Outprobe: Data Collection & App Permissions
Last Updated: March 20, 2026 Version: 1.0
1. App Permissions
1.1 Android Permissions
| Permission | Why We Need It | When Requested | Required? |
|---|---|---|---|
INTERNET | Core functionality — all API communication | Always (automatic) | Yes |
CAMERA | Taking photos for posts, profile pictures, media uploads | When user first tries to take a photo | No — can use gallery instead |
READ_MEDIA_IMAGES | Selecting photos from gallery for posts, profile, media uploads | When user first tries to upload an image | No — can skip media features |
READ_MEDIA_VIDEO | Selecting videos from gallery for posts and media uploads | When user first tries to upload a video | No — can skip media features |
READ_MEDIA_AUDIO | Selecting audio files for media uploads | When user first tries to upload audio | No — can skip media features |
WRITE_EXTERNAL_STORAGE | Saving downloaded media to device (Android 9 and below) | When user first tries to download media | No |
POST_NOTIFICATIONS | Push notifications for messages, mentions, community activity | After onboarding, user chooses | No — app works without notifications |
VIBRATE | Haptic feedback for notifications | Automatic with notifications | No |
RECEIVE_BOOT_COMPLETED | Restart notification listener after device reboot | Automatic if notifications enabled | No |
1.2 iOS Permissions
| Permission | Why We Need It | When Requested | Required? |
|---|---|---|---|
| Camera | Taking photos for posts, profile pictures, media uploads | When user first tries to take a photo | No |
| Photo Library | Selecting media from library for posts and uploads | When user first tries to upload media | No |
| Notifications | Push notifications for messages, mentions, community activity | After onboarding, user chooses | No |
| Face ID / Touch ID | Optional biometric lock for the app | If user enables it in settings | No |
1.3 Web Permissions
| Permission | Why We Need It | When Requested | Required? |
|---|---|---|---|
| Notifications (browser) | Push notifications for messages, mentions | User explicitly enables in settings | No |
| Camera (browser) | Taking photos directly in browser | When user tries to take a photo | No |
| Microphone | Voice messages (future) | When user tries to record audio | No |
| Clipboard | Copy share links, invite codes | When user clicks copy button | No |
1.4 Permissions We NEVER Request
| Permission | Why Not |
|---|---|
| Location (GPS) | We don't track location. If users share location in posts, they type it manually. |
| Contacts / Phone Book | We never access contacts. No "find friends" by phone number. |
| Phone / Call Logs | No reason to access. |
| SMS | No SMS-based verification (we use email). |
| Microphone (unless voice feature) | Not needed for current features. |
| Background Location | Never. |
| Body Sensors | Never. |
| Calendar | Never. |
| Activity Recognition | Never. |
2. Data We Collect
2.1 Account Data (User Provided)
| Data Point | Purpose | Storage Location | Retention | Can User Delete? |
|---|---|---|---|---|
| Email address | Login, password reset, essential notifications | PostgreSQL (encrypted at rest) | Until account deletion | Yes — delete account |
| Password | Authentication | PostgreSQL (bcrypt hashed, never plain text) | Until account deletion | Yes — delete account |
| Display name | Shown on profile and posts | PostgreSQL | Until account deletion | Yes — edit anytime |
| Username (handle) | Unique identifier, profile URL | PostgreSQL | Until account deletion | Yes — change in settings |
| Profile picture | Shown on profile, posts, comments | Cloudflare R2 + PostgreSQL (URL) | Until user removes or deletes account | Yes — remove anytime |
| Bio | Shown on profile | PostgreSQL | Until account deletion | Yes — edit anytime |
| Identity tags | Shown on profile (optional) | PostgreSQL | Until user removes | Yes — remove anytime |
| Date of birth | Age verification (not displayed publicly) | PostgreSQL | Until account deletion | Yes — delete account |
2.2 Content Data (User Created)
| Data Point | Purpose | Storage Location | Retention | Can User Delete? |
|---|---|---|---|---|
| Posts (text) | Community content | PostgreSQL | Until user deletes post or account | Yes |
| Post media (images, videos) | Community content | Cloudflare R2 | Until user deletes post or account | Yes |
| Comments | Discussion | PostgreSQL | Until user deletes comment or account | Yes |
| Direct messages | Private messaging | PostgreSQL (encrypted) | Until user deletes conversation or account | Yes |
| Probe messages | Group chat | PostgreSQL | Until user deletes or leaves probe | Yes |
| Media uploads (library) | Community media library | Cloudflare R2 + PostgreSQL | Until user/admin deletes or account deletion | Yes |
