We believe you should always know what data we collect from you and how we use it, and that you should have meaningful control over both. We want to empower you to make the best decisions about the information that you share with us.
You should read this policy in full, but here are a few key things we hope you take away from it:
Giraf is public and submitted content is immediately viewable and searchable by anyone around the world. We may give you non-public ways to communicate on Giraf too, e.g. through protected posts and Direct Messages to other accounts. You can also use Giraf under a pseudonym if you prefer not to use your name.
When you use Giraf, even if you’re just looking at posts, we receive some personal information from you like the type of device you’re using and your IP address. You can choose to share additional information with us like your email address, phone number, address book contacts, and a public profile. We use this information for things like keeping your account secure and showing you more relevant content, people to follow, events, and ads.
In addition to information you share with us, we use your submissions, content you’ve read or otherwise engaged with, and other information to determine what topics you’re interested in, your age, the languages you speak, and other signals to show you more relevant content.
If you have questions about this policy, how we collect or process your personal data, or anything else related to our privacy practices, we want to hear from you. You can contact us at any time.
We require certain information to provide our services to you. For example, you must have an account in order to upload or share content on Giraf. When you choose to share the information below with us, we collect and use it to operate our services.
You may not have to create an account to use some of our service features. If you do choose to create an account, you must provide us with some personal data so that we can provide our services to you. On Giraf this includes a display name (for example, “Giraf User”), a username (for example, @GirafUser), a password, and an email address or phone number. Your display name and username are always public, but you can use either your real name or a pseudonym. You can also create and manage multiple Giraf accounts, for example to express different parts of your identity.
Most activity on Giraf is public, including your profile information, your time zone and language, when you created your account, and your submissions and certain information about your submissions like the date, time, and application and version of Giraf you submitted from. You also may choose to publish your location in your submissions or your Giraf profile. The lists you create, as well as people you follow and who follow you, are also public. Your archive of Saved items is private by default, although we may make public how many accounts have saved an item. You may also choose to make your archive of Saved items public. Information submitted about you by other people who use our services may also be public. For example, other people may mention you in a post.
You are responsible for your submissions and other information you provide through our services, and you should think carefully about what you make public, especially if it is sensitive information. If you update your public information on Giraf, such as by deleting a post or deactivating your account, we will reflect your updated content on https://giraf.app, Giraf for iOS, and Giraf for Android.
In addition to providing your public information to the world directly on Giraf, we may also use technology like application programming interfaces (APIs) and embeds to make that information available to websites, apps, and others for their use - for example, displaying posts on a website or analyzing what people say on Giraf. But these individuals and companies are not affiliated with Giraf, and their offerings may not reflect updates you make on Giraf.
We use your contact information, such as your email address or phone number, to authenticate your account and keep it - and our services - secure, and to help prevent spam, fraud, and abuse. We also use contact information to personalize our services, enable certain account features (for example, for two-factor authentication), and to send you information about our services. If you provide us with your phone number, you agree to receive text messages from Giraf to that number as your country’s laws allow. Giraf also uses your contact information to market to you as your country’s laws allow, and to help others find your account if your settings permit, including through third-party services and client applications.
You can choose to upload and sync your address book on Giraf so that we can help you find and connect with people you know and help others find and connect with you. We also use this information to better recommend content to you and others.
If you email us, we will keep the content of your message, your email address, and your contact information to respond to your request.
We may provide certain features that let you communicate more privately or control who sees your content. In future, we may provide, for example, a feature for you to use Direct Messages to have non-public conversations on Giraf, or to protect your submissions from public view. When you communicate with others by sending or receiving Direct Messages, we will store and process your communications and information related to them. This includes link scanning for malicious content, link shortening, detection of spam and prohibited images, and review of reported issues. We also use information about whom you have communicated with and when (but not the content of those communications) to better understand the use of our services, to protect the safety and integrity of our platform, and to show more relevant content. We share the content of your Direct Messages with the people you’ve sent them to; we do not use them to serve you ads. Note that if you interact in a way that would ordinarily be public with Giraf content shared with you via Direct Message, for instance by engaging with a post, those interactions will be public. When you use features like Direct Messages to communicate, remember that recipients have their own copy of your communications on Giraf - even if you delete your copy of those messages from your account - which they may duplicate, store, or re-share.
You may provide us with payment information, including your credit or debit card number, card expiration date, CVV code, and billing address, in order to purchase advertising or other offerings provided as part of our services.
In future, privacy and safety settings may let you decide:
We receive certain information when you use our services or other websites or mobile applications that include our content, and from third parties including advertisers. Like the information you share with us, we use the data below to operate our services.
We require information about your signup and current location, which we get from signals such as your IP address or device settings, to securely and reliably set up and maintain your account and to provide our services to you.
Subject to your settings, we may collect, use, and store additional information about your location - such as your current precise position or places where you’ve previously used Giraf - to operate or personalize our services including with more relevant content like local trends, stories, ads, and suggestions for people to follow.
Whenever you use Giraf, Giraf gets a general sense of your location from things like the network you’re using to access the Internet. This helps Giraf to provide you with relevant content.
In future, you may turn on Giraf’s location services, letting Giraf pinpoint your position. This will enable you to use additional features on Giraf, like posting with your precise location.
You may choose to share your location publicly, letting everyone know you’re at an event, venue, or anywhere else.
In order to operate our services, we keep track of how you interact with links across our services. This includes links in emails we send you and links in content that appears on other websites or mobile applications.
If you click on an external link or ad on our services, that advertiser or website operator might figure out that you came from Giraf, along with other information associated with the ad you clicked such as characteristics of the audience it was intended to reach. They may also collect other personal data from you, such as cookie identifiers or your IP address.
We receive information when you view content on or otherwise interact with our services, which we refer to as “Log Data,” even if you have not created an account. For example, when you visit our websites, sign into our services, interact with our email notifications, use your account to authenticate to a third-party service, or visit a third-party service that includes Giraf content, we may receive information about you. This Log Data includes information such as your IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device information (including device and application IDs), search terms, and cookie information. We also receive Log Data when you click on, view, or interact with links on our services, including when you install another application through Giraf. We use Log Data to operate our services and ensure their secure, reliable, and robust performance. For example, we use Log Data to protect the security of accounts and to determine what content is popular on our services. We also use this data to improve the content we show you, including ads.
We use information you provide to us and data we receive, including Log Data and data from third parties, to make inferences like what topics you may be interested in, how old you are, and what languages you speak. This helps us better design our services for you and personalize the content we show you, including ads.
When you view our content on third-party websites that integrate Giraf content such as embedded posts or Post buttons, we may receive Log Data that includes the web page you visited. We use this information to better understand the use of our services, to protect the safety and integrity of our platform, and to show more relevant content, including ads. We do not associate this web browsing history with your name, email address, phone number, or username, and we delete, obfuscate, or aggregate it after no longer than 30 days. We do not collect this data from browsers that we believe to be located in the European Union or EFTA States.
If you are an advertiser or a prospective advertiser, we process your personal data to help offer and provide our advertising services.
If you access our APIs, we may process your personal data to help provide our services.
We may receive information about you from third parties who are not our ad partners, such as others on Giraf, partners who help us evaluate the safety and quality of content on our platform, our corporate affiliates, and other services you link to your Giraf account.
You may choose to connect your Giraf account to accounts on another service, and that other service may send us information about your account on that service. We use the information we receive to provide you features like cross-posting or cross-service authentication, and to operate our services. For integrations that Giraf formally supports, you may revoke this permission at any time from your application settings; for other integrations, please visit the other service you have connected to Giraf.
When you log into Giraf on a browser or device, we will associate that browser or device with your account for purposes such as authentication, security, and personalization. Subject to your settings, we may also associate your account with browsers or devices other than those you use to log into Giraf (or associate your logged-out device or browser with other browsers or devices). We do this to operate and personalize our services. For example, if you visit websites with music content on your laptop, we may show you music-related ads on Giraf for iOS.
In future, your Giraf personalization and data settings may let you decide:
You may use your Giraf data to review:
We may also provide a version of these tools on Giraf if you don’t have a Giraf account, or if you’re logged out of your account. This would let you see the data and settings for the logged out browser or device you are using, separate from any Giraf account that uses that browser or device.
As noted above, Giraf is designed to broadly and instantly disseminate information you share publicly through our services. In the limited circumstances where we disclose your private personal data, we do so subject to your control, because it’s necessary to operate our services, or because it’s required by law.
We share or disclose your personal data with your consent or at your direction, such as when you authorize a third-party web client or application to access your account or when you direct us to share your feedback with a business. If you’ve shared information like Direct Messages or protected posts with someone else who accesses Giraf through a third-party service, keep in mind that the information may be shared with the third-party service.
Subject to your settings, we may also provide certain third parties with personal data to help us offer or operate our services. For example, we may share with advertisers the identifiers of devices that saw their ads, to enable them to measure the effectiveness of our advertising business. We may also share device identifiers, along with the interests or other characteristics of a device or the person using it, to help partners decide whether to serve an ad to that device or to enable them to conduct marketing, brand analysis, interest-based advertising, or similar activities.
We share or disclose non-personal data, such as aggregated information like the total number of times people engaged with a submission, the number of people who clicked on a particular link in a submission (even if only one did), the topics that people are engaging with in a particular location, or reports to advertisers about how many people saw or clicked on their ads.
You control the personal data you share with us. In future we will provide you tools to object, restrict, or withdraw consent where applicable for the use of data you have provided to Giraf. We will make the data you shared through our services portable, and we provide easy ways for you to contact us.
If you have registered an account on Giraf, in future we will provide you with tools and account settings to access, correct, delete, or modify the personal data you provided to us and associated with your account.
In future, when you are logged into your Giraf account, you will be able to manage your privacy settings and other account features at any time.
In future, Giraf will provide you a means to download the information you have shared through our services.
If you live in the United States, the data controller responsible for your personal data is Giraf, PBC with an address of:
301 Cumberland St, #C6
Brooklyn, NY 11238
If you live outside the United States, the data controller is Giraf, PBC, with an address of:
301 Cumberland St, #C6
Brooklyn, NY 11238
If you are located in the European Union or EFTA States, you can contact Giraf’s Data Protection Officer here. If you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.
Our services are not directed to children, and you may not use our services if you are under the age of 13. You must also be old enough to consent to the processing of your personal data in your country (in some countries we may allow your parent or guardian to do so on your behalf).
To bring you our services, we operate globally. Where the laws of your country allow you to do so, you authorize us to transfer, store, and use your data in the United States and any other country where we operate. In some of the countries to which we transfer personal data, the privacy and data protection laws and rules regarding when government authorities may access data may vary from those of your country.
Effective: January 26, 2021