Backread · Privacy

Privacy Policy

Effective 1 July 2026 · Backread (Pty) Ltd, Republic of South Africa

1. Who we are

Backread (Pty) Ltd, operating backread.app and the Backread apps. Contact: privacy@backread.app.

2. What we collect — the honest inventory

3. What we do NOT do

No selling or sharing of personal data with advertisers. No ad trackers. No training AI models on your archive.

4. Processors we use

Your data crosses borders as part of how the service works: Fly.io (hosting, United Kingdom), Cloudflare R2 (encrypted backups + media storage), xAI / OpenAI (categorisation, summaries, embeddings — the content of your saves is sent for processing), Lemon Squeezy (payments), and X Corp (the API your data comes from). We choose processors with strong security practices and update this list as reality changes.

5. Retention & backups

Your archive persists while your account exists — that's the product. Continuous encrypted off-site backups (7-day point-in-time). Deleted accounts: purged from the live database immediately; backup copies age out within 7 days.

6. Deletion & your rights

Your data originates and travels across several jurisdictions; we endeavour to comply with all applicable data protection laws and best practices wherever our users are. In practice, for every user regardless of location:

7. Security

Encryption in transit everywhere; OAuth tokens encrypted at rest; each account's data isolated per-tenant; continuous encrypted backups. No system is perfectly secure and we don't claim ours is — we apply current best practices, carefully. Found something? security.txt.

8. Children

Backread is not directed at children under 13; X itself requires users to be 13 or older.

9. Verified Snapshots — public pages & blockchain permanence

10. Changes & contact

We'll post material changes to this policy on this page with a new effective date, and note them in-app. Questions: privacy@backread.app.