Privacy Policy
Last updated: May 1, 2026
Slap Social ("Slap Social," "we," "us," or "our") provides an iOS application that helps you discover fresh posts on X (formerly Twitter) in topics you care about, and lets you reply to or quote those posts. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. By using the Slap Social app or website, you agree to this Policy.
1. Quick summary
- We collect what's needed to run the service: your email, profile info you provide, your niche keywords, and basic usage logs.
- Your X login token never leaves your iPhone — we cannot read your DMs, your followers, or anything we don't show in the app.
- We use Apple, Supabase, Netlify, and the X API to operate. We do not sell your data.
- You can delete your account, disconnect your X account, and export your data anytime from inside the app.
2. Information we collect
2.1 Information you give us directly
| Category | What it is | Why |
|---|---|---|
| Account | Email address, password (hashed), and optional display name. If you sign in with Apple, we receive a unique Apple identifier and the name/email you choose to share. | To create and authenticate your account. |
| Profile | Display name, optional address/city, newsletter opt-in. | To personalize your experience and contact you about Slap Social if you opt in. |
| Niche keywords | The plain-English keywords you enter to define your radar. | To build and run the X search query for you. |
| Reports & blocks | Posts you report and X handles you block. | To enforce content moderation in your view of the app and review reports. |
| Support tickets | The category, subject, message, and any replies in support conversations. | To answer you and improve the product. |
2.2 Information we collect automatically
| Category | What it is | Why |
|---|---|---|
| Usage events | Records of significant actions in the app — searches you run, when you view the paywall, when you link or unlink your X account, when you make a purchase. Stored in our database with your account ID. | To enforce per-user fair-use limits, monitor X API spending, and prevent abuse. |
| Device/log data | Standard server logs (IP address, request timestamps, user agent) when your app calls our backend. | Security, debugging, and abuse prevention. |
| Subscription state | Status of your auto-renewing subscription (active, paused, canceled, etc.) and the period dates, supplied to us by Apple via App Store Server Notifications. | To know whether you have access to paid features. |
2.3 Information from your X (Twitter) account
If you choose to link your X account, we use OAuth 2.0 PKCE — Apple's recommended flow. We store the resulting access and refresh tokens only in your iPhone's Keychain, never on our servers. We mirror only your public X username and X user ID into our database so the admin panel can show "linked as @yourhandle" — nothing else. We do not request, read, or store your DMs, your followers, your block list, or any private data.
2.4 What we do not collect
- We do not collect contacts, location, photos, or microphone data.
- We do not track you across other apps or websites. We do not request the App Tracking Transparency permission.
- We do not run third-party advertising or sell your data to data brokers.
- We do not store your X account password or X OAuth tokens on our servers.
3. How we use information
- Provide the service: authenticate you, run your radar searches, deliver replies and quotes, manage your subscription.
- Operate fair-use limits: enforce per-user search quotas to protect the X API budget.
- Communicate: respond to your support requests, send transactional emails about your account or subscription, send marketing emails only if you opt in.
- Improve the product: aggregate, anonymous usage patterns help us decide what to build next.
- Comply with the law: respond to lawful requests, enforce our Terms, prevent fraud or abuse.
4. Who we share data with
We share only with service providers strictly necessary to operate Slap Social. These providers are bound by their own privacy commitments and only process data on our instructions.
| Provider | Purpose | Data shared |
|---|---|---|
| Apple Inc. | App distribution, Sign in with Apple, in-app purchase / StoreKit, push notifications. | Whatever Apple inherently receives by virtue of distributing an iOS app and processing your subscription. |
| Supabase Inc. | Authentication, database hosting (Postgres). | Your account, profile, keywords, usage events, support tickets, blocks, reports. |
| Netlify Inc. | Hosting our backend functions and websites. | Server logs, requests routed to our APIs. |
| X Corp. | Public post search and (with your permission) posting on your behalf. | Your X handle and posts when you publish through the app. We use the X API in compliance with their Developer Agreement. |
If we add new providers in the future (for example, an analytics or affiliate tracking provider), we will update this Policy and notify you in-app or by email if the change materially affects your privacy.
We do not sell your personal information in the sense defined by the California Consumer Privacy Act, and we do not "share" it for cross-context behavioral advertising.
5. How long we keep data
- Account & profile: for as long as your account is active. Deleted immediately when you delete your account.
- Usage events: we keep detailed per-call X API logs for 90 days for cost analysis, then automatically delete them.
- Cached search results: typically less than 24 hours.
- Support tickets: kept for as long as needed to resolve your request, plus a reasonable record-keeping period (typically 24 months).
- Backups & legal holds: de-identified backups may persist for up to 30 days after deletion; data subject to a legal hold may be retained longer.
6. Your choices and rights
6.1 In-app controls
- Delete your account from Profile → "Delete my account." This permanently removes your account and all associated data on our servers, and revokes your X access token.
- Disconnect X from Profile → "Disconnect X account." This deletes the access token from your device's Keychain and revokes it with X.
- Manage your subscription in iOS Settings → your name → Subscriptions.
- Block users from the post menu — their posts will no longer appear in your radar.
6.2 Privacy rights (GDPR, UK GDPR, CCPA/CPRA, and similar laws)
Depending on where you live, you may have the right to: access the personal information we hold about you; correct or update it; delete it; receive a portable copy; restrict or object to certain processing; withdraw consent; and lodge a complaint with your local data protection authority. To exercise any of these rights, email us at info@getslapsocial.com. We will respond within 30 days (or as required by your local law).
6.3 California-specific disclosures
Under the California Consumer Privacy Act (CCPA), as amended by the CPRA, California residents may request to know, delete, or correct personal information, and may opt out of any sale or sharing of personal information. As stated above, we do not sell or share your personal information. California residents can submit requests to info@getslapsocial.com.
7. Security
We use industry-standard safeguards including TLS 1.2+ for all network traffic, password hashing, row-level security in our database, isolation of secrets in server-side environment variables, and storage of your X access tokens exclusively in your device's Keychain. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. Children
Slap Social is intended for users 17 years of age or older (consistent with the X Terms of Service and Slap Social's App Store age rating). We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us with information, contact us and we will delete it.
9. International transfers
Slap Social is operated from the United States. Our service providers may store and process data in the United States, the European Union, or other regions. Where we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland, we rely on Standard Contractual Clauses or another lawful transfer mechanism.
10. Changes to this Policy
We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent version. For material changes, we will notify you in-app or by email at least 7 days before they take effect. Your continued use of Slap Social after the update constitutes acceptance.
11. Contact us
Questions, requests, or complaints about privacy?
- Email: info@getslapsocial.com
- Mailing address: Slap Social, Los Angeles, California, USA