Slap Social (the "App" or "Service") is owned and operated by Jessyka Mathews, an individual sole proprietor based in California, United States ("we," "us," or "our"). The App is an iOS application that helps you discover fresh posts on X (formerly Twitter) in topics you care about, and lets you reply to or quote those posts. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. By using the Slap Social app or website, you agree to this Policy.
1. Quick summary
- We collect what's needed to run the service: your email, profile info you provide, your niche keywords, and basic usage logs.
- Slap Social does not log in to X for you. We never ask for your X password, and we never hold an X authorization token. Posts you reply to are opened in the X app on your device, where you compose and send under your own X session.
- We use Apple, Supabase, Netlify, TwitterAPI.io, and PostHog (privacy-friendly website analytics) to operate. We do not sell your data.
- You can delete your account and export your data anytime from inside the app.
2. Information we collect
2.1 Information you give us directly
| Category | What it is | Why |
|---|---|---|
| Account | Email address, an optional password (stored hashed if you set one — passwordless sign-in via a one-time email code is also supported), and an optional display name. If you sign in with Apple, we also receive a unique Apple identifier and the name/email you choose to share. | To create and authenticate your account. |
| Profile | Display name, optional address/city, newsletter opt-in. | To personalize your experience and contact you about Slap Social if you opt in. |
| Niche keywords | The plain-English keywords you enter to define your radar. | To build and run the X search query for you. |
| Reports & blocks | Posts you report and X handles you block. | To enforce content moderation in your view of the app and review reports. |
| Support tickets | The category, subject, message, and any replies in support conversations. | To answer you and improve the product. |
2.2 Information we collect automatically
| Category | What it is | Why |
|---|---|---|
| Usage events | Records of significant actions in the app — searches you run, when you view the paywall, when you make a purchase. Stored in our database with your account ID. | To enforce per-user fair-use limits, monitor third-party data costs, and prevent abuse. |
| Device/log data | Standard server logs (IP address, request timestamps, user agent) when your app calls our backend. | Security, debugging, and abuse prevention. |
| Subscription state | Status of your auto-renewing subscription (active, paused, canceled, etc.) and the period dates, supplied to us by Apple via App Store Server Notifications. | To know whether you have access to paid features. |
2.3 How we obtain X (Twitter) posts
Slap Social does not log in to X on your behalf. We never ask for your X password, and we do not hold any OAuth token, API token, or other authorization that lets us act on your X account. To populate your radar, our backend queries TwitterAPI.io — a third-party data provider — under our own commercial agreement with that provider. TwitterAPI.io returns publicly available posts matching the keywords you entered. We never receive any private X data (DMs, followers, blocks, etc.) and we cannot post to X on your behalf.
When you tap to reply to or quote a post, the App opens that post in the X app or x.com via a standard deep link. Composing, authenticating, and sending the post happen entirely inside X under your own X session, separate from Slap Social. We do not see or store the contents of replies or quotes you send through X.
2.4 Content moderation & how we handle reports
Because Slap Social displays user-generated content from X, every post in the app has a Report and a Block control.
- Report: opens a sheet where you tell us what's wrong with a post (e.g., harassment, spam, illegal content). The report is written to our database with the post ID, the X handle of the poster, and your reason. Reports are reviewed by Jessyka Mathews (the operator of Slap Social).
- Block: adds an X handle to your personal blocklist. Posts from blocked handles are filtered out of your radar and broadcast results going forward. Blocking is private to your account and is not shared with the blocked person.
- Our response commitment: we acknowledge and act on user content reports within 24 hours of receipt. Action may include filtering the reported post from all users' radars (via our objectionable-terms list), declining the report with a brief reason, or in egregious cases escalating to X directly. You can email hello@slapsocial.app if you need to follow up on a specific report.
- Objectionable content filter: a global Settings toggle ("Hide flagged content") suppresses posts containing terms on our internal moderation list. The list is maintained by Jessyka Mathews and expanded based on user reports.
2.5 What we do not collect
- We do not collect contacts, location, photos, or microphone data.
- We do not track you across other apps or websites. We do not request the App Tracking Transparency permission.
- We do not run third-party advertising or sell your data to data brokers.
- We do not collect, request, or store any X password, X OAuth token, or other X authentication credential. None exists on our servers or in the App.
3. How we use information
- Provide the service: authenticate you, run your radar searches, deliver replies and quotes, manage your subscription.
