Effective date: 2026-02-15
This policy explains what data is processed when you use the Setfeed Android app and the Setfeed web bridge (setfeed.app). Our goal is minimal data, explicit boundaries, and ciphertext-only transport wherever possible.
“Setfeed” refers to the Setfeed app and services operated by Setfeed. If you have questions, contact privacy@setfeed.app.
Messages sent through setfeed.app are encrypted in your browser before they reach our servers. When encrypted delivery is used, Setfeed stores and transports only encrypted ciphertext (plus required cryptographic metadata such as IV and salt) and cannot read message contents.
Private encryption keys are stored only on recipient devices and are never intentionally uploaded to Setfeed servers.
Setfeed is built to minimize personal data. Some data is still processed to operate the service and to protect it from abuse. The categories below describe what may be processed depending on the feature you use.
This data is used to deliver messages and enforce one-time consumption (replay protection). It is not used for advertising.
We use Firebase App Check to reduce automated abuse. On Android, App Check can use Play Integrity; on the web bridge it can use reCAPTCHA. These systems may process signals and tokens that help verify requests come from an authentic app/browser environment.
Our backend infrastructure (Firebase / Google Cloud) generates logs for reliability and security (for example, to diagnose failures, measure rate limits, and investigate abuse). These logs may include technical identifiers such as IP address and request metadata.
The Setfeed Android app stores some data locally on your device (for example, scheduled messages, inbox state, and app preferences) so the app can function. Local data can typically be removed by clearing app storage or uninstalling the app.
Setfeed uses Google Firebase and Google Cloud to operate the service (for example: Cloud Functions and Firestore). These providers process data on our behalf as service providers/processors.
We do not share personal data with advertisers. We may disclose information if required by law, or to protect the rights and safety of users and the service (for example, responding to valid legal requests).
We retain encrypted envelopes and related metadata only as long as needed to provide delivery and prevent replay. Operational logs may be retained for a limited period for security and reliability.
We use industry-standard protections for data in transit and for backend access controls. Where end-to-end encryption is used, message content remains encrypted on our servers. No system is perfectly secure; we continually work to reduce risk.
Setfeed is not designed for children and is not directed to children under 13. If you believe a child has provided personal information to Setfeed, contact us and we will take appropriate steps.
If we change this policy, we will update the effective date above and publish the updated version on this page.
