Privacy Policy

1. Who we are

PeopleOnly is a verified social media platform built around the principle that every account belongs to a real, verified human being. This policy explains what personal data we collect, how we use it, and what rights you have over it.

Privacy questions and requests can be sent to [email protected].

2. What data we collect

Account and profile data

When you register, we collect your email address, display name, and the profile type you select (journalist, podcaster, musician, or verified member). If you complete your profile, you may also provide a biography, avatar image, and type-specific information such as journalistic beat or publication history.

Identity verification data (KYC)

PeopleOnly requires all participating users to complete identity verification. We never store your identity documents. Identity verification is performed entirely by our third-party provider, Didit. Didit captures and holds your documents and biometric data. PeopleOnly receives only a verified token confirming you are a real person and, where applicable, a small set of confirmed metadata (for example, that you are over 18). Didit's privacy policy governs how Didit handles your data.

Content you publish

Articles, posts, tracks, podcasts, and any other content you create on the platform are stored on our servers and associated with your profile. Published content is publicly visible — including to unregistered visitors.

Activity data

We store records of actions you take on the platform: reactions, comments, follows, subscriptions, bookmarks, and content you have viewed. This