| Events | Community events | PostgreSQL | Until creator/admin deletes | Yes (if creator) |
| Initiatives | Community initiatives | PostgreSQL | Until creator/admin deletes | Yes (if creator) |
| Playlists | Curated content collections | PostgreSQL | Until creator deletes | Yes |
| Listings (marketplace) | Buy/sell items | PostgreSQL + R2 | Until seller removes or account deletion | Yes |
| Circle memberships | Personal friend groups | PostgreSQL | Until user modifies circles | Yes |
| Reactions | Post engagement | PostgreSQL | Until user removes reaction | Yes |
2.3 Community Data
| Data Point | Purpose | Storage Location | Retention | Can User Delete? |
|---|---|---|---|---|
| Community name, handle, description | Community identity | PostgreSQL | Until owner deletes community | Yes (owner) |
| Community avatar/banner | Community branding | Cloudflare R2 | Until owner changes or deletes community | Yes (owner) |
| Community settings | Configuration | PostgreSQL | Until owner changes or deletes community | Yes (owner) |
| Membership records | Who belongs to which community | PostgreSQL | Until member leaves or is removed | Yes (leave community) |
| Role assignments | Permission management | PostgreSQL | Until changed by admin | Yes (admin) |
| Application forms | Join requests for private communities | PostgreSQL | Until approved/rejected or community deletion | Yes (admin) |
2.4 Technical Data (Automatically Collected)
| Data Point | Purpose | Storage Location | Retention | Shared with Advertisers? |
|---|---|---|---|---|
| IP address | Security, rate limiting, abuse prevention | Server logs | 90 days, then deleted | Never |
| Device type (mobile/desktop/tablet) | Responsive UI rendering | Not stored persistently | Session only | Never |
| Browser/app version | Compatibility, bug fixing | Crash reports only | 90 days | Never |
| Crash reports | Bug fixing and stability | Error logging service | 90 days | Never |
| Aggregate page views | Platform health (e.g., "Explore had 5K views today") | Analytics (aggregate only) | 1 year | Never individually |
| Session tokens (JWT) | Authentication | Redis (in-memory) | Access: 15 min, Refresh: 7 days | Never |
| WebSocket connection state | Real-time features (typing, presence) | Redis (in-memory) | Duration of connection only | Never |
2.5 Data We NEVER Collect
| Data Point | Why Not |
|---|---|
| Browsing history (outside Outprobe) | Privacy — we don't track you outside our platform |
| Search history on other sites | Privacy — not our business |
| Location / GPS coordinates | Privacy — we have no location features |
| Contact list / phone book | Privacy — no "find friends by contacts" |
| Keystroke patterns / typing behavior | Privacy — creepy and unnecessary |
| Biometric data | Privacy — not needed |
| Financial / payment card details | Handled entirely by Google Play / payment processor. We never see card numbers. |
| Advertising identifiers (GAID/IDFA) | Privacy — we don't do personalized ads |
| Cross-app usage data | Privacy — we don't track other apps |
| Device IMEI or serial number | Privacy — not needed |
| Wi-Fi network information | Privacy — not needed |
| Installed apps list | Privacy — not needed |
| Clipboard contents (passively) | Privacy — we only access clipboard when user explicitly copies |
3. Data Flow
3.1 How Data Moves Through Our System
User's Device
│
├─ HTTPS/TLS 1.3 ──────────────────────────┐
│ │
▼ ▼
Cloudflare Edge Cloudflare R2
(CDN + WAF + DDoS protection) (Media storage)
│ - Images
│ IP logged for security (90 days) - Videos
│ - Documents
▼ - Encrypted at rest
Go Backend (Hetzner VPS)
│
├──► PostgreSQL (Neon)
│ - Account data
│ - Content data
│ - Community data
│ - Encrypted at rest
│
├──► Redis
│ - Sessions (15 min / 7 days)
│ - Real-time presence
│ - Timelines (cached)
│ - Rate limiting counters
│
└──► Meilisearch
- Search index
- Community/user/post search
- No sensitive data indexed
3.2 Encryption
| Layer | Method |
|---|---|
| In transit | HTTPS / TLS 1.3 (all connections) |
| At rest (database) | PostgreSQL encryption at rest |
| At rest (media) | Cloudflare R2 encryption at rest |
| Passwords | bcrypt hash (never stored in plain text) |
| Sessions | JWT (RS256 signed) |
| Direct messages | Encrypted in database |
3.3 Third-Party Data Sharing
| Third Party | What We Share | Why |
|---|---|---|
| Cloudflare | IP address (automatic via CDN) | CDN delivery, DDoS protection |
| Google Play | Purchase receipt, subscription status | Payment processing for Premium |
| Contextual ad network (future) | Community category only | Ad matching. Zero user data shared. |
We share ZERO user data with advertisers. Advertisers select a community category. We show the ad. They get aggregate impression/click counts. That's it.
