bretton.dev / coves
A community based topic aggregation platform built on atproto
fork atom
coves / internal / web / templates / privacy.html
at main 290 lines 12 kB view raw
1<!DOCTYPE html> 2<html lang="en"> 3<head> 4 <meta charset="UTF-8"> 5 <meta name="viewport" content="width=device-width, initial-scale=1.0"> 6 <title>Privacy Policy - Coves</title> 7 <link rel="icon" type="image/png" href="/static/images/lil_dude.png"> 8 <style> 9 * { box-sizing: border-box; margin: 0; padding: 0; } 10 body { 11 font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; 12 background: #0B0F14; 13 color: #e4e6e7; 14 line-height: 1.7; 15 padding: 24px; 16 } 17 .container { 18 max-width: 800px; 19 margin: 0 auto; 20 } 21 h1 { 22 font-size: 2rem; 23 margin-bottom: 0.5rem; 24 color: #e4e6e7; 25 } 26 h2 { 27 font-size: 1.4rem; 28 margin-top: 2rem; 29 margin-bottom: 1rem; 30 color: #e4e6e7; 31 border-bottom: 1px solid #2A2F36; 32 padding-bottom: 0.5rem; 33 } 34 h3 { 35 font-size: 1.1rem; 36 margin-top: 1.5rem; 37 margin-bottom: 0.5rem; 38 color: #e4e6e7; 39 } 40 p { 41 margin-bottom: 1rem; 42 color: #B6C2D2; 43 } 44 ul { 45 margin-bottom: 1rem; 46 padding-left: 1.5rem; 47 } 48 li { 49 margin-bottom: 0.5rem; 50 color: #B6C2D2; 51 } 52 a { 53 color: #7CB9E8; 54 text-decoration: none; 55 } 56 a:hover { 57 text-decoration: underline; 58 } 59 .effective-date { 60 color: #5A6B7F; 61 font-size: 0.9rem; 62 margin-bottom: 2rem; 63 } 64 .highlight { 65 background: rgba(124, 185, 232, 0.1); 66 border-left: 3px solid #7CB9E8; 67 padding: 1rem; 68 margin: 1rem 0; 69 border-radius: 0 8px 8px 0; 70 } 71 .highlight p { 72 margin-bottom: 0; 73 } 74 table { 75 width: 100%; 76 border-collapse: collapse; 77 margin: 1rem 0; 78 } 79 th, td { 80 text-align: left; 81 padding: 0.75rem; 82 border-bottom: 1px solid #2A2F36; 83 } 84 th { 85 color: #e4e6e7; 86 font-weight: 600; 87 } 88 td { 89 color: #B6C2D2; 90 } 91 .back-link { 92 display: inline-block; 93 margin-bottom: 1.5rem; 94 color: #5A6B7F; 95 font-size: 0.9rem; 96 } 97 .back-link:hover { 98 color: #7CB9E8; 99 } 100 @media (max-width: 600px) { 101 body { 102 padding: 1rem; 103 } 104 h1 { 105 font-size: 1.5rem; 106 } 107 } 108 </style> 109</head> 110<body> 111 <div class="container"> 112 <a href="/" class="back-link">&larr; Back to Coves</a> 113 114 <h1>Privacy Policy</h1> 115 <p class="effective-date">Effective Date: January 16, 2026</p> 116 117 <p>Coves Team ("we," "our," or "us") operates the Coves mobile application and website. This Privacy Policy explains how we collect, use, and protect your information when you use our service.</p> 118 119 <div class="highlight"> 120 <p><strong>Summary:</strong> Coves is built on the atProto protocol. Your data is stored on your Personal Data Server (PDS), which you control. We only index and cache publicly available data from the network to provide our service.</p> 121 </div> 122 123 <h2>1. Information We Collect</h2> 124 125 <h3>1.1 Account Information</h3> 126 <p>When you sign in to Coves, we receive the following from your atProto identity:</p> 127 <ul> 128 <li><strong>Decentralized Identifier (DID):</strong> Your unique identifier on the atProto network</li> 129 <li><strong>Handle:</strong> Your username (e.g., yourname.bsky.social)</li> 130 <li><strong>Profile Information:</strong> Display name, bio, and avatar that you've set on your PDS</li> 131 </ul> 132 133 <h3>1.2 Content You Create</h3> 134 <p>When you use Coves, the content you create is written to your PDS:</p> 135 <ul> 136 <li>Posts and comments</li> 137 <li>Votes (likes and downvotes)</li> 138 <li>Community memberships</li> 139 </ul> 140 141 <h3>1.3 Information We Do NOT Collect</h3> 142 <table> 143 <tr> 144 <th>Data Type</th> 145 <th>Collected?</th> 146 </tr> 147 <tr> 148 <td>Passwords</td> 149 <td>No - OAuth only</td> 150 </tr> 151 <tr> 152 <td>Device identifiers (IMEI, serial numbers)</td> 153 <td>No</td> 154 </tr> 155 <tr> 156 <td>Location data</td> 157 <td>No</td> 158 </tr> 159 <tr> 160 <td>Contacts</td> 161 <td>No</td> 162 </tr> 163 <tr> 164 <td>Photos/media from your device</td> 165 <td>No</td> 166 </tr> 167 <tr> 168 <td>Analytics or telemetry</td> 169 <td>No</td> 170 </tr> 171 <tr> 172 <td>Advertising identifiers</td> 173 <td>No</td> 174 </tr> 175 <tr> 176 <td>Crash reports</td> 177 <td>No</td> 178 </tr> 179 </table> 180 181 <h2>2. How We Use Your Information</h2> 182 <p>We use the information we collect to:</p> 183 <ul> 184 <li>Authenticate you and maintain your session</li> 185 <li>Display your profile and content within the app</li> 186 <li>Show you posts, comments, and communities</li> 187 <li>Process your votes and interactions</li> 188 </ul> 189 <p>We do not use your information for advertising, profiling, or selling to third parties.</p> 190 191 <h2>3. The atProto Protocol and Federation</h2> 192 193 <div class="highlight"> 194 <p><strong>Important:</strong> Coves is built on the atProto (AT Protocol), a federated social networking protocol. This affects how your data works.