Attach media
the device is too small!
cancel

privacy policy

privacy policy

last updated: 2026-04-26
effective date: 2026-04-26

1. who we are

udictio llc ("udictio", "we", "us", or "our") is a limited liability company organized under the laws of the state of nevada, united states. we operate the udictio social platform, including the website at udictio.com, our mobile applications, and any related apis, services, and features (collectively, the "services").

this privacy policy explains how we collect, use, disclose, and protect your personal information when you use the services. by accessing or using the services, you acknowledge that you have read and understood this policy. if you do not agree, please do not use the services.

if you are accessing the services from outside the united states, please be aware that your information will be transferred to, stored, and processed in the united states.

2. scope

this policy applies to all users of the services worldwide. it supplements, but does not replace, our terms of use. capitalized terms not defined here have the meaning given in the terms of use.

3. information we collect

3.1 information you provide to us

you provide information directly to us in a number of situations. when you create an account, you provide a username (nickname), email address, password (stored as a salted hash), and optionally your gender and birth date. when you set up your profile, you provide a profile picture, biography, and theme, language, and notification preferences. when you post content, you provide entries (posts), comments, replies, direct messages, votes, favorites, follows, blocks, and any other content you submit. when you communicate with us, you provide support requests, abuse reports, feedback, or correspondence sent to [email protected]. when you sign in with apple, google, or facebook, the provider sends us identifiers such as your name, email address, and a unique account id (see section 4). when you enable two-factor authentication, we generate and store a time-based one-time password (totp) secret and recovery codes for your account. when you submit a report, we collect information about the reported content or users, and a verification email if you are not signed in.

3.2 information we collect automatically

when you use the services we automatically collect device and connection information, including ip address, approximate geolocation derived from your ip (city, country, latitude, longitude; we do not collect gps location), browser type and version, operating system, device model, language settings, time zone, mobile network information, expo push notification token, and unique device identifiers. we also collect usage information, including pages and screens you view, features you interact with, search queries, time stamps, referring urls, click and scroll behavior, session duration, crash data, performance data, and the actions you take on the services. we also collect log data, including server logs of api requests, error logs, access timestamps, and last-seen indicators. we use cookies and similar technologies as described in section 7.

3.3 information from third parties

we may receive information about you from identity providers (apple, google, facebook) when you sign in via their platforms; from analytics and diagnostics providers (see section 8); from other users who interact with you, mention you, message you, or report content involving you; and from publicly available sources when used for safety, fraud prevention, or to comply with law.

3.4 information we do not collect

we do not knowingly collect precise gps location, microphone audio, contacts, calendar data, sms messages, financial account numbers, government identifiers, biometric identifiers, or health data. we do not request these permissions in our mobile applications.

4. social logins

if you register or sign in using a third-party identity provider, we receive certain profile information from that provider, which may include your name, email address, profile picture, and a unique account identifier. the data we receive depends on your privacy settings with that provider. we use this information solely as described in this policy. we are not responsible for the practices of third-party providers, and we encourage you to review their privacy policies.

5. how we use your information

we use your information for the purposes described below. for users in the european economic area, united kingdom, and switzerland, we identify the legal basis we rely on under the gdpr or uk gdpr for each purpose.

we use your information to create, operate, and secure your account. legal basis: performance of a contract with you.

we use your information to deliver and improve the services, including personalization of your feed, recommendations, and features. legal basis: our legitimate interests in operating and improving the services.

we use your information to send transactional communications such as security alerts, account notices, password resets, and important service updates. legal basis: performance of a contract with you and our legitimate interests in keeping the services secure and reliable.

we use your information to send optional notifications about activity on the services, such as mentions, follows, replies, direct messages, and topic updates. legal basis: your consent, which you may withdraw at any time through in-app or device settings.

we use your information to perform analytics, diagnostics, debugging, and aggregate reporting on usage and stability. legal basis: our legitimate interests in understanding how the services are used and in maintaining quality and reliability.

we use your information to prevent fraud, abuse, spam, harassment, and safety risks; to enforce our terms of use; and to protect users, third parties, the public, and udictio. legal basis: our legitimate interests, vital interests where life or safety are at stake, and compliance with legal obligations.

we use your information to comply with applicable law, court orders, governmental and regulatory requests, and legal process. legal basis: compliance with legal obligations.

we use your information to respond to your support inquiries and other communications. legal basis: performance of a contract with you and our legitimate interests in providing customer support.

we use your information to send communications about products, features, and announcements you have opted into. legal basis: your consent, which you may withdraw at any time.

we use your information to establish, exercise, or defend legal claims, and to protect our rights, property, and safety. legal basis: our legitimate interests and compliance with legal obligations.

we do not use your personal information for automated decision-making that produces legal or similarly significant effects on you. we do not sell your personal information for monetary consideration.

