What we keep,
and what we don’t.
This page describes what Bygone stores about you and what it does with that information. If you ever find a gap between this page and how the app behaves, please write to privacy@bygoneapp.com.
Summary. We store the things you put on Bygone so they work as a social app. We don’t sell anything to advertisers, we don’t embed third-party behavioural analytics, and we don’t track you across other apps or websites. There is no behavioural profile of you in our systems.
What we store
- Your account. Email, a hash of your password, handle, optional display name, optional bio, optional avatar, and birth year. We collect your birth year — not your full date of birth — to confirm you’re old enough to use Bygone.
- Your posts. The photo, caption, filter name, timestamp, and — only if you choose to add it — a location. See “Location” below for how that works.
- Your social graph. Who you follow and who follows you.
- Your interactions. Likes, comments, direct messages. End-to-end encryption for messages is on the 2026 Q4 roadmap.
- Device and usage. Device type, OS version, app version, IP address (for security and abuse prevention), session timestamps. Anonymized product analytics via PostHog — event names like
feed_viewedorlike_sent, not content. Crash reports via Sentry with PII scrubbed. - Notifications. If you turn on push notifications, we store a device push token so we can deliver them. Delivery runs through Expo’s push service. Turn notifications off in your OS settings any time and the token is revoked.
- Server logs. IP addresses, request paths, response codes — retained for 14 days for abuse and security, not joined with your account.
Location
Location is strictly opt-in and only happens when you ask for it in the moment. Bygone never reads your location in the background, on a timer, or when the app is closed. There are exactly two places it comes up:
- Tagging a post. When you tap to add your location to a post, the app asks for permission, reads your current position once, and looks up a short place name (like “Pittsburgh, Pennsylvania”) to suggest — you can edit or clear it. If you keep the location, both the place name and your precise coordinates — accurate enough to identify a specific spot, not just the city — are saved on that post. You can also just type a place name yourself without sharing coordinates.
- Seeing what’s nearby. When you open the “nearby” view, the app asks for permission and sends your current position to find recent public posts around you. We use it to answer that one request — we don’t attach it to your account or keep it afterward.
We only ever request foreground (“while using the app”) location, and only after you tap. The position we read is precise — the same full-resolution coordinates your device’s GPS reports — which is why both app stores list precise location among the data Bygone can collect. If you decline, both features still work — you just type a place name or skip the nearby view.
What we don’t do
- We don’t track your location in the background or build a history of where you’ve been. We only read it the moment you ask, for the two cases above.
- We don’t upload your contacts list or store your friends’ phone numbers. The “find friends” step sends phone numbers to our server over an encrypted connection only to match them; the server turns each number into a keyed, one-way hash and keeps only the hash. The raw numbers aren’t written to disk, and the contact list itself is never stored.
- We don’t track you between apps. We don’t ask for advertising IDs because there’s nothing on the other side of them.
- We don’t sell, license, or share your data with advertisers, data brokers, or third-party partners.
- We don’t use what you do on Bygone to train any machine-learning model — ours or anyone else’s.
How ads work
The free tier shows one sponsored post for every ten organic posts in the home feed. Those slots are untargeted — the same sponsored post runs for everyone in a given window. Each one carries a “Why am I seeing this?” link explaining what triggered it. Bygone Plus shows no ads.
Your controls
- Export your archive. A JSON archive with every post, comment, message, follower, and following — plus your media files. Settings → Data.
- Delete your account. Soft-deleted immediately, hard-deleted 30 days later. Posts, comments, messages, and follower relationships are removed along with it. Settings → Delete account, or via the web account-deletion page.
- Block, mute, report. Available on every profile and every post.
- Private account. Settings → Privacy. New followers require your approval.
Subprocessors
Bygone runs on a small set of subprocessors. Each one gets the minimum data it needs to do its job, and each is contractually required to protect it and use it only on our instructions.
- Supabase — authentication and Postgres database hosting.
- Cloudflare R2 — photo storage; files are private and served via short-lived signed URLs.
- Fly.io — API and worker compute.
- Upstash — Redis queue and caching.
- PostHog — anonymized product analytics.
- Sentry — crash reporting with PII scrubbed.
- Expo — delivery of push notifications.
- Resend — transactional email.
- RevenueCat — subscription processing for Bygone Plus.
- Apple — iOS app distribution and in-app purchase processing.
- Google — Android app distribution and in-app purchase processing.
- AdMob — contextual ads on the free tier (if and when ads ship). Targeting is contextual, not based on a profile we built from your behavior.
If a new subprocessor is added, this page is updated first.
Your rights
Access. Request a copy of your data from inside the app: Settings → Export my data.
Deletion. Delete your account from inside the app or from the web account-deletion page.
Object or restrict. Email privacy@bygoneapp.com to object to a specific use of your data.
GDPR (EEA and UK). The rights above are your legal entitlement under GDPR. CCPA (California). You have the right to know, to delete, and to opt out of sale. Bygone does not sell personal information.
Children
Bygone is for people 13 and older. We age-gate signup using your birth year. If we find out a child under 13 has created an account, we delete it.
Where data lives
Images are stored on Cloudflare R2. Account, social graph, and message data are stored in Supabase Postgres (us-east). Bygone is a US-based project. We honour GDPR data subject requests regardless of where you live.
Data retention
Active account: we keep your data as long as your account exists. Deleted account: 30-day soft-delete, then permanent erase. Server logs: 14 days.
Changes to this policy
When this page changes, the version and date at the top change. Substantial changes are also surfaced inside the app as a banner.
Get in touch
Questions about anything on this page: privacy@bygoneapp.com. We aim to respond within five working days.