</p> 195 </div> 196 197 <h3>3.1 Your Personal Data Server (PDS)</h3> 198 <p>Your content (posts, comments, votes) is stored on your PDS, not on Coves servers. You may host your own PDS or use a hosted provider. You maintain control over your data at the PDS level.</p> 199 200 <h3>3.2 What Coves Stores</h3> 201 <p>Coves operates an AppView that indexes publicly available data from the atProto network firehose. This means:</p> 202 <ul> 203 <li>We cache and index your public content to provide fast access</li> 204 <li>Your authentication tokens are stored encrypted on your device</li> 205 <li>We do not store copies of your private data</li> 206 </ul> 207 208 <h3>3.3 Federation</h3> 209 <p>Because atProto is federated, your public content may be visible on other applications and services that use the protocol. This is a feature of the protocol, not something Coves controls. When you post content, consider that it may be indexed and displayed by other atProto services.</p> 210 211 <h2>4. Data Storage and Security</h2> 212 213 <h3>4.1 Where Data is Stored</h3> 214 <ul> 215 <li><strong>Your device:</strong> Authentication tokens are stored in encrypted storage (iOS Keychain / Android EncryptedSharedPreferences)</li> 216 <li><strong>Your PDS:</strong> Your content is stored on your Personal Data Server</li> 217 <li><strong>Our servers:</strong> Located in Canada, used for indexing public atProto data</li> 218 </ul> 219 220 <h3>4.2 Security Measures</h3> 221 <ul> 222 <li>OAuth 2.0 with DPoP for authentication</li> 223 <li>Encrypted token storage on device</li> 224 <li>HTTPS for all network communications</li> 225 <li>No plaintext storage of sensitive data</li> 226 </ul> 227 228 <h2>5. Third-Party Services</h2> 229 <p>We use the following third-party services:</p> 230 <ul> 231 <li><strong>Cloudflare:</strong> For content delivery, DDoS protection, and DNS. Cloudflare may process your IP address and request metadata. See <a href="https://www.cloudflare.com/privacy/" target="_blank" rel="noopener">Cloudflare's Privacy Policy</a>.</li> 232 </ul> 233 <p>We do not use third-party analytics, advertising networks, or tracking services.</p> 234 235 <h2>6. Data Retention and Deletion</h2> 236 237 <h3>6.1 On Coves Servers</h3> 238 <p>When you delete content or your account:</p> 239 <ul> 240 <li>Your data is removed from our index immediately</li> 241 <li>We do not retain backups of deleted content</li> 242 <li>Cached data is purged from our systems</li> 243 </ul> 244 245 <h3>6.2 On Your PDS</h3> 246 <p>Content stored on your PDS is managed by you or your PDS provider. Deleting content from Coves removes it from our index, but the original data on your PDS must be managed separately according to your PDS provider's policies.</p> 247 248 <h3>6.3 Federation Caveat</h3> 249 <p>Due to the federated nature of atProto, content that was public may have been indexed or cached by other services before deletion. We cannot control data held by other parties on the network.</p> 250 251 <h2>7. Your Rights</h2> 252 <p>You have the right to:</p> 253 <ul> 254 <li><strong>Access:</strong> View all data associated with your account</li> 255 <li><strong>Delete:</strong> Remove your content from our index by deleting it in the app or signing out</li> 256 <li><strong>Control:</strong> Manage your data directly on your PDS</li> 257 <li><strong>Portability:</strong> Your data lives on your PDS and can be moved to another atProto service</li> 258 </ul> 259 <p>To exercise these rights, contact us at <a href="mailto:support@coves.social">support@coves.social</a>.</p> 260 261 <h2>8. Age Requirement</h2> 262 <p>Coves is intended for users who are <strong>18 years of age or older</strong>. We do not knowingly collect information from anyone under 18. If you are under 18, please do not use this service.</p> 263 <p>If we learn that we have collected personal information from a user under 18, we will take steps to delete that information promptly.</p> 264 265 <h2>9. Changes to This Policy</h2> 266 <p>We may update this Privacy Policy from time to time. We will notify you of significant changes by:</p> 267 <ul> 268 <li>Posting the new policy on this page</li> 269 <li>Updating the "Effective Date" at the top</li> 270 <li>Notifying you through the app when appropriate</li> 271 </ul> 272 <p>We encourage you to review this policy periodically.</p> 273 274 <h2>10. Future Features</h2> 275 <p>We may introduce analytics, crash reporting, or other features in the future to improve the service. If we do, we will:</p> 276 <ul> 277 <li>Update this Privacy Policy before implementing such features</li> 278 <li>Use privacy-respecting options where possible</li> 279 <li>Be transparent about what data is collected and why</li> 280 </ul> 281 282 <h2>11. Contact Us</h2> 283 <p>If you have questions about this Privacy Policy or our practices, contact us at:</p> 284 <p> 285 <strong>Coves Team</strong><br> 286 Email: <a href="mailto:support@coves.social">support@coves.social</a> 287 </p> 288 </div> 289</body> 290</html>