Privacy Policy

Last updated: May 3, 2026

Who we are

ÀjọÈdè is a community-built living dictionary where language lives on. We are committed to protecting your privacy and handling your personal data transparently.

What data we collect

When you create an account, we collect:

• Account information - email address, username, display name, and password (stored securely as a hash).
• Profile information - bio and profile picture (optional).
• Content you create - posts, comments, word contributions, and direct messages.
• Usage data - follows, likes, and notification preferences.
• Device data for push notifications - if you enable notifications, we store the device push token issued by Apple (APNs) or Google (FCM) so we can route alerts to your device.
• Authentication identifiers from third parties - if you sign in with Google or Apple, we store the stable identifier they return so we can recognize your account on future sign-ins. We do NOT receive your Google or Apple password.

How we use your data

We use your data solely to provide and improve ÀjọÈdè:

• To create and manage your account.
• To display your profile and content to other users.
• To send you notifications about activity relevant to you (replies, mentions, direct messages, contribution approvals).
• To enable direct messaging between users.
• To maintain and improve the platform.
• To detect and prevent abuse, spam, fraud, or security incidents.

What we do not do

• We do not sell your personal data to third parties.
• We do not use your data for advertising or ad targeting.
• We do not share your data with third parties except as needed to operate the platform (see "Service providers" below).
• We do not track you across other websites.

Service providers

We rely on a small set of vendors to operate the platform. These providers process data only on our behalf and only for the purposes described:

• Amazon Web Services (AWS) - hosts our application servers, databases, and content storage (S3) in the United States. CloudFront delivers static content and avatars worldwide.
• Google - powers "Sign in with Google" when you choose that option.
• Apple - powers "Sign in with Apple" when you choose that option.
• Apple Push Notification service (APNs) - delivers push notifications to iOS devices.
• Firebase Cloud Messaging (FCM, Google) - delivers push notifications to Android devices.

We do not use third-party advertising, analytics, or tracking SDKs.

International data transfer

If you access ÀjọÈdè from outside the United States, your data will be transferred to and stored in the United States. By using the service you consent to that transfer. We rely on appropriate safeguards (including standard contractual clauses where applicable) for any cross-border transfers.

Data storage and security

Your data is stored securely using industry-standard practices:

• Passwords are hashed and never stored in plain text.
• Two-factor authentication secrets are encrypted at rest using libsodium.
• Data is transmitted over encrypted connections (HTTPS / TLS).
• Profile images are processed to strip location and camera metadata (EXIF data) before storage.
• Data is hosted on secure cloud infrastructure (AWS) in the United States.

Data retention

We keep your data only as long as we need it to provide the service:

• Active accounts - data is retained while your account is active.
• Deleted accounts - your email, name, bio, avatar, follows, messages, and notifications are erased immediately. Posts and comments are anonymized (author removed) so community discussions remain coherent. Anonymized content is retained indefinitely; it cannot be re-linked to you.
• Backups - automated database backups may retain a copy of erased data for up to 30 days, after which the backup is overwritten.
• Server logs - request logs (IP address, user agent, timestamps) are retained for up to 90 days for security and abuse-detection purposes, then deleted.
• Legal holds - if we receive a valid legal request to preserve specific data, we may retain it longer than the periods above.

Your rights

You have the following rights regarding your personal data:

• Access - you can view all the data associated with your account on your profile page.
• Correction - you can update your email, name, username, bio, and profile picture at any time in your account settings.
• Deletion - you can permanently delete your account and all personal data from your account settings. The action is immediate and cannot be undone.
• Portability - if you would like a copy of your data, contact us at the address below and we will provide it in a machine-readable format.
• Objection / restriction - you can object to or request restriction of certain processing activities by contacting us.
• Complaint - if you believe we have mishandled your data, you may lodge a complaint with your local data protection authority.

Rights under specific laws

EEA / UK residents (GDPR). The legal bases on which we process your data are: performance of a contract (operating the service), our legitimate interests (security, abuse prevention, product improvement), and your consent (where you have given it, e.g. enabling push notifications). You have the rights listed above plus the right to lodge a complaint with your supervisory authority.

California residents (CCPA / CPRA). You have the right to know what personal information we collect, the right to delete it, the right to correct inaccurate information, the right to opt out of sale or sharing of your personal information (we do not sell or share for cross-context advertising), and the right not to be discriminated against for exercising your rights. To exercise any of these rights, contact us at the address below.

Push notifications

If you enable notifications, we send alerts about activity relevant to you (mentions, replies, direct messages, contribution approvals, streak reminders). You can turn notifications off at any time from the Notifications settings inside the app, or from your device's notification settings. Disabling notifications does not affect any other part of the service.

Cookies and local storage

We use a session cookie to keep you logged in on the web. We use browser local storage for preferences like theme settings and splash-screen state. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

The mobile app uses secure on-device storage (iOS Keychain / Android Keystore) for the authentication token; no cookies are used.

Children

ÀjọÈdè is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. Significant changes will be communicated through the platform. The "last updated" date at the top of this page indicates when the policy was last revised.

Contact

If you have questions about this privacy policy or want to exercise your data rights, contact us at awa@ajoede.app.