Back to Forkfeed
ForkfeedForkfeed

Privacy Policy

Last updated: March 29, 2026

1. Introduction

Forkfeed is operated by Mapheim AS (Org. nr. 929 542 681, Trondheim, Norway), referred to as “we,” “our,” or “us” throughout this policy. We are the data controller for the personal data processed through the Forkfeed mobile application and website (collectively, the “Service”).

Forkfeed is a community-curated content platform where users browse curated “forks” of visual and text content created and hosted by independent third-party operators. We are committed to protecting your privacy and being transparent about our data practices.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service, and your rights regarding that information.

2. Information We Collect

2.1 Account Information

When you create an account using Apple Sign In, we receive the following information from Apple:

  • Apple User ID - a unique identifier assigned by Apple. This is always provided.
  • Name - your first and last name, provided only the first time you sign in (optional; you may choose not to share it).
  • Email address - your email or an Apple relay email address (optional; you may choose to hide your real email).

2.2 Profile Information

After creating your account, you may provide additional profile information:

  • Display name - the name shown to other users.
  • Avatar image - a profile picture you upload. Avatar images are stored on our servers (AWS S3) and delivered via CDN.

2.3 User Activity Data

When you use the Service, we collect data about your interactions to provide personalized features:

  • Saved content - forks, cards, and creators you save to your library.
  • Follow relationships - creators you choose to follow.
  • View history - forks you have viewed, with timestamps.
  • Card likes - which cards you have liked.
  • Reports - if you report content or a creator, we store the report details (reported item, reason, timestamp) for moderation purposes.

2.4 Card Engagement Data

When you view cards in a feed, basic engagement data (time spent viewing a card, which card variants you viewed) may be sent directly from your device to the third-party content server that hosts the card. This data is not stored by Forkfeed - it is sent to and processed by the third-party content server operator. Each operator is responsible for their own data practices regarding this engagement data.

2.5 Push Notification Data

If you opt in to push notifications during the setup flow or via device settings, we store an Expo push token associated with your account. This token is used solely to deliver notifications to your device. The token is removed from our servers when you sign out or delete your account.

2.6 Local Device Storage

The app stores limited data locally on your device:

  • Authentication tokens - JWT tokens stored in secure storage (Keychain on iOS, encrypted storage on Android) or browser storage on web. Used to keep you signed in.
  • Onboarding state - a flag indicating whether you have completed the onboarding flow. Stored in AsyncStorage (native) or localStorage (web).

2.7 Usage Analytics

We may collect basic usage analytics to improve the Service, such as app launch events, screen views, and crash reports. This data is collected in aggregate and is not used to build individual user profiles for advertising purposes.

2.8 Information We Do NOT Collect

  • We do not collect device advertising identifiers (IDFA, GAID) for advertising or tracking.
  • We do not collect precise or coarse location data.
  • We do not collect browsing history outside the Service.
  • We do not collect contacts, photos, or other device data.
  • We do not use cookies for advertising or cross-site tracking.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contract performance - processing necessary to provide the Service you signed up for: account authentication, profile display, saving content, view history, card likes, and feed delivery.
  • Legitimate interest - processing for service improvement, analytics, security, fraud prevention, and content moderation. Our legitimate interests do not override your fundamental rights and freedoms.
  • Consent - push notifications and any future marketing communications. You can withdraw consent at any time (see Section 9).
  • Legal obligation - processing required to comply with applicable laws, regulations, or legal processes.

4. How We Use Your Information

We use the information we collect to:

  • Authenticate your identity and maintain your account.
  • Display your saved forks, cards, and creators.
  • Show your view history and card likes.
  • Display your profile information to other users (name, avatar).
  • Send push notifications you have opted into (new forks, milestones, recommendations, new followers).
  • Process and review content reports you submit.
  • Improve, maintain, and secure the Service.
  • Comply with legal obligations.