4. User Rights & Controls
4.1 In-App Controls
| Control | Where | What It Does |
|---|---|---|
| Edit profile | Settings > Profile | Change name, bio, avatar, identity tags |
| Delete post | Post menu > Delete | Permanently removes post and its media |
| Delete comment | Comment menu > Delete | Permanently removes comment |
| Leave community | Community menu > Leave | Removes membership, your posts remain (anonymized if account deleted) |
| Delete conversation | DM settings > Delete | Removes conversation from your view |
| Manage circles | Circles settings | Add/remove members, delete circles |
| Notification preferences | Settings > Notifications | Control what notifications you receive |
| Delete account | Settings > Account > Delete | Permanently deletes all personal data within 30 days |
4.2 Data Requests
| Request | How | Response Time |
|---|---|---|
| Access my data | Email privacy@outprobe.com | Within 30 days |
| Export my data (JSON) | Settings > Account > Export Data | Immediate download |
| Delete my data | Settings > Account > Delete Account | Completed within 30 days |
| Correct my data | Edit in-app or email privacy@outprobe.com | Immediate (in-app) or 30 days (email) |
5. Cookie & Local Storage Policy (Web)
5.1 What We Store in Browser
| Item | Type | Purpose | Duration | Required? |
|---|---|---|---|---|
| Authentication token | Local Storage | Keep you logged in | Until logout or token expiry (7 days) | Yes (for login) |
| Theme preference | Local Storage | Remember light/dark mode | Indefinite | No (defaults to system) |
| Language preference | Local Storage | Remember UI language | Indefinite | No (defaults to browser) |
5.2 What We DO NOT Use
| Item | Why Not |
|---|---|
| Tracking cookies | We don't track users |
| Third-party cookies | We don't embed third-party trackers |
| Analytics cookies (Google Analytics, etc.) | We use aggregate server-side analytics only |
| Advertising cookies | We don't do personalized ads |
| Fingerprinting | We don't fingerprint browsers or devices |
Outprobe's web app uses only essential local storage for authentication and user preferences. No tracking. No cookies for advertising. No third-party scripts that set cookies.
6. Data Breach Policy
In the event of a data breach:
- Within 72 hours: We will assess the scope and severity of the breach
- Within 72 hours: We will notify relevant data protection authorities (as required by GDPR and applicable laws)
- As soon as possible: We will notify affected users via email with:
- What happened
- What data was affected
- What we are doing about it
- What users should do (e.g., change password)
- Ongoing: We will provide updates as the investigation progresses
- Post-incident: We will publish a post-mortem and implement measures to prevent recurrence
7. Children's Data
- Outprobe requires users to be at least 13 years old (or the minimum age in their country)
- We do not knowingly collect data from children under this age
- We do not use age-gated advertising or content targeting based on age
- If we discover a child's account, we will delete it and all associated data immediately
- Parents/guardians can contact privacy@outprobe.com to request deletion of a child's data
Questions about this policy? legal@outprobe.com