← Back to Proto-Graph

Privacy Policy

Last updated: April 23, 2026

What this is

Proto-Graph is a small, private photo-sharing site for residents of Proto-Town. It is run by Earthship. This page explains what data we collect, why we collect it, and what you can do about it. It is written in plain language on purpose.

When we say "we" or "us" we mean Earthship operating Proto-Graph. When we say "you" we mean the person using Proto-Graph — in the browser or in the iOS or Android app.

Data we collect

Account data

When you sign up we store your email address, a hashed password (if you chose a password), and a profile row with a username, display name, optional bio, and optional avatar image. If you sign in with Google we also receive the name and profile picture Google shares with us during OAuth, and store them in the same profile row.

Content data

We store the photos you upload, the captions you write, the comments you leave on other people's posts, and the record that you liked a post. Photos are cropped to square and converted to WebP in your browser before upload. Every post, like, and comment is visible to every other signed-in Proto-Graph user.

Activity data

We store notifications for you when someone likes or comments on your posts, and a "last seen" timestamp so the feed knows when to show you the "you're all caught up" line. These are tied to your account.

Session data

When you sign in, we set an authentication cookie (sb-*-auth-token) so the server can recognize you on your next request. This cookie is required for the site to work. We do not set marketing or advertising cookies.

Device data

In the iOS and Android apps we may store a small flag on your device (proto-graph:biometric-enabled) to remember that you turned on Face ID / fingerprint unlock. This flag stays on your device and is not sent to our servers. Our servers may also see standard request metadata like your IP address and user agent in ordinary access logs kept by our hosting providers.

Push notifications (coming soon)

We are planning to add push notifications for likes and comments on your posts. When that ships, the iOS and Android apps will ask for permission to send notifications, and if you agree we will store an Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) device token against your account so we can route the notification to the right device. You will be able to turn this off in your phone's settings. We do not collect push tokens today.

How we use it

We use the data above to run Proto-Graph: to show you the feed, to show your posts to other users, to sign you in, to tell you when someone interacts with your post, and to let you manage your own profile. We do not sell your data. We do not share it with advertisers. We do not use it to build advertising profiles. We do not run third-party analytics or tracking scripts today.

Who we share it with

Proto-Graph is built on top of a few vendors. Your data touches their systems in the course of normal use:

  • Supabase — hosts our database, user accounts, and photo storage. Your account, posts, likes, comments, and uploaded images live in a Supabase project in the United States.
  • Vercel — hosts the Proto-Graph web app and serves requests from your browser. Standard request logs (IP, user agent, path) pass through Vercel.
  • Google— only if you choose "Sign in with Google." Google receives that you used their service to sign into Proto-Graph and returns a minimal profile to us. If you don't use Google sign-in, Proto-Graph does not talk to Google about you.

We may also disclose data if a valid legal request requires it. We'd tell you about it unless we're legally prohibited from doing so.

Cookies and session tokens

The only cookie we rely on is the Supabase session cookie (sb-*-auth-token), which proves you're signed in. It is set when you log in and cleared when you sign out. We do not set marketing, advertising, or third-party tracking cookies.

Your rights

You can edit your profile (display name, username, avatar, bio) from your profile settings. You can delete your own photos and your own comments at any time from inside the app. You can export your account data, or fully delete your Proto-Graph account, from your profile settings. When you delete your account we delete your profile, your posts, your likes, your comments, your notifications, and your uploaded images.

If you live somewhere with additional privacy rights (for example, the EU/UK under GDPR or California under CCPA), you can exercise them by contacting us using the address below.

Data retention

We keep your account and content until you delete them or until you delete your account. If you delete a post, its image file, likes, and comments go with it. If you delete your account, everything tied to it goes with it. Ordinary hosting logs (the kind our vendors keep) are retained per those vendors' standard policies.

Children

Proto-Graph is not directed at children under 13 and we don't knowingly collect data from them. If you believe a child under 13 has created an account, contact us and we'll remove it.

Changes to this policy

If we change what we collect or how we use it, we'll update this page and bump the "Last updated" date at the top. For material changes we'll also try to tell you inside the app.

Contact

Questions, data export requests, or deletion requests: privacy@proto.town.