5. Data Storage and Security

Your data is stored in a MongoDB database hosted on Amazon Web Services (AWS) in the eu-north-1 (Stockholm, Sweden) region. Media assets (images, videos, avatars) are stored in AWS S3 and delivered via Amazon CloudFront CDN.

We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), JWT-based authentication with token versioning for revocation, and access controls on all infrastructure.

6. Third-Party Services

We use the following third-party services:

  • Apple Sign In - for authentication. Apple's privacy policy applies to the sign-in process. We only receive the data described in Section 2.1.
  • Amazon Web Services (AWS) - for hosting, data storage, and content delivery (Lambda, S3, CloudFront, API Gateway). AWS acts as a data processor on our behalf under a Data Processing Agreement.
  • Expo - for delivering push notifications to your device. Expo processes push tokens on our behalf. Expo's privacy policy applies to their handling of notification delivery.
  • Third-party content servers - Forkfeed displays content from independent content backends operated by creators, communities, or automated systems. These servers are independently operated and Forkfeed has no control over their content or practices. Your device fetches content directly from these servers, which may log standard HTTP request data (IP address, user agent). Card engagement data (time spent, variants viewed) is also sent to these servers. Each content server operator is responsible for their own privacy practices. Third-party content may include advertising or promotional material placed by the backend operator.

7. Data Sharing

We do not sell, rent, or share your personal information with third parties for advertising or marketing purposes.

We may share your information only in the following circumstances:

  • Public profile - your name and avatar are visible to other users if you have a public profile.
  • Service providers - with trusted service providers (AWS, Expo) who process data on our behalf under data processing agreements and are prohibited from using your data for their own purposes.
  • Legal requirements - if required by law, regulation, legal process, or governmental request.
  • Safety - to protect the rights, property, or safety of Mapheim AS, our users, or the public.

8. Data Retention

  • Account data - retained for as long as your account is active.
  • View history - may be cleared by you at any time within the app.
  • Card likes and saves - retained while your account is active.
  • Reports - retained for moderation and safety purposes, even after account deletion, in anonymized form.
  • Push tokens - removed when you sign out or delete your account.
  • Engagement data - sent to third-party content servers and governed by their retention policies, not ours.
  • Account deletion - if you delete your account, we will delete all associated personal data within 30 days, except where retention is required by law or for the legitimate purposes described above (e.g., anonymized report records).

9. Your Rights

9.1 All Users

Regardless of your location, you have the right to:

  • Access your personal data - view your profile, saved items, likes, and history within the app.
  • Delete your account and all associated data - use the “Delete Account” option in the app's Settings screen.
  • Clear your view history at any time.
  • Correct your information by updating your profile.
  • Withdraw consent for push notifications at any time via device settings or the app.

9.2 European Economic Area, UK, and Swiss Users (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to data portability - receive your data in a structured, commonly used, machine-readable format.
  • Right to restrict processing - request that we limit how we process your data in certain circumstances.
  • Right to object - object to processing based on legitimate interest.
  • Right to withdraw consent - where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint - with your local data protection supervisory authority.

To exercise any of these rights, contact us at privacy@forkfeed.app. We will respond within 30 days.

9.3 California Users (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know - what personal information we collect, use, and disclose.
  • Right to delete - request deletion of your personal information.
  • Right to opt-out of sale - we do not sell your personal information to third parties.
  • Right to non-discrimination - we will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@forkfeed.app or use the in-app account deletion feature.

10. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us at privacy@forkfeed.app and we will promptly delete it.

If we become aware that a user is under 13, we will terminate their account and delete their personal data.

11. International Data Transfers

Our servers are located in the European Union (Stockholm, Sweden). If you access the Service from outside the EU, your data will be transferred to and processed in the EU. We ensure that such transfers comply with applicable data protection laws, including GDPR.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the “Last updated” date at the top of this page. For significant changes, we may also notify you via push notification or an in-app notice. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us at:

Mapheim AS
Trondheim, Norway
Org. nr. 929 542 681
Email: privacy@forkfeed.app

← Back to Forkfeed
PrivacyTerms