6. how we share your information

we share personal information only as described below.

other users. any content you post publicly, including entries, comments, votes, profile information, badges, follower counts, and online status if enabled, is visible to other users and may be indexed by search engines. direct messages are visible to the participants in the conversation.

service providers and sub-processors. we share personal information with vendors who process data on our behalf under written agreements that restrict their use of the data. our current sub-processors include digitalocean, inc. for application hosting (san francisco, california, usa); cloudflare, inc. for content delivery, ddos protection, dns, web application firewall, turnstile (anti-bot), and r2 object storage for over-the-air mobile updates; fly.io, inc. for hosting of the over-the-air update manifest service; 650 industries, inc. (expo) for push notification delivery and over-the-air update tooling; apple inc., google llc, and meta platforms, inc. (facebook) for authentication and, for apple and google, push notification delivery to devices via apns and fcm; smtp2go pty ltd for transactional email delivery; functional software, inc. (sentry) for crash reporting and error monitoring, configured to suppress sensitive data and personally identifiable information by default; google llc for google analytics aggregate usage analytics; and microsoft corporation for microsoft clarity session analytics, heatmaps, and usability diagnostics.

legal and safety disclosures. we may disclose information when we believe in good faith that disclosure is necessary to comply with law, regulation, legal process, court order, subpoena, or governmental request; to enforce our terms of use; to detect, prevent, or address fraud, security, or technical issues; to protect the rights, property, or safety of udictio, our users, or others; or to respond to an emergency involving danger of death or serious physical injury.

business transfers. if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or other change of control, your information may be transferred as part of that transaction. we will provide notice as required by law.

with your consent or at your direction. when you authorize a specific disclosure or integration.

aggregated or de-identified data. we may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you.

we do not rent, sell, or trade your personal information to third parties for their independent marketing purposes.

7. cookies and similar tracking technologies

we and our service providers use cookies, local storage, web beacons, sdks, mobile identifiers, and similar technologies to operate, secure, and analyze the services.

strictly necessary technologies are required for authentication, session management, csrf protection, load balancing, and security, and cannot be disabled. functional technologies remember preferences such as theme, language, and time zone. analytics and performance technologies, including google analytics and microsoft clarity, help us understand aggregate usage and improve performance and reliability; clarity may record session interactions such as mouse movements, clicks, and scrolls, and masks form input and sensitive content by default. diagnostics technologies, including sentry, collect crash and error data.

you can control cookies through your browser settings and, where required by law, through any consent mechanism we provide on the website. mobile devices allow you to limit ad tracking and reset advertising identifiers in system settings.

we do not currently respond to "do not track" browser signals because no industry standard for dnt has been finalized. we honor the global privacy control (gpc) signal where required by applicable law.

8. analytics and diagnostics providers

google analytics is provided by google llc. for opt-out, install the google analytics opt-out browser add-on at tools.google.com/dlpage/gaoptout.

microsoft clarity is provided by microsoft corporation. for details, see clarity.microsoft.com/privacy. clarity does not record sensitive form fields by default.

sentry is provided by functional software, inc. it is configured with send_default_pii set to false; we scrub passwords, verification codes, and recovery codes before transmission.

9. international data transfers

we operate from the united states and our primary servers are located in san francisco, california, usa, with edge caching, ddos protection, and security services provided globally by cloudflare. when you use the services from outside the united states, your information will be transferred to and processed in the united states and any other country where our service providers operate. these countries may have data protection laws that differ from those in your country.

for transfers from the european economic area, united kingdom, or switzerland to countries that have not received an adequacy decision, we rely on appropriate safeguards including the european commission's standard contractual clauses and the uk international data transfer addendum, supplemented by additional technical and organizational measures where necessary.

