Legal
Privacy & Data Sovereignty
Last Updated: February 7, 2026
Profiting from surveillance is strictly against our principles. We reject the "attention economy" model.
1. Data Sovereignty
We do not sell your data. We do not index your content on search engines. Sojorn is a private community designed to protect your posts and identity from the extractivist economy.
2. Collection Limit
We collect only what is necessary to function: your email (for authentication and critical updates) and the content you explicitly create. We do not use third-party tracking pixels that follow you across the web.
3. Media Sanitization
All photos and videos you upload are automatically stripped of metadata before they are stored. This includes:
- EXIF data — camera make/model, lens info, software version
- GPS coordinates — latitude, longitude, altitude
- Timestamps — original capture date and time
- Device identifiers — serial numbers or unique device tags
Images are re-encoded on your device before upload (stripping EXIF), and all media is processed again server-side via ffmpeg to guarantee no metadata survives. What you upload is pixels and audio — nothing else.
4. Beacon Anonymity
Beacons (location-based community alerts) are fully anonymous. When you post a beacon:
- Your identity is never attached to the beacon in any public-facing way.
- Other users cannot see who posted it — no name, handle, or avatar is displayed.
- Vouches and reports are tied to the beacon, not to any specific user.
- Beacons do not appear on your profile.
We retain an internal record linking beacons to accounts solely for abuse prevention. This record is never exposed through the app or API and is permanently destroyed if you delete your account.
5. Zero-Knowledge Encryption
Private messages are end-to-end encrypted (E2EE) using keys generated on your device. We have no way to decrypt or read your private conversations.
6. Third-Party Services
We use a limited number of third-party services to operate Sojorn. None are used for advertising or behavioral tracking:
- SendPulse — transactional and newsletter email delivery
- Cloudflare — CDN, DDoS protection, media storage (R2), and bot verification (Turnstile)
- Firebase Cloud Messaging — push notifications to your device
- OpenAI — automated content moderation (post text only; never private messages)
Private messages are end-to-end encrypted and are never sent to any third party, including AI services.
7. How We Use Your Data
We collect and use data to show you content you actually want to see and to sustain the platform. Here is exactly what that means — and what it doesn’t.
What we collect
Your preferences are categorical — broad interests you express through the content you engage with. Examples:
- You like baseball. You enjoy nature. You love rock music.
- You follow photography categories. You skip politics.
This is the kind of data we use to personalize your feed and, in the future, to serve relevant advertisements.
What we never collect or use
We will never build a profile of you as a person. We don’t know or care about your age, your employer, your family, your real name, or your physical address. Your data describes a user — not a person. If you’re not logged in, we have no idea who you are. Your preferences are tied to your Sojorn profile, not to your IP address, cookies, or device fingerprint.
Advertising model
In the future, we may serve advertisements to sustain the platform. These ads will be matched to categorical interests (e.g. “users who like outdoor content”) and the context of what you’re viewing — never through tracking pixels, browser fingerprinting, or cross-app surveillance. We will never sell your personal data to advertisers.
IP address logging
We do log IP addresses strictly for security purposes: preventing abuse, enforcing bans, and protecting the community from bad actors. An IP address in our system is associated with a user account — not a real-world identity. We do not use IP addresses for advertising, analytics, or any form of behavioral profiling.
Your data, your choice
All preference and interest data is tied entirely to your Sojorn account. If you delete your account, that data is permanently destroyed along with it — no residual profiles, no shadow archives, no "we keep it for 90 days just in case." Gone is gone.
8. Your Right to Vanish
You have full control over your account lifecycle from the Settings screen:
- Deactivate — hides your profile; all data preserved indefinitely. Reactivate anytime by logging back in.
- Delete — schedules permanent deletion after a 14-day grace period. Log back in to cancel. After 14 days, all data is irreversibly destroyed.
- Immediate Destroy — permanently and instantly erases all your data with double confirmation (in-app + email). There is no recovery.
When you leave, you leave. We do not retain hidden profiles or shadow data.
9. Data Security
We implement industry-standard security measures including encryption at rest and in transit, regular security audits, and access controls to protect your data from unauthorized access.
10. Sessions & Authentication
We use secure JSON Web Tokens (JWTs) and refresh tokens stored on your device to keep you logged in. These are not tracking cookies — they exist solely for authentication and expire automatically. We do not use third-party cookies or cross-site tracking of any kind.
11. International Data Transfers
Our primary servers are hosted by Hetzner in Germany, subject to EU data protection regulations. Media assets are stored via Cloudflare R2 (globally distributed). We apply appropriate safeguards to any cross-border data transfer.
12. Children's Privacy
Our services are not intended for anyone under the age of 16. We enforce an age gate at login and do not knowingly collect personal information from minors under 16.