Respond to reports and legal inquiries

We do not use your data for advertising.

3A. Lawful Basis for Processing (GDPR / Australian Privacy Act)

Where applicable, we rely on the following lawful bases to process your personal data:

  • Contract performance: Processing your account data (email, password, profile) is necessary to provide the platform you signed up for.
  • Legitimate interests: Security logging, spam detection, rate limiting, and error monitoring are processed on the basis of our legitimate interest in maintaining a safe, stable platform. We balance these interests against your rights and limit data to what is necessary.
  • Legal obligation: We may process data to comply with applicable laws, court orders, or regulatory requirements.
  • Consent: Sensitive data you choose to add to your profile (gender identity, sexual orientation) is processed only because you have provided it. You can remove this data at any time from your profile settings.

If you are located in the UK or European Economic Area, you have the right to object to processing based on legitimate interests, and to request restriction of processing. See Section 7 (User Rights) for how to exercise these rights.

4. Data Sharing

We do not sell or rent your data.

We may share data only:

  • To comply with legal obligations
  • To respond to DMCA requests
  • To investigate severe platform abuse
  • With service providers (hosting/database)

5. Messages & Privacy

Private messages may be accessed only when reported for safety or legal reasons.

Messages are private between users but may be reviewed only:

  • When reported by a user
  • For safety investigations or legal compliance
  • During moderation of harmful behavior
  • In response to law enforcement requests

We do not proactively monitor or read private messages. Your conversations remain private unless a report or legal obligation requires review.

6. Data Storage & Retention

Data is stored securely using encryption in transit (TLS/HTTPS) and at rest (AES-256-GCM for sensitive fields). The following retention periods apply:

  • Account data: Retained for as long as your account is active. When you delete your account, your profile and content enter a 30-day grace period before permanent deletion.
  • Posts, comments, and reactions: Deleted permanently when you delete your account (after the 30-day grace period).
  • Private messages: Deleted when your account is permanently deleted. Messages may be retained for up to 30 additional days in encrypted backups before being purged.
  • Security and audit logs: Retained for up to 90 days to investigate security incidents and comply with legal obligations, then automatically deleted via a database TTL index.
  • Backup copies: Database backups are retained for a maximum of 30 days. Backups are automatically purged after this period and do not extend the retention of deleted account data beyond 60 days total.
  • Error reports (Sentry): Retained by Sentry for up to 90 days in accordance with their data retention policy.

You may request early deletion of your data by contacting us at support@prydeapp.com. Some data may be retained longer where required by law.

6A. Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
  • Password Security: Passwords are hashed using bcrypt and never stored in plain text
  • Account Protection: Automatic account lockout after 5 failed login attempts (15-minute lock)
  • Two-Factor Authentication: Optional 2FA available for enhanced account security
  • Session Management: Secure session tracking with device and IP monitoring
  • Attack Prevention: Protection against XSS, CSRF, SQL injection, and other common attacks
  • Security Monitoring: Automated detection of suspicious login attempts and security threats
  • Rate Limiting: Protection against brute-force attacks and spam

For detailed information about our security practices, see our Security page.

7. Your Rights

Depending on where you are located, you have the following rights over your personal data:

  • Access: Request a copy of the personal data we hold about you (use Settings → Privacy → Data Export, or email us)
  • Correction: Update inaccurate or incomplete data via your profile settings
  • Deletion: Delete your account and all associated data (Settings → Account → Delete Account). A 30-day grace period applies before permanent deletion.
  • Objection: Object to processing based on legitimate interests (e.g. security logging). We will assess and respond within 30 days.
  • Restriction: Request that we limit how we use your data while a dispute is being resolved
  • Portability: Receive your data in a machine-readable format (JSON) via the data export tool
  • Withdraw consent: Remove sensitive profile data (gender, orientation, pronouns) at any time from your profile settings

If you are in the EU or UK, you also have the right to lodge a complaint with your local data protection authority (e.g. the ICO in the UK, or your national DPA in the EU). If you are in Australia, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Contact: support@prydeapp.com

8. Cookies

Used only for:

  • Login sessions
  • Security
  • Basic site functionality

See Cookie Policy for details.

9. Third-Party Services & Data Sharing

A. hCaptcha (Bot Protection)

We use the hCaptcha security service (hereinafter "hCaptcha") on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation ("IMI"). hCaptcha is used to check whether user actions on our online service (such as submitting a registration form) meet our security requirements. To do this, hCaptcha analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters a part of the website with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to IMI.

