Privacy Policy

Giraf Privacy Policy

We believe you should always know what data we collect from you and how we use it, and that you should have meaningful control over both. We want to empower you to make the best decisions about the information that you share with us.

That’s the basic purpose of this Privacy Policy.

You should read this policy in full, but here are a few key things we hope you take away from it:

  • Giraf is public and submitted content is immediately viewable and searchable by anyone around the world. We may give you non-public ways to communicate on Giraf too, e.g. through protected posts and Direct Messages to other accounts. You can also use Giraf under a pseudonym if you prefer not to use your name.

  • When you use Giraf, even if you’re just looking at posts, we receive some personal information from you like the type of device you’re using and your IP address. You can choose to share additional information with us like your email address, phone number, address book contacts, and a public profile. We use this information for things like keeping your account secure and showing you more relevant content, people to follow, events, and ads.

  • In addition to information you share with us, we use your submissions, content you’ve read or otherwise engaged with, and other information to determine what topics you’re interested in, your age, the languages you speak, and other signals to show you more relevant content.

  • If you have questions about this policy, how we collect or process your personal data, or anything else related to our privacy practices, we want to hear from you. You can contact us at any time.

Information You Share With Us

We require certain information to provide our services to you. For example, you must have an account in order to upload or share content on Giraf. When you choose to share the information below with us, we collect and use it to operate our services.

1.1 Basic Account Information

You may not have to create an account to use some of our service features. If you do choose to create an account, you must provide us with some personal data so that we can provide our services to you. On Giraf this includes a display name (for example, “Giraf User”), a username (for example, @GirafUser), a password, and an email address or phone number. Your display name and username are always public, but you can use either your real name or a pseudonym. You can also create and manage multiple Giraf accounts, for example to express different parts of your identity.

1.2 Public Information

Most activity on Giraf is public, including your profile information, your time zone and language, when you created your account, and your submissions and certain information about your submissions like the date, time, and application and version of Giraf you submitted from. You also may choose to publish your location in your submissions or your Giraf profile. The lists you create, as well as people you follow and who follow you, are also public. Your archive of Saved items is private by default, although we may make public how many accounts have saved an item. You may also choose to make your archive of Saved items public. Information submitted about you by other people who use our services may also be public. For example, other people may mention you in a post.

You are responsible for your submissions and other information you provide through our services, and you should think carefully about what you make public, especially if it is sensitive information. If you update your public information on Giraf, such as by deleting a post or deactivating your account, we will reflect your updated content on, Giraf for iOS, and Giraf for Android.

In addition to providing your public information to the world directly on Giraf, we may also use technology like application programming interfaces (APIs) and embeds to make that information available to websites, apps, and others for their use - for example, displaying posts on a website or analyzing what people say on Giraf. But these individuals and companies are not affiliated with Giraf, and their offerings may not reflect updates you make on Giraf.

1.3 Contact Information and Address Books

We use your contact information, such as your email address or phone number, to authenticate your account and keep it - and our services - secure, and to help prevent spam, fraud, and abuse. We also use contact information to personalize our services, enable certain account features (for example, for two-factor authentication), and to send you information about our services. If you provide us with your phone number, you agree to receive text messages from Giraf to that number as your country’s laws allow. Giraf also uses your contact information to market to you as your country’s laws allow, and to help others find your account if your settings permit, including through third-party services and client applications.

You can choose to upload and sync your address book on Giraf so that we can help you find and connect with people you know and help others find and connect with you. We also use this information to better recommend content to you and others.

If you email us, we will keep the content of your message, your email address, and your contact information to respond to your request.