10. data retention

we retain personal information only as long as necessary to fulfill the purposes described in this policy, including to provide the services, comply with our legal obligations, resolve disputes, prevent fraud and abuse, and enforce our agreements.

active account data is retained for as long as your account remains active. content you post is retained until you delete it or your account is terminated, subject to backups and to content that has been re-shared, quoted, or messaged to others, which may persist. direct message archives are retained as encrypted archives so participants can retain a record of conversations after the other participant deletes their account. server logs and security data are typically retained for up to 24 months. crash and diagnostics data are typically retained for up to 90 days. records required for legal, tax, accounting, fraud-prevention, or safety purposes are retained as long as required by law or our legitimate interests.

when you delete your account, we initiate deletion after a 5-day grace period during which you may cancel. after deletion, we remove or anonymize your account data from active systems, except for information we are legally required to retain; information necessary to prevent fraud, abuse, or harm; records of violations and enforcement actions; backups, which are overwritten on a rolling basis; and message archives noted above.

11. data security

we use industry-standard administrative, technical, and physical safeguards to protect personal information, including encryption in transit (tls), salted password hashing, access controls, security monitoring, the availability of two-factor authentication, captcha and anti-bot protection on sensitive endpoints, and regular security review. however, no system is completely secure. you are responsible for keeping your password and recovery codes confidential, and you use the services at your own risk.

if we become aware of a personal data breach affecting you, we will notify you and the relevant authorities as required by applicable law.

12. children's privacy

the services are not intended for children under 13, and children under 13 are prohibited from creating accounts or using the services. in jurisdictions where the minimum digital-consent age is higher than 13 (for example, 14 in south korea, 15 in france, and 16 in germany or other eu/eea member states that have set a higher threshold), users below the applicable local minimum age must obtain verifiable parental or guardian consent before using the services, in accordance with local law.

we do not knowingly collect personal information from children under the applicable minimum age without verifiable parental consent. if we learn that we have collected such information, we will deactivate the account and delete the information. if you believe a child has provided us with personal information without proper consent, contact us at [email protected].

13. your privacy rights

depending on where you live, you may have some or all of the following rights with respect to your personal information.

access: request a copy of the personal information we hold about you. rectification: ask us to correct inaccurate or incomplete information. deletion: ask us to delete your personal information, subject to legal exceptions. portability: receive your information in a structured, machine-readable format; you can generate a json export of your account data from within your account settings. restriction: ask us to restrict certain processing. objection: object to processing based on our legitimate interests, including direct marketing. withdraw consent: where processing is based on your consent, withdraw it at any time without affecting prior processing. complain: lodge a complaint with your local data protection authority.

to exercise these rights, contact us at [email protected] from the email address associated with your account, or use the in-app account settings. we will respond within the time required by applicable law (typically 30 days; up to 45 days under ccpa with notice). we may need to verify your identity before fulfilling your request. we will not discriminate against you for exercising your rights.

13.1 european economic area, united kingdom, and switzerland (gdpr / uk gdpr)

if you are located in the eea, uk, or switzerland, the controller of your personal information is udictio llc. you have the rights listed above under the gdpr or uk gdpr. you may also lodge a complaint with the data protection authority where you live, work, or where the alleged infringement occurred.

13.2 california (ccpa / cpra)

if you are a california resident, you have the right to know what categories and specific pieces of personal information we have collected, used, disclosed, and sold or shared in the preceding 12 months; to delete personal information we collected from you, subject to legal exceptions; to correct inaccurate personal information; to opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising; to limit the use and disclosure of "sensitive personal information"; and to non-discrimination for exercising these rights.

categories of personal information collected in the preceding 12 months include identifiers (such as name, email, ip address, account id, and device identifiers); commercial information (none for paid transactions, as we do not currently process payments); internet or other electronic network activity information (such as browsing and interaction history on the services); geolocation data (approximate, derived from ip); audio, electronic, visual, or similar information (such as photos you upload); inferences drawn from the above (such as preferences); and user-generated content. we obtain these categories from you, automatically, and from our service providers and third-party identity providers.

