Privacy Policy

What is Dings?

When you find something good, you ding it. Your network sees it. You see what they find. No algorithms, no ads — just people you actually know.

What Data We Collect

Account Information:

• Email address (for authentication)
• Username (public, visible to others)

Content You Create:

• URLs you save ("dings")
• Page titles (automatically fetched or manually entered)
• Timestamps of when you saved content

Social Graph:

• Your connections (people you follow)
• People who follow you
• Connection timestamps

Technical Data:

• Browser type and version (via User-Agent header)
• IP address (temporarily, for security and rate limiting)
• Session cookies (for authentication)

How We Use Your Data

• To provide the service: Display your dings, show you your network's dings, manage connections
• To secure your account: Authenticate you, prevent unauthorized access
• To prevent abuse: Rate limiting, spam prevention, security monitoring
• To improve the service: Understand usage patterns, fix bugs, add features

What We Don't Do

• We don't sell your data to third parties
• We don't use your data for advertising
• We don't track you across the web
• We don't share your email with anyone
• We don't use algorithms to manipulate what you see

Data Sharing

Public by Design:

• Your username and dings are public by default
• Anyone can view your profile at dings.surf/[username]
• People in your network (up to 3 hops) see your dings in their feed

Private by Default:

• Your email address is never shared or displayed publicly
• Your password is encrypted and never accessible
• Your connection list is visible only to you

Service Providers:

• Supabase: Database and authentication (see their privacy policy)
• Vercel: Hosting and deployment (see their privacy policy)

Data Retention

We keep your data as long as your account is active. When you delete your account:

• Your dings are deleted
• Your connections are removed
• Your account information is deleted
• Some data may be retained in backups for up to 90 days

Cookies

We use essential cookies only:

• Session cookies: Keep you logged in (httpOnly, secure)
• No tracking cookies: We don't use analytics, advertising, or tracking cookies

Your Rights

You have the right to:

• Access your data: View all your dings and connections anytime
• Export your data: Contact us for a data export (coming soon in the UI)
• Delete your data: Delete your account anytime
• Correct your data: Remove dings, manage connections

Security

• All traffic uses HTTPS encryption
• Passwords are hashed using industry-standard algorithms
• Session cookies are httpOnly and secure
• Input sanitization prevents injection attacks
• Rate limiting prevents abuse
• Regular security updates and monitoring

Chrome Extension

Our Chrome extension:

• Only activates when you click it
• Only accesses the current tab's URL and title
• Uses your existing dings.surf authentication
• Does not track or monitor your browsing
• Does not collect data from pages you don't explicitly ding

Children's Privacy

Dings is not intended for children under 13. We don't knowingly collect data from children. If we learn that we've collected data from a child under 13, we'll delete it immediately.

Changes to This Policy

We may update this policy occasionally. If we make significant changes, we'll notify you via email or a prominent notice on the site. Continued use after changes means you accept the updated policy.

Contact Us

Questions about privacy? Email us at privacy@dings.surf

This privacy policy was written in plain English on purpose. We believe privacy policies should be readable by humans, not just lawyers.