1.4 Direct Messages and Non-Public Communications

We may provide certain features that let you communicate more privately or control who sees your content. In future, we may provide, for example, a feature for you to use Direct Messages to have non-public conversations on Giraf, or to protect your submissions from public view. When you communicate with others by sending or receiving Direct Messages, we will store and process your communications and information related to them. This includes link scanning for malicious content, link shortening, detection of spam and prohibited images, and review of reported issues. We also use information about whom you have communicated with and when (but not the content of those communications) to better understand the use of our services, to protect the safety and integrity of our platform, and to show more relevant content. We share the content of your Direct Messages with the people you’ve sent them to; we do not use them to serve you ads. Note that if you interact in a way that would ordinarily be public with Giraf content shared with you via Direct Message, for instance by engaging with a post, those interactions will be public. When you use features like Direct Messages to communicate, remember that recipients have their own copy of your communications on Giraf - even if you delete your copy of those messages from your account - which they may duplicate, store, or re-share.

1.5 Payment Information

You may provide us with payment information, including your credit or debit card number, card expiration date, CVV code, and billing address, in order to purchase advertising or other offerings provided as part of our services.

1.6 How You Control the Information You Share with Us

In future, privacy and safety settings may let you decide:

  • Whether your submissions are publicly available on Giraf
  • Whether you will be able to receive Direct Messages from anyone on Giraf or just your followers
  • Whether others can find you based on your email or phone number
  • Whether you upload your address book to Giraf for storage and use
  • When and where you may see sensitive content on Giraf
  • Whether you want to block or mute other Giraf accounts

Additional Information We Receive About You

We receive certain information when you use our services or other websites or mobile applications that include our content, and from third parties including advertisers. Like the information you share with us, we use the data below to operate our services.

2.1 Location Information

We require information about your signup and current location, which we get from signals such as your IP address or device settings, to securely and reliably set up and maintain your account and to provide our services to you.

Subject to your settings, we may collect, use, and store additional information about your location - such as your current precise position or places where you’ve previously used Giraf - to operate or personalize our services including with more relevant content like local trends, stories, ads, and suggestions for people to follow.

Basic location data

Whenever you use Giraf, Giraf gets a general sense of your location from things like the network you’re using to access the Internet. This helps Giraf to provide you with relevant content.

Precise location data

In future, you may turn on Giraf’s location services, letting Giraf pinpoint your position. This will enable you to use additional features on Giraf, like posting with your precise location.

Post your location

You may choose to share your location publicly, letting everyone know you’re at an event, venue, or anywhere else.

2.2 Links

In order to operate our services, we keep track of how you interact with links across our services. This includes links in emails we send you and links in content that appears on other websites or mobile applications.

If you click on an external link or ad on our services, that advertiser or website operator might figure out that you came from Giraf, along with other information associated with the ad you clicked such as characteristics of the audience it was intended to reach. They may also collect other personal data from you, such as cookie identifiers or your IP address.

2.3 Cookies

A cookie is a small piece of data that is stored on your computer or mobile device. Like many websites, we use cookies and similar technologies to collect additional website usage data and to operate our services. Although most web browsers automatically accept cookies, many browsers’ settings can be set to decline cookies or alert you when a website is attempting to place a cookie on your computer. However, some of our services may not function properly if you disable cookies. When your browser or device allows it, we use both session cookies and persistent cookies to better understand how you interact with our services, to monitor aggregate usage patterns, and to personalize and otherwise operate our services such as by providing account security, personalizing the content we show you including ads, and remembering your language preferences. We do not support the Do Not Track browser option.

2.4 Log Data

We receive information when you view content on or otherwise interact with our services, which we refer to as “Log Data,” even if you have not created an account. For example, when you visit our websites, sign into our services, interact with our email notifications, use your account to authenticate to a third-party service, or visit a third-party service that includes Giraf content, we may receive information about you. This Log Data includes information such as your IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device information (including device and application IDs), search terms, and cookie information. We also receive Log Data when you click on, view, or interact with links on our services, including when you install another application through Giraf. We use Log Data to operate our services and ensure their secure, reliable, and robust performance. For example, we use Log Data to protect the security of accounts and to determine what content is popular on our services. We also use this data to improve the content we show you, including ads.

We use information you provide to us and data we receive, including Log Data and data from third parties, to make inferences like what topics you may be interested in, how old you are, and what languages you speak. This helps us better design our services for you and personalize the content we show you, including ads.

2.5 Giraf for Web Data

When you view our content on third-party websites that integrate Giraf content such as embedded posts or Post buttons, we may receive Log Data that includes the web page you visited. We use this information to better understand the use of our services, to protect the safety and integrity of our platform, and to show more relevant content, including ads. We do not associate this web browsing history with your name, email address, phone number, or username, and we delete, obfuscate, or aggregate it after no longer than 30 days. We do not collect this data from browsers that we believe to be located in the European Union or EFTA States.

2.6 Advertisers and Other Ad Partners

Advertising revenue allows us to support and improve our services. We use the information described in this Privacy Policy to help make our advertising more relevant to you, to measure its effectiveness, and to help recognize your devices to serve you ads on and off of Giraf. Our ad partners and affiliates share information with us such as browser cookie IDs, mobile device IDs, hashed email addresses, demographic or interest data, and content viewed or actions taken on a website or app. Some of our ad partners, particularly our advertisers, also enable us to collect similar information directly from their website or app by integrating our advertising technology.

If you are an advertiser or a prospective advertiser, we process your personal data to help offer and provide our advertising services.

2.7 Developers

If you access our APIs, we may process your personal data to help provide our services.

2.8 Other Third Parties and Affiliates

We may receive information about you from third parties who are not our ad partners, such as others on Giraf, partners who help us evaluate the safety and quality of content on our platform, our corporate affiliates, and other services you link to your Giraf account.

You may choose to connect your Giraf account to accounts on another service, and that other service may send us information about your account on that service. We use the information we receive to provide you features like cross-posting or cross-service authentication, and to operate our services. For integrations that Giraf formally supports, you may revoke this permission at any time from your application settings; for other integrations, please visit the other service you have connected to Giraf.

2.9 Personalizing Across Your Devices

When you log into Giraf on a browser or device, we will associate that browser or device with your account for purposes such as authentication, security, and personalization. Subject to your settings, we may also associate your account with browsers or devices other than those you use to log into Giraf (or associate your logged-out device or browser with other browsers or devices). We do this to operate and personalize our services. For example, if you visit websites with music content on your laptop, we may show you music-related ads on Giraf for iOS.

2.10 How You Control Additional Information We Receive

In future, your Giraf personalization and data settings may let you decide:

  • Whether we show you interest-based ads on and off Giraf
  • How we personalize your experience across devices
  • Whether we collect and use your precise location
  • Whether we personalize your experience based on where you’ve been
  • Whether we keep track of the websites where you see Giraf content

You may use your Giraf data to review:

  • Advertisers who have included you in tailored audiences to serve you ads
  • Demographic and interest data about your account from our ads partners
  • Information that Giraf has inferred about you such as your age range, gender, languages, and interests

We may also provide a version of these tools on Giraf if you don’t have a Giraf account, or if you’re logged out of your account. This would let you see the data and settings for the logged out browser or device you are using, separate from any Giraf account that uses that browser or device.

Information We Share and Disclose

As noted above, Giraf is designed to broadly and instantly disseminate information you share publicly through our services. In the limited circumstances where we disclose your private personal data, we do so subject to your control, because it’s necessary to operate our services, or because it’s required by law.

3.1 Sharing You Control

We share or disclose your personal data with your consent or at your direction, such as when you authorize a third-party web client or application to access your account or when you direct us to share your feedback with a business. If you’ve shared information like Direct Messages or protected posts with someone else who accesses Giraf through a third-party service, keep in mind that the information may be shared with the third-party service.

Subject to your settings, we may also provide certain third parties with personal data to help us offer or operate our services. For example, we may share with advertisers the identifiers of devices that saw their ads, to enable them to measure the effectiveness of our advertising business. We may also share device identifiers, along with the interests or other characteristics of a device or the person using it, to help partners decide whether to serve an ad to that device or to enable them to conduct marketing, brand analysis, interest-based advertising, or similar activities.

3.2 Service Providers

We engage service providers to perform functions and provide services to us in the United States and other countries. We may share your private personal data with such service providers subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and on the condition that the third parties use your private personal data only on our behalf and pursuant to our instructions. We share your payment information with payment services providers to process payments; prevent, detect, and investigate fraud or other prohibited activities; facilitate dispute resolution such as chargebacks or refunds; and for other purposes associated with the acceptance of credit and debit cards.

We use Google Maps APIs to provide place- or mapping-related features in our services. The Google Privacy Policy is available at

3.3 Law, Harm, and the Public Interest

Notwithstanding anything to the contrary in this Privacy Policy or controls we may otherwise offer to you, we may preserve, use, or disclose your personal data if we believe that it is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to protect the safety of any person; to protect the safety or integrity of our platform, including to help prevent spam, abuse, or malicious actors on our services, or to explain why we have removed content or accounts from our services; to address fraud, security, or technical issues; or to protect our rights or property or the rights or property of those who use our services. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your personal data.

3.4 Affiliates and Change of Ownership

In the event that we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your personal data may be sold or transferred as part of that transaction. This Privacy Policy will apply to your personal data as transferred to the new entity. We may also disclose personal data about you to our corporate affiliates in order to help operate our services and our affiliates’ services, including the delivery of ads.

3.5 Non-Personal Information

We share or disclose non-personal data, such as aggregated information like the total number of times people engaged with a submission, the number of people who clicked on a particular link in a submission (even if only one did), the topics that people are engaging with in a particular location, or reports to advertisers about how many people saw or clicked on their ads.

Managing Your Personal Information With Us

You control the personal data you share with us. In future we will provide you tools to object, restrict, or withdraw consent where applicable for the use of data you have provided to Giraf. We will make the data you shared through our services portable, and we provide easy ways for you to contact us.

4.1 Accessing or Rectifying Your Personal Data

If you have registered an account on Giraf, in future we will provide you with tools and account settings to access, correct, delete, or modify the personal data you provided to us and associated with your account.

4.2 Object, Restrict, or Withdraw Consent

In future, when you are logged into your Giraf account, you will be able to manage your privacy settings and other account features at any time.

4.3 Portability

In future, Giraf will provide you a means to download the information you have shared through our services.

4.4 Additional Information or Assistance

Thoughts or questions about this Privacy Policy? Please let us know by emailing us or writing to us at the appropriate address below.

If you live in the United States, the data controller responsible for your personal data is Giraf, PBC with an address of:

Giraf, PBC
Attn: Privacy Policy Inquiry
301 Cumberland St, #C6
Brooklyn, NY 11238

If you live outside the United States, the data controller is Giraf, PBC, with an address of:

Giraf, PBC
Attn: Privacy Policy Inquiry
301 Cumberland St, #C6
Brooklyn, NY 11238

If you are located in the European Union or EFTA States, you can contact Giraf’s Data Protection Officer here. If you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.

Children and Our Services

Our services are not directed to children, and you may not use our services if you are under the age of 13. You must also be old enough to consent to the processing of your personal data in your country (in some countries we may allow your parent or guardian to do so on your behalf).

Our Global Operations

To bring you our services, we operate globally. Where the laws of your country allow you to do so, you authorize us to transfer, store, and use your data in the United States and any other country where we operate. In some of the countries to which we transfer personal data, the privacy and data protection laws and rules regarding when government authorities may access data may vary from those of your country.

Changes to This Privacy Policy

We may revise this Privacy Policy from time to time. The most current version of the policy will govern our processing of your personal data and will always be at If we make a change to this policy that, in our sole discretion, is material, we will notify you via a service notification or email to the email address associated with your account. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.

Effective: January 26, 2021