- Operate fair-use limits: enforce per-user search quotas to protect our TwitterAPI.io data budget and ensure equitable access for all subscribers.
- Communicate: respond to your support requests, send transactional emails about your account or subscription, send marketing emails only if you opt in.
- Improve the product: aggregate, anonymous usage patterns help us decide what to build next.
- Comply with the law: respond to lawful requests, enforce our Terms, prevent fraud or abuse.
4. Who we share data with
We share only with service providers strictly necessary to operate Slap Social. These providers are bound by their own privacy commitments and only process data on our instructions.
| Provider | Purpose | Data shared |
|---|---|---|
| Apple Inc. | App distribution, Sign in with Apple, in-app purchase / StoreKit, push notifications. | Whatever Apple inherently receives by virtue of distributing an iOS app and processing your subscription. |
| Supabase Inc. | Authentication, database hosting (Postgres). | Your account, profile, keywords, usage events, support tickets, blocks, reports. |
| Netlify Inc. | Hosting our backend functions and websites. | Server logs, requests routed to our APIs. |
| TwitterAPI.io | Retrieval of public posts from X (formerly Twitter) for display in your radar. | The keywords you enter and aggregated query metadata necessary to fulfill the search. No personal X credentials are exchanged because none exist in our system. TwitterAPI.io's processing is governed by its own terms and privacy policy. |
| PostHog | Privacy-friendly analytics for our website (slapsocial.app) — to understand page views, traffic sources, and visitor country in aggregate. | Anonymous website usage only: pages viewed, referring site, a coarse country derived from IP (not stored as a precise location), and a random per-visitor ID. No iOS-app account data and no cross-app or cross-site tracking. Governed by PostHog's own privacy policy. |
If we add new providers in the future (for example, an analytics or affiliate tracking provider), we will update this Policy and notify you in-app or by email if the change materially affects your privacy.
We do not sell your personal information in the sense defined by the California Consumer Privacy Act, and we do not "share" it for cross-context behavioral advertising.
5. How long we keep data
- Account & profile: for as long as your account is active. Deleted immediately when you delete your account.
- Usage events: we keep detailed per-call TwitterAPI.io request logs for 90 days for cost analysis, then automatically delete them.
- Cached search results: typically less than 24 hours.
- Support tickets: kept for as long as needed to resolve your request, plus a reasonable record-keeping period (typically 24 months).
- Backups & legal holds: de-identified backups may persist for up to 30 days after deletion; data subject to a legal hold may be retained longer.
6. Your choices and rights
6.1 In-app controls
- Delete your account from Profile → "Delete my account." This permanently removes your account and all associated data on our servers.
- Manage your subscription in iOS Settings → your name → Subscriptions.
- Block users from the post menu — their posts will no longer appear in your radar.
6.2 Privacy rights (GDPR, UK GDPR, CCPA/CPRA, and similar laws)
Depending on where you live, you may have the right to: access the personal information we hold about you; correct or update it; delete it; receive a portable copy; restrict or object to certain processing; withdraw consent; and lodge a complaint with your local data protection authority. To exercise any of these rights, email us at hello@slapsocial.app. We will respond within 30 days (or as required by your local law).
6.3 California-specific disclosures
Under the California Consumer Privacy Act (CCPA), as amended by the CPRA, California residents may request to know, delete, or correct personal information, and may opt out of any sale or sharing of personal information. As stated above, we do not sell or share your personal information. California residents can submit requests to hello@slapsocial.app.
7. Security
We use industry-standard safeguards including TLS 1.2+ for all network traffic, password hashing, row-level security in our database, and isolation of provider credentials in server-side environment variables. We hold no X authentication credentials of any kind, eliminating an entire class of token-theft risk. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. Children
Slap Social is intended for users 17 years of age or older (consistent with the X Terms of Service and Slap Social's App Store age rating). We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us with information, contact us and we will delete it.
9. International transfers
Slap Social is operated from the United States. Our service providers may store and process data in the United States, the European Union, or other regions. Where we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland, we rely on Standard Contractual Clauses or another lawful transfer mechanism.
10. Changes to this Policy
We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent version. For material changes, we will notify you in-app or by email at least 7 days before they take effect. Your continued use of Slap Social after the update constitutes acceptance.
11. Contact us
Questions, requests, or complaints about privacy?
- Email: hello@slapsocial.app
- Mailing address: Jessyka Mathews (Slap Social), 2166 W Broadway #1008, Anaheim, CA 92804-2446, USA
- Phone: (714) 400-2632