Cookie Policy
This Cookie Policy explains how SocialGryd Limited ("SocialGryd", "we", "us") uses cookies, SDKs, local storage, and similar technologies on the SocialGryd website (socialgryd.com) and mobile apps. Read it together with our Privacy Policy, Sub-processors List, and Terms and Conditions.
1. What Cookies and Similar Technologies Are
Cookies are small text files placed on your device by a website. Similar technologies include local storage, session storage, pixel tags, and mobile SDKs that log events. We treat all of these as "cookies" for the purposes of this Policy.
2. Strictly Necessary
These cookies and SDKs are essential for the Platform to function. They are set without additional consent as permitted by Article 5(3) of the ePrivacy Directive and equivalent provisions.
| Technology | Purpose | Duration | Provider |
|---|---|---|---|
| Firebase Auth tokens | Authentication and session management | Session / persistent until sign-out | Google Firebase |
| Firebase App Check | Client integrity attestation and anti-abuse | Short-lived tokens (hours) | Google Firebase |
| Cookie consent preference | Remembering your cookie choices | 12 months | SocialGryd |
| CSRF / security tokens | Cross-site-request-forgery protection | Session | SocialGryd |
| Load balancer / CDN affinity | Request routing and rate-limit enforcement | Session | Google Cloud |
3. Analytics and Product Telemetry (Consent Required in EU/EEA/UK)
These technologies help us understand how people use the Platform. In the EU/EEA/UK, they are set only after you opt in via the cookie banner (website) or the first-launch consent bottom sheet (mobile app). Outside those regions the default is allow, with an in-app toggle in Settings > Data and privacy. Where these behave as strictly necessary for basic operational integrity (anti-fraud, service continuity), we may still run them in a pseudonymous and minimal configuration.
| Technology | Purpose | Duration | Provider |
|---|---|---|---|
| Firebase Analytics (web and app) | Page views, screen views, feature usage, funnels, cohorts. "Google signals" and ads-personalisation joins disabled at project level. | Up to 14 months | Google Firebase (processor) |
| Amplitude (planned) | Product analytics, funnels, A/B tests, cohort analysis. Not yet routing personal data in production. | Up to 14 months (when enabled) | Amplitude Inc. (processor) |
| Firebase Crashlytics | Crash reporting with device state and stack trace. Gated by the same consent posture as analytics in EU/EEA/UK. | 90 days | Google Firebase (processor) |
| Google Cloud Logging | Cloud Functions execution logs, including post text and AI category labels for the post-categorisation function. | Up to 30 days | Google Cloud (processor) |
4. Functional and Preference Storage
| Technology | Purpose | Duration | Provider |
|---|---|---|---|
| Local storage (SharedPreferences on Android, UserDefaults on iOS, window.localStorage on web) | Remembering settings, cached profile data, feed cache, invite history, story upload queue, selected city and radius, theme, and language | Persistent until you clear app data or sign out | SocialGryd |
| Image cache | Reducing repeated image downloads | Capped at 100 MB, auto-evicted | SocialGryd |
| Feed cache | Offline/first-load feed rendering | 1 hour auto-expiry | SocialGryd |
5. Email Tracking
Service and marketing emails from SocialGryd contain tracking technologies provided by our email sub-processor.
| Technology | Purpose | Duration | Provider |
|---|---|---|---|
| Resend tracking pixels and redirect links | Measure email delivery, opens, and clicks | Up to 12 months | Resend Inc. |
You can prevent email open tracking by disabling image loading in your email client, and you can unsubscribe from marketing emails using the link in each email or by emailing privacy@socialgryd.com. You cannot unsubscribe from service and safety emails while your account is active.