sale or sharing. we do not sell personal information for monetary consideration. some uses of analytics services such as google analytics and microsoft clarity may constitute "sharing" for cross-context behavioral advertising purposes under the cpra. you can opt out by using any cookie or consent mechanism we provide on our website, by enabling the global privacy control (gpc) signal in a supported browser, or by contacting [email protected].

california "shine the light." california civil code section 1798.83 permits california residents to request information about disclosures of personal information to third parties for their direct marketing purposes. we do not disclose personal information to third parties for their direct marketing purposes.

california minor "eraser" right. if you are a registered user under 18 who resides in california, you may request removal of content you publicly posted by emailing [email protected]. removal does not guarantee complete or comprehensive removal from our systems.

authorized agents may submit requests on your behalf with appropriate authorization documentation.

13.3 other u.s. state laws

if you are a resident of a u.s. state with a comprehensive consumer privacy law (including but not limited to virginia, colorado, connecticut, utah, texas, oregon, montana, iowa, indiana, tennessee, and delaware), you have rights similar to those described in section 13.2, including rights to access, correct, delete, port, and opt out of targeted advertising, sale, or certain profiling. you may exercise these rights by contacting [email protected]. you may appeal a denial of your request by replying to our response within 30 days.

13.4 nevada residents (sb 220)

nevada residents may submit a verified request to opt out of any future sale of covered personal information by emailing [email protected]. we do not currently sell covered personal information as defined under nevada law.

13.5 turkey (kvkk)

if you are located in the republic of turkey, you have the rights set out in article 11 of law no. 6698 on the protection of personal data ("kvkk"), including the right to learn whether we process your data, request information about processing, learn the purpose of processing and whether the data is used for the intended purpose, learn the third parties to whom data is transferred domestically or abroad, request rectification, deletion, or destruction, object to outcomes of automated processing, and claim compensation for unlawful processing. submit requests in writing to [email protected].

14. content you post; license to udictio

content you post on the services may be visible to other users and the public. when you post content, you grant udictio a worldwide, non-exclusive, royalty-free, transferable, sublicensable license to host, store, reproduce, modify, adapt, publish, translate, distribute, transmit, display, and perform that content in connection with operating, providing, promoting, and improving the services and our business. this license terminates when the content is deleted, except for content that has been shared, copied, or referenced by others, and except as needed for backups, safety, fraud prevention, and legal compliance.

you are solely responsible for your content. do not post personal information about yourself or others that you do not want disclosed.

15. account suspension and termination

we may suspend, restrict, freeze, or terminate your account and access to the services, and may remove or hide content, at our sole discretion, with or without notice, including for violations of our terms of use, applicable law, or to protect users, third parties, the public, or udictio. termination does not relieve you of obligations that by their nature should survive.

16. third-party links and integrations

the services may contain links to or integrations with third-party websites, services, applications, and content. we do not control and are not responsible for the privacy practices or content of any third party. we encourage you to review the privacy policies of any third party you interact with.

17. push notifications

if you enable push notifications, we send notifications to your device through the apple push notification service (apns) and firebase cloud messaging (fcm), routed via expo's push service. notification content may include usernames, message previews, and event details. you can disable previews and individual notification categories in the app or in your device settings.

18. changes to this policy

we may update this policy from time to time. when we do, we will revise the "last updated" date above. for material changes, we will provide additional notice (such as a banner on the services or an email to your account email). your continued use of the services after the effective date constitutes your acceptance of the updated policy. if you do not agree, you must stop using the services.

19. governing law and dispute resolution

this policy is governed by the laws of the state of nevada, united states, without regard to its conflict-of-laws principles. to the extent permitted by applicable law, any dispute arising out of or relating to this policy will be resolved exclusively in the state or federal courts located in clark county, nevada, and you consent to personal jurisdiction and venue there. nothing in this section limits any non-waivable rights you may have under your local consumer protection laws.

20. severability and entire agreement

if any provision of this policy is held to be invalid or unenforceable, the remaining provisions will remain in full force and effect. this policy, together with our terms of use and any other agreements expressly incorporated, constitutes the entire agreement between you and udictio regarding the subject matter and supersedes all prior understandings.

21. contact us

for questions, requests, or complaints regarding this policy or our privacy practices, contact us at:

udictio llc
email: [email protected]
mailing address: available upon written request to [email protected]

we will respond within the time required by applicable law.