Privacy Policy

Last updated: May 5, 2026

What we collect

• Email and password — for account access
• Date of birth or age confirmation — used to confirm eligibility to create an account and to support NSFW age-gating; not publicly displayed
• Username — public
• Phone number — used for OTP verification and abuse prevention; verified once, never displayed
• City and neighborhood — used to determine which Phorum scopes you see; never displayed at street precision
• Posts, comments, votes, reports — posts and comments are public; votes are pseudonymous (counts only); reports are used for moderation and safety and are visible only to admins
• Direct messages — stored to provide messaging functionality and visible only to the sender, recipient, and Pholk if review is required for safety, abuse, legal compliance, or moderation enforcement

What we don't collect

• Your real name (we don't ask)
• Your browsing data outside Pholk
• Location more precise than the neighborhood you choose at signup. We do not collect GPS coordinates, street addresses, or precise geolocation unless we update this Policy and provide notice.
• Device fingerprints, advertising IDs, or any tracker-style identifiers

Who we share data with

Pholk does not sell personal data, run ads, or share data with third parties for marketing. We use limited service providers to operate the Service. Pholk's primary database and authentication infrastructure is hosted through Supabase in the United States. We do use a small number of infrastructure providers (service providers) that store or process data on our behalf:

• Supabase — database and authentication
• Vercel — web hosting
• Twilio — processing the one-time SMS code during phone verification

If we ever change this — for instance, by adding analytics — we'll announce it before the change takes effect, and you'll have the option to delete your account first.

Vote Records

Individual vote records are stored to prevent duplicate voting and operate ranking features, but public users see only aggregate vote counts.

Cookies and tracking

We use one cookie: the auth session that keeps you signed in. No analytics cookies, no advertising cookies, no third-party trackers.

Account deletion and Data Retention

Email phil@pholk.io with your username. We'll delete your account and all associated data within 14 days, unless retention is required for legal, safety, abuse-prevention, or security reasons.

Supabase retains only a verified flag for phone numbers. We retain an opaque hash of your phone number for 90 days after deletion to prevent abuse via immediate re-signup. After 90 days, that hash is purged as well. Backup copies of data may remain in our secure archives for a limited time.

Security

We use reasonable administrative, technical, and organizational safeguards designed to protect user information.

Legal Requests

We may disclose information if required to comply with law, legal process, or valid governmental request.

Your Privacy Rights (Including Oregon Residents)

Depending on your location, including if you are a resident of Oregon, you may have specific rights regarding your personal data. To exercise these rights, email phil@pholk.io. We will respond within 30 days. These rights include the right to:

• Know what data we have collected about you
• Receive a copy of all data we hold
• Correct anything that's wrong
• Delete your data
• Opt-out of the sale of personal data, targeted advertising, or profiling (Note: We do not sell data, run targeted ads, or engage in profiling)

If we deny your request, you may appeal by replying to our denial email.

Children (COPPA Disclosure)

Pholk is not intended for users under 16. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we have collected information from a child under 13, please contact us immediately at phil@pholk.io. If we learn an account belongs to someone under 16, we delete it.