Coopeverything
HomeDashboardFeedGroupsHow We DecideForumProposalsEconomyBridge

About

  • Manifesto
  • Cooperation Paths

Documentation

  • Modules
  • Contributing

Community

  • GitHub
  • Forum
  • Groups

Tools

  • Bridge Assistant
  • Design System
  • Search

© 2025 Coopeverything. Powered by TogetherOS.

Privacy|Terms

Privacy Policy

Last updated: November 13, 2025

Introduction

TogetherOS is a cooperation-first platform designed to help communities self-organize through transparent governance, collaborative tools, and shared resources. This Privacy Policy explains how we collect, use, store, and protect your personal information.

We are committed to privacy-first practices: minimal data collection, no tracking pixels, no third-party analytics, and user control over your information.

Data We Collect

1. User-Created Posts

When you create posts on TogetherOS, we collect and store:

  • Post title (optional, maximum 200 characters)
  • Post content (markdown format, maximum 5000 characters)
  • Topic tags (1-5 per post)
  • Creation and update timestamps
  • Your TogetherOS user ID
  • Optional group association (if post is scoped to a group)
  • Post status (active, archived, flagged, or hidden)

2. Social Media Imports

When you import a social media post URL (Instagram, TikTok, Twitter, Facebook, YouTube, or LinkedIn), we collect and cache:

  • The source URL you provided
  • Preview metadata: title, description, thumbnail image URL
  • Original author's public username or handle (from the social media platform)
  • Platform identifier (e.g., "instagram", "tiktok")
  • Timestamp when the preview was fetched

What we DO NOT collect:

  • Your social media account credentials
  • Your social media profile data
  • Social media followers or following lists
  • Private social media messages
  • Social media post analytics (likes, comments, shares)
  • Raw HTML content from social media posts

3. Technical Data

For security and abuse prevention, we temporarily process:

  • IP addresses: Used only for rate limiting (30 requests per hour). Stored in memory for 1 hour maximum, then automatically discarded. Never persisted to our database.
  • Request headers: User-Agent header sent to social media platforms to identify TogetherOS when fetching previews.

How We Use Your Data

We use the collected data for the following purposes:

  • Display your posts in the community feed
  • Generate link previews for social media URLs you import
  • Enable discussions and community features around your posts
  • Prevent abuse through rate limiting (30 requests/hour per IP)
  • Improve platform functionality and user experience

We do NOT: Use your data for advertising, sell your data to third parties, or track your activity across other websites.

Third-Party Data Sharing

When you import a social media URL, TogetherOS fetches publicly available metadata from that platform (Instagram, TikTok, Twitter, Facebook, YouTube, or LinkedIn).

What the social media platform sees:

  • TogetherOS server IP address
  • User-Agent header identifying TogetherOS
  • The specific URL you chose to import

What we DO NOT share:

  • Your TogetherOS account information
  • Your email address or profile data
  • Any other posts or activity on TogetherOS

Instagram-Specific Disclosures

When you import an Instagram post URL:

  • TogetherOS fetches publicly available metadata using Open Graph tags (title, description, thumbnail image)
  • We do NOT use Instagram's API or collect non-public data
  • You do NOT grant TogetherOS access to your Instagram account
  • TogetherOS does NOT require Instagram login
  • The original Instagram post remains on Instagram - we only display a preview card with a link
  • If the original Instagram post is deleted, the cached preview may remain until you delete your TogetherOS post

Your Rights

You have the following rights regarding your data:

  • Access: View all your posts at any time through your profile
  • Edit: Update or modify your posts through the post editor
  • Delete: Delete individual posts at any time through the post menu
  • Export: Request a copy of your data (planned feature - contact us)
  • Account Deletion: Request full account deletion (see Data Deletion section below)

Data Deletion

How to delete your data:

  1. Individual Posts: You can delete any of your posts at any time by clicking the delete button on the post. This immediately removes the post and all associated metadata from our database.
  2. Full Account Deletion: To delete your entire account and all associated data, please email privacy@coopeverything.org with the subject line "Account Deletion Request". Include your username and registered email address.

What gets deleted:

  • All your posts (native posts and social media imports)
  • All cached social media preview metadata
  • Your profile information
  • Your account credentials
  • All associated timestamps and metadata

Deletion timeline:

  • Account deletion requests are processed within 30 days
  • You will receive email confirmation when deletion is complete
  • Deletion is permanent and cannot be undone

Note: Deleted posts may remain in backup systems for up to 30 days before being permanently purged.

Data Security

We implement industry-standard security measures to protect your data:

  • HTTPS-only: All connections to TogetherOS are encrypted using TLS
  • SSRF protection: Multi-layer validation prevents server-side request forgery attacks when fetching social media previews
  • Rate limiting: 30 requests per hour per IP address to prevent abuse
  • Domain allowlisting: Only approved social media platforms can be accessed for preview fetching
  • Internal network blocking: Prevents access to private networks and localhost
  • Cascade deletion: When your account is deleted, all associated data is automatically removed

Data Retention

We retain your data as follows:

  • Posts: Stored indefinitely until you delete them or request account deletion
  • Deleted accounts: 30-day grace period before permanent deletion from all systems including backups
  • Rate limit data (IP addresses): 1 hour in-memory storage only, then automatically discarded
  • Social media preview cache: Stored indefinitely with the post, deleted when post is deleted

Cookies and Tracking

TogetherOS uses minimal cookies:

  • Authentication cookies: Required for login functionality (session management)
  • No tracking cookies: We do NOT use Google Analytics, Facebook Pixel, or any third-party tracking services
  • No advertising cookies: We do NOT serve ads or use advertising networks

Children's Privacy

TogetherOS is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@coopeverything.org and we will delete the information immediately.

International Users

TogetherOS is hosted in the United States. If you access TogetherOS from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using TogetherOS, you consent to the transfer of your information to the United States.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify users via email or platform announcement
  • Provide 30 days notice before changes take effect

Your continued use of TogetherOS after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

  • Email: privacy@coopeverything.org
  • GitHub: github.com/coopeverything/TogetherOS/issues

Related: Terms of Service