Data processing is based on the necessity of protecting our service from abusive automated crawling, spam, and other forms of abuse. IMI acts as a "data processor" acting on behalf of its customers as defined under the GDPR, and a "service provider" for the purposes of the California Consumer Privacy Act (CCPA).

For more information about hCaptcha's privacy policy and terms of use, please visit: https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms

B. Tenor GIF API (Google)

When you search for or select GIFs, we use the Tenor API (owned by Google) to provide GIF search and display functionality. When you use this feature:

  • Your search queries are sent to Tenor/Google
  • GIF URLs are stored in our database
  • Your IP address and device information may be collected by Tenor

For more information, see Tenor's Privacy Policy: https://tenor.com/legal-privacy

C. Hosting & Infrastructure

We use third-party hosting providers (Render.com for the backend server, MongoDB Atlas for the database, and Vercel for the frontend) to store and process data. These providers have access to your data only to perform services on our behalf and are obligated to protect it. Your media files (photos, videos) are stored and served via Cloudflare R2, a cloud storage service operated by Cloudflare, Inc.

D. Sentry (Error Monitoring)

We use Sentry (provided by Functional Software, Inc.) to monitor and diagnose application errors and performance issues. When an error occurs in the app or on the server, Sentry may collect:

  • The URL of the page or API endpoint where the error occurred
  • Your user ID (not your email address or username)
  • Technical device and browser information
  • A stack trace of the error

Sentry does not receive your email address, username, message content, or any other personal profile data. Error reports are used solely for fixing bugs and improving platform stability. For more information, see Sentry's Privacy Policy: https://sentry.io/privacy/

E. Firebase Cloud Messaging (Google)

If you enable push notifications, we use Firebase Cloud Messaging (FCM), a service provided by Google LLC, to deliver notifications to your device. Google receives a device registration token to route push notifications to your device. For more information, see Google's Privacy Policy: https://policies.google.com/privacy

F. Resend (Transactional Email)

We use Resend (provided by Resend Inc.) to deliver transactional emails such as email verification, password reset, and security alerts. Resend processes your email address to route these messages. For more information, see Resend's Privacy Policy: https://resend.com/legal/privacy-policy

10. Automated Content Moderation

We use automated systems to protect the community:

  • Spam Detection: Automated analysis of content for spam patterns
  • Toxicity Scoring: Automated detection of harmful or abusive content
  • Rate Limiting: Automated tracking of user actions to prevent abuse

These systems analyze your content, behavior patterns, and metadata to generate safety scores. Content flagged by these systems may be automatically hidden, removed, or reviewed by moderators.

Data collected for moderation: Post content, comment text, message patterns, reaction frequency, posting frequency, IP addresses, device fingerprints.

11. International Data Transfers

Pryde is operated from Australia. Your data is processed and stored by the following third-party infrastructure providers, which may be located outside Australia or your home country:

  • Render.com — Backend server hosting (United States)
  • MongoDB Atlas — Database storage (region may vary; typically US or Asia-Pacific)
  • Vercel — Frontend hosting and CDN (global edge network)
  • Cloudflare R2 — Media file storage (global; served from Cloudflare's network)
  • Sentry — Error monitoring (United States)
  • Resend — Transactional email (United States)
  • Firebase (Google) — Push notifications (Google's global infrastructure)

Where your data is transferred outside Australia or the EEA, we rely on the standard contractual clauses or adequacy decisions applicable to each provider, as set out in their respective Data Processing Agreements. By using Pryde, you consent to these transfers as necessary to provide the service.

12. Cookies & Local Storage

We only use two essential cookies (login session + CSRF protection). We do not use tracking, analytics, or advertising cookies. No consent banner is required.

A. Cookies (2 total)

  • Authentication Token — Keeps you logged in. Stored as HttpOnly, Secure, SameSite to prevent theft.
  • XSRF-TOKEN — Protects against cross-site request forgery. Required for all form submissions.

B. localStorage (stored only in your browser — never sent to us)

  • Visual theme preference (dark mode / Galaxy mode)
  • UI dismissal states (e.g. onboarding prompts you have already seen)
  • Anonymous analytics session ID — a random ID with no link to your account, used only for counting unique public page visits. Expires after 24 hours.

See our Cookie Policy for full details and instructions on how to clear these.

13. Contact

📧 support@prydeapp.com

Last Updated: March 27, 2026

← Back to Home