6. Third-Party Content Loaded at Runtime
The following third-party sources may be contacted by your browser or device when you use the Platform. Where a request is made, your IP address, user agent, and cookies associated with those third parties may be processed by them. Each acts as an independent controller for the data it sees (not as our sub-processor). See the Sub-processors List Section 6 for the role distinction.
| Source | Used for | Data seen by third party |
|---|---|---|
| Google Maps Platform | Map tiles, Places autocomplete, Geocoding (used only when you open a feature that needs a map or a place search) | IP address, search queries, coordinates when using the feature |
| Sign in with Apple / Google Sign-In | Authentication when you choose those sign-in providers | Authentication request, stable user identifier from the provider, optional name and email |
| Apple Push Notification service (APNs) | Push delivery on iOS | APNs device token, notification payload at delivery time |
| Link-preview targets (any URL you post) | Fetching OpenGraph / metadata previews | IP address and user agent of the device requesting the preview |
| Apple App Store / Google Play | In-app subscription billing | Purchase and subscription metadata per the respective store's own policies |
| App Store / Play Store Advertising ID | Measurement and crash attribution where permitted | Hashed identifiers subject to OS-level tracking controls |
Web fonts are self-hosted. We serve the Inter and Instrument Serif typefaces from our own origin (socialgryd.com/fonts/). The website does not make runtime requests to fonts.googleapis.com or fonts.gstatic.com.
7. Advertising Identifiers
On Android, the app may access your Google Advertising ID (AAID). On iOS, we rely on the IDFV (identifier-for-vendor) and, only where you permit via the App Tracking Transparency prompt, the IDFA (identifier-for-advertisers). We use these identifiers only for measurement, crash attribution, and service integrity. We do not use them for third-party advertising personalisation. You can reset or opt out of personalised advertising through your device settings (iOS: Settings > Privacy & Security > Tracking; Android: Settings > Privacy > Ads).
8. Third-Party Advertising
SocialGryd does not place its own third-party advertising cookies, pixels, or SDKs on the Platform, does not allow third-party advertising networks to drop tracking for the purpose of serving ads on our website, and does not participate in cross-context behavioural advertising as defined by the CCPA/CPRA.
This does not change the fact that some third-party services we rely on (listed in Section 6, for example Google Maps, Sign in with Apple, Google Sign-In, APNs, the Apple App Store, and Google Play) may set their own cookies or log your device when your browser or operating system contacts them. Those requests are not controlled by us, are not used by us to serve advertising, and are governed by each third party's own terms and privacy policy.
9. Your Choices
9a. Cookie Banner
When you first visit the website from an EU/EEA/UK IP address (or otherwise where local law requires), you see a cookie banner that lets you accept, reject, or customise non-essential cookies. You can change your mind at any time by clearing your browser cookies and revisiting, or by opening the "Cookie preferences" link in the website footer.
9b. Browser Settings
Most browsers let you block all cookies, block third-party cookies only, clear cookies on exit, or delete individual cookies. Blocking strictly-necessary cookies may prevent the website from working.
9c. Mobile Device Settings
- iOS: Settings > Privacy & Security > Tracking (disable "Allow Apps to Request to Track"); Settings > Privacy & Security > Analytics & Improvements for OS-level analytics
- Android: Settings > Privacy > Ads (opt out of ads personalisation or reset your advertising ID); Settings > Google > Ads
9d. Global Privacy Control (GPC)
We honour Global Privacy Control signals on our website. If your browser sends GPC, we treat it as an opt-out of non-essential tracking and as a state-law "Do Not Sell / Do Not Share" signal where applicable.
9e. In-App Controls
Within the SocialGryd apps, open Settings > Privacy & Data to adjust analytics, crash reporting, and advertising-identifier use. Some controls are enforced at the OS level as described above.
10. Changes
We may update this Cookie Policy to reflect new sub-processors, legal changes, or product changes. We publish updates on this page and refresh the "Last Updated" date. Material changes follow the notification process in the Privacy Policy Section 33.
11. Contact
Cookie questions: privacy@socialgryd.com. DPO: dpo@socialgryd.com.
SocialGryd Limited, Narva mnt 5, Kesklinna linnaosa, Tallinn, Harju maakond 10117, Estonia.