Privacy Policy
Last updated: April 17, 2026
toska is built around anonymity. We collect as little as possible and never sell your data. This policy explains what we collect, why, and what you can do about it.
1. What we collect
| Data | Why | Stored where |
|---|---|---|
| Email address | Account creation, password reset, support | Firebase Auth + Firestore (private subcollection) |
| Anonymous handle | Display identity (randomly generated, not your real name) | Firestore |
| Posts, replies, messages | Core app functionality | Firestore |
| Likes, saves, follows | Personalization and engagement features | Firestore |
| Push notification token | Delivering notifications you opted into | Firestore (private subcollection) |
| Crash reports | Fixing bugs | Firebase Crashlytics |
| Anonymous usage analytics | Understanding how the app is used (opt-out available in Settings) | Firebase Analytics |
2. What we don't collect
- Your real name
- Your phone number
- Your location
- Your contacts
- Photos or camera data
- Advertising identifiers (IDFA)
3. How we use your data
- To operate the app (display posts, deliver messages, send notifications)
- To personalize your feed based on your engagement
- To detect and remove content that violates our terms
- To fix crashes and improve the app
We do not sell, rent, or share your personal data with advertisers or third parties for marketing purposes.
4. Third-party services
toska uses the following third-party services:
- Firebase (Google) — authentication, database, analytics, crash reporting, push notifications. Firebase Privacy Policy
- Giphy — GIF search within the app. When you search for GIFs, your search query is sent to Giphy's API. Giphy Privacy Policy
- Apple Sign-In / Google Sign-In — optional authentication methods. These services share only your email (and in Apple's case, you can hide it).
5. Data retention
- Your posts and messages are stored until you delete them or delete your account
- Expired posts (if you set an expiration) are automatically deleted
- When you delete your account, we remove your data within 30 days. Some data may persist in encrypted backups for up to 90 days.
- Reports and moderation logs may be retained separately for safety purposes
6. Your rights
You can:
- Export your data — available in Settings
- Delete your account — available in Settings, removes your profile and content
- Opt out of analytics — toggle in Settings
- Block users — prevents them from seeing your content or contacting you
7. Children's privacy
toska is not intended for anyone under 17 years of age. We do not knowingly collect data from children. If we learn that we have collected data from someone under 17, we will delete their account.
8. Security
We use industry-standard security measures including encrypted connections (TLS), Firebase security rules, and access controls. However, no system is 100% secure. Use toska at your own risk.
Direct messages and posts are stored securely in our database but are not end-to-end encrypted. This means they are protected in transit (via TLS) and at rest (via Firebase's infrastructure encryption), but could theoretically be accessed by the toska team for moderation or legal compliance purposes. This is the same model used by most social platforms.
9. Law enforcement
We may disclose your data if required by law, such as in response to a valid subpoena, court order, or government request. We will attempt to notify affected users when legally permitted to do so. We do not voluntarily share data with law enforcement or government agencies.
10. Changes to this policy
We may update this policy. If we make significant changes, we'll notify you in the app. The "last updated" date at the top reflects the most recent version.
11. Contact
Questions about your privacy? Email us at salte@saltedevelopments.com.