Daff App legal
Privacy Policy
This Privacy Policy explains how Daff App collects, uses, stores, shares, and protects information when you browse the site, create an account, upload photos, use public media, or access the public API.
1. Scope
This Privacy Policy applies to daff.app, public pages, account features, photo uploads, public media, public API access, and related services operated by Connor DeLoach as an individual project. It does not cover third-party vendor websites linked from Daff App.
2. Information From Public Visitors
Daff App and its service providers may process:
- IP address, browser, device, user agent, requested URLs, referring pages, approximate network location, and log data;
- security, abuse, diagnostic, performance, and error information;
- basic web and product analytics information if Cloudflare Web Analytics, PostHog, or similar operational analytics are configured.
3. Account Information
If you sign in, Daff App may store:
- WorkOS/AuthKit user subject or identity reference;
- email address and email verification status;
- app user key, role, and account status;
- display name;
- reserved or generated handle, if present;
- sign-in and session-related metadata as needed.
Daff App does not directly manage user passwords. Authentication is handled through WorkOS/AuthKit.
4. Photo Upload Information
When you upload a photo, Daff App may store:
- the original uploaded image and private storage key;
- generated public renditions if the photo is accepted;
- daffodil record association and uploader account reference;
- display name, credit, license, timestamp, file type, and file size;
- optional caption, credit, source, or curation metadata when supported;
- moderation/review state, classifications, confidence values, review notes, actor type, rejection/removal reasons, and audit history.
5. What Becomes Public
If a photo is accepted and published, these may become public:
- public photo rendition and public image URL;
- daffodil record association and gallery/lightbox placement;
- display-name attribution;
- license label such as CC BY 4.0;
- caption, credit, or source metadata if provided and published.
These are not public by default:
- email address, WorkOS/AuthKit ID, private original file, pending uploads, rejected uploads, moderation notes, account role/status, private profile fields, and internal audit logs.
6. Image Metadata and EXIF
Public renditions may strip embedded EXIF/location metadata where practical, but Daff App does not promise that all metadata is removed. Private originals may retain metadata because they are stored as uploaded. Do not upload images with sensitive metadata, locations, people, addresses, or private information. Daff App does not intentionally display EXIF/location metadata publicly.
7. How Information Is Used
- operate and display the website;
- authenticate users and maintain accounts;
- receive, process, review, classify, moderate, accept, reject, publish, hide, or remove uploads;
- create public image renditions and provide attribution;
- operate the public API and public media routes;
- protect against spam, abuse, scraping abuse, malware, and security threats;
- debug, improve, secure, and administer the service;
- respond to legal, copyright, privacy, abuse, security, and support requests.
8. Public Content and AI Systems
Public pages, public API responses, and public photo pages may be indexed, searched, analyzed, copied, or used as input by automated systems, including search engines and AI systems, subject to applicable law and licenses. Published photos are available under CC BY 4.0. Pending uploads, private originals, account data, and moderation data are not public API content.
9. Service Providers
Daff App may use service providers for hosting, authentication, database, storage, email routing, logging, analytics, security, content delivery, and review/moderation workflows. Current or anticipated providers include Cloudflare, Convex, WorkOS/AuthKit, PostHog, and email routing/inbox providers. These providers process information to provide services to Daff App and have their own practices.
10. Cookies and Local Storage
Daff App may use cookies, local storage, or similar technologies for authentication, sessions, security, preferences, analytics, and basic operation.
11. Vendor Links
Vendor offer browsing is public. Daff App does not currently process purchases. When you click outbound vendor links, you leave Daff App and vendor sites may collect information under their own privacy policies.
12. Retention
Daff App may retain account data while the account is active, published photo metadata while a photo remains published, private originals and renditions as needed for service operation, review, moderation, legal, backup, and audit purposes, and records needed to handle copyright, abuse, removal, security, repeat infringer, or legal issues. Daff App does not promise a specific retention period unless required by applicable law.
13. User Choices and Requests
You may contact Daff App to request access, correction, account deletion, withdrawal of a pending photo upload, replacement, removal or unpublishing of a published photo, removal of attribution information where reasonably practicable, or help with privacy, copyright, or abuse issues. Contact privacy@daff.app.
Daff App will review photo-related requests, but unless action is legally required, Daff App may decide whether to remove, hide, unpublish, retain, replace, continue displaying, or modify attribution for published content. Account deletion, photo removal, replacement, unpublishing, or attribution changes do not revoke CC BY 4.0 rights already granted to Daff App or to the public for published photos. Daff App may retain limited records for legal, security, copyright, moderation, or operational reasons.
14. Children
Account creation and photo uploads are only for users age 18 or older. Daff App is not intended to collect personal information from children under 13. If Daff App learns it collected personal information from a child under 13, it will take appropriate steps, which may include deletion or account disabling.
15. International Users
Daff App is operated from the United States and is primarily intended for users in the United States. If you access Daff App from outside the United States, your information may be processed in the United States.
16. Security
Daff App uses reasonable technical and organizational measures designed to protect the service. No internet service can guarantee perfect security. Avoid uploading sensitive private information.
17. Changes
Daff App may update this Privacy Policy. Updates will be posted with a revised date. Material changes may be announced on the site or through account/email notice if practical.
18. Privacy Contact
- Privacy: privacy@daff.app
- Legal: legal@daff.app