private.
ephemeral.
text only.

01 / INTRODUCTIONWhat this policy covers

stdout.chat is a private, interest-based text chat service. We connect you with other users for conversations based on shared interests — no accounts, no history, no personal information required.

This Privacy Policy describes what limited technical data we process to operate the service, prevent abuse, and fulfill legal obligations. We are committed to collecting as little as possible.

By using stdout.chat, you agree to the practices described in this policy. If you do not agree, please discontinue use of the service.

02 / COLLECTIONInformation we collect

stdout.chat is designed with privacy as the default. We collect only what is technically necessary to operate the service.

Device Identifier

When you first launch the app, a randomly generated pseudonymous identifier (Device ID) is created and stored locally on your device in the iOS Keychain. This identifier:

• Is a random UUID — not derived from hardware, fingerprinting, or any personal data
• Is not linked to your name, email, phone number, or Apple ID
• Is used only within stdout.chat for the purposes listed below
• Can be effectively reset by deleting and reinstalling the app

The Device ID is transmitted to our server for:

• Maintaining your pseudonymous reputation score between sessions
• Enabling the /block command (stored locally on your device only)
• Moderating abuse through ban enforcement
• Pairing you with compatible users via the rating-based matchmaking system

The Device ID is not used for tracking across apps or services and is not shared with third parties for advertising purposes.

IP Address

Your IP address is processed by our server infrastructure. It is used for:

• Rate limiting to prevent abuse and spam
• Connection flood protection (max 3 simultaneous connections per IP)
• Short-term ban enforcement following automated moderation triggers
• Standard infrastructure security monitoring

IP addresses are not stored permanently. Temporary records may be retained to enforce active bans; these are automatically deleted once the ban expires (maximum 30 days for most cases). IP addresses are not used to identify individual users and are not combined with other data to build user profiles.

Usage Metrics

We store the following pseudonymous metrics linked to your Device ID:

All metrics are stored pseudonymously — linked to a random Device ID, not to any personal identity.

Report Data

When you use the /report command, the following is recorded:

• The Device ID of the reported user (if available)
• A limited portion of recent messages (for example, up to 10 messages)
• A timestamp of the report

This information is used solely for moderation and abuse prevention. Reported message content is reviewed and is not retained longer than necessary for moderation purposes.

Connection Metadata

For operational diagnostics, we briefly log connection and disconnection timestamps, session duration, and error events. This data is used solely to monitor server health and detect abnormal usage patterns. It is not tied to message content or personal identity.

Shouts

The /shout command broadcasts a message to all currently connected users. Shout content is temporarily held in memory to deliver the broadcast and is not written to persistent storage. After delivery, shout content is discarded. A short-lived status record (sent/expired) is retained for moderation purposes for up to 5 minutes, after which it is automatically purged.

Purchase Records

When you purchase credits via in-app purchase, a transaction record is stored containing the anonymized Apple transaction ID and the credit amount credited. No payment card or billing information is ever transmitted to or stored by stdout.chat. All payment processing is handled exclusively by Apple.

03 / NOT COLLECTEDInformation we do not collect

stdout.chat intentionally avoids collecting personal data. The following are never collected or stored:

• Message content or conversation transcripts outside of temporary storage used for moderation (e.g., reports)
• Your name, username, email address, or phone number
• Your Apple ID or any Apple account information
• Precise location data or GPS coordinates
• Device hardware identifiers (IDFA, IDFV, serial number)
• Contacts, photos, microphone, or camera data
• Browsing history or cross-app tracking data
• Third-party analytics or advertising SDKs (the stdout.chat website uses Vercel Web Analytics for basic page view metrics — this collects no personal data, sets no cookies, and does not track individual users)
• Cookies for tracking or advertising purposes

Conversations are ephemeral by default. Once a session ends, message content is not stored. However, in cases where a report is submitted, a limited portion of the conversation may be temporarily retained for moderation purposes. Outside of these limited cases, we cannot retrieve past conversations.

04 / USEHow we use information

We use the limited data we collect exclusively for the following purposes:

Operating the Service

• Connecting you with compatible users via rating-based matchmaking
• Delivering your messages in real time during an active session
• Processing /shout broadcasts to online users
• Tracking your credit balance for in-app features

Safety & Abuse Prevention

• Enforcing automated bans based on report thresholds
• Rate limiting to prevent spam and connection floods
• Detecting and blocking abusive usage patterns
• Enabling /block so users can avoid each other

Reputation & Quality

• Calculating and maintaining your pseudonymous reputation score
• Matching users at similar reputation levels for better conversations
• Displaying your rank via /score

Infrastructure & Security

• Monitoring server health and stability
• Diagnosing technical issues
• Security hardening and intrusion detection

05 / RETENTIONHow long we keep data

Automated cleanup jobs run daily to remove expired data. You may request deletion of data associated with your Device ID by contacting us at [email protected].

06 / SHARINGSharing of information

We do not sell, rent, or trade your data. Sharing is limited to the following circumstances:

Infrastructure Providers

We use third-party providers to operate our infrastructure. These providers may process limited technical data as part of normal infrastructure operation:

• Vercel — website hosting; may process standard web access logs
• Hetzner — chat server hosting in the European Union
• Apple — handles all in-app payment processing; we receive only anonymized transaction confirmations
• AWS — credential and secret management (no user data stored)

These providers are engaged under data processing agreements and are not permitted to use your data for their own purposes.

Legal Obligations

We may disclose limited technical data (such as IP addresses or ban records) if required by law or in response to a valid court order or legal process. Message content is not stored after ordinary sessions end; however, if a report has been submitted, a limited portion of recent messages may be temporarily available for moderation purposes and could be disclosed if legally required.

Emergency Safety

In situations involving credible threat of serious harm, we may share limited available technical data with appropriate authorities.

07 / IAPIn-app purchases & credits

stdout.chat offers in-app purchases of Credits — the in-app currency used to send /shout broadcasts and unlock features.

What Apple Handles

All payment processing is managed exclusively by Apple through the App Store. stdout.chat never receives, processes, or stores:

• Credit card or debit card numbers
• Bank account information
• Apple Pay payment credentials
• Billing address or personal financial information

Apple's privacy practices are governed by the Apple Privacy Policy.

What We Store

Upon successful purchase, we store an anonymized Apple transaction ID (for duplicate-prevention and audit), the number of Credits added to your balance, and a timestamp of the transaction. This is linked to your Device ID (not to your Apple ID or identity). Purchase records are retained for a minimum of 7 years for financial record-keeping compliance.

Refunds

Refund requests are handled through Apple. Contact Apple Support or visit reportaproblem.apple.com. We cannot process refunds directly.

08 / SECURITYData security

We implement technical and organizational measures appropriate to the limited data we handle:

• All communications are encrypted via TLS 1.2+ (HTTPS/WSS)
• Certificate pinning in the iOS app prevents man-in-the-middle attacks
• Device IDs stored in the iOS Keychain (encrypted at rest by the OS)
• Server access restricted via SSH key authentication only
• Rate limiting and connection throttling to prevent DoS attacks
• Credentials managed via AWS Secrets Manager (not stored in code or plain config)
• Automated ban systems reduce human exposure to reported content
• Firewall rules limit external access to production services

No online service can guarantee absolute security. In the event of a data breach affecting personal data, we will notify affected parties as required by applicable law.

09 / ELIGIBILITYAge eligibility

stdout.chat is intended for adult users only (18+). By using this service, you confirm that you meet the age requirement set out in the Terms of Service.

We do not knowingly collect any information from minors. The service is not directed to minors, and we do not market to minors.

If you are a parent or guardian and believe a minor has accessed stdout.chat, please contact us immediately at [email protected]. We will take prompt action to restrict access and delete any data that may have been associated with the account.

10 / RIGHTSYour rights

Depending on your jurisdiction, you may have rights regarding the limited data we process.

Access

You may request a summary of the pseudonymous data associated with your Device ID (score, report count, ban status). Note that we cannot identify you without your Device ID, which you must provide in your request.

Deletion

You may request deletion of your pseudonymous profile data. To effectively reset your data, you may also delete and reinstall the app — this generates a new Device ID, severing any link to prior activity.

Portability

You may request a copy of the pseudonymous data associated with your Device ID in a structured format.

Objection & Restriction

You may object to processing based on our legitimate interests. If you believe processing is unlawful, you may request restriction.

GDPR (EU/EEA Residents)

If you are located in the EU or EEA, the legal basis for processing is our legitimate interest in operating a secure, functional service (Article 6(1)(f) GDPR). You have the right to lodge a complaint with your local supervisory authority.

California Residents (CCPA/CPRA)

California residents have the right to know what personal information is collected, the right to delete, the right to opt-out of sale (we do not sell data), and the right to non-discrimination. Because we do not collect personal information as defined by the CCPA, most provisions do not apply — but we honor all requests in good faith.

11 / INTERNATIONALInternational data processing

stdout.chat infrastructure is hosted primarily in the European Union (Hetzner, Germany). The website is served globally via Vercel's edge network. By using the service from any jurisdiction, you consent to the processing of limited technical data as described in this policy.

We do not transfer data to countries with inadequate data protection standards without appropriate safeguards.

12 / CHANGESChanges to this policy

We may update this Privacy Policy to reflect changes in the service, legal requirements, or our practices. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Post a notice on the website or within the app

Continued use of stdout.chat after the effective date of any updated policy constitutes acceptance of the changes. If you do not agree to the updated policy, please discontinue use of the service.

Previous versions of this policy may be requested by contacting [email protected].

13 / DELETIONData deletion

You may request deletion of any data associated with your Device ID at any time.

To submit a deletion request, please contact us at [email protected].

We will process deletion requests within a reasonable timeframe in accordance with applicable laws. To help us locate your data, please include your Device ID (available via /score or app settings).

14 / CONTACTContact

For privacy-related questions, data requests, or concerns:

• Email: [email protected]
• Subject line: Privacy Request
• Response time: up to 30 days