Data we process

• Account data: email, username, display name, password hash, avatar, bio, birth date, privacy settings, verification tier, and account status.
• Content: posts, NSFW flags, comments, replies, blogs, bookmarks, direct messages, reports, appeals, and uploaded media metadata.
• Security and moderation: sessions, OTPs, password reset tokens, rate-limit events, hashed IP addresses, audit logs, bans, reports, and appeal decisions.

Purposes and legal bases

• Provide accounts, posts, comments, DMs, bookmarks, privacy settings, and blogs: performance of a contract.
• OTP, password reset, rate limits, one-account-per-IP checks, audit logs, reports, and bans: legitimate interests in safety and security.
• Birth date and NSFW age-gating: safety, legal compliance, and legitimate interests in protecting minors.
• Legal requests and user-rights requests: legal obligation.

Birth date and minors

Birth date is collected during registration and cannot be changed from account settings. If you need to change your birth date, please contact us.

Account deletion and erasure

Self-deleting your account hides your profile, posts, comments, and account page. This is separate from a GDPR erasure request. To request erasure or another data-rights action, contact privacy@lory.dev.

Direct messages

Direct messages are private between participants but may be processed for delivery, safety, abuse reports, legal compliance, and security investigations.

Recommender system

The feed ranking uses recency, follows, engagement, author affinity, media, verification, NSFW preferences, and diversity. NSFW content is filtered for minors and for users who choose to hide it.

Retention

Account data is retained while the account exists. OTPs and password reset tokens expire quickly. Audit and moderation records should be kept only as long as needed for safety, fraud prevention, legal claims, or compliance.

Contact

Email privacy@lory.dev. We may need to verify your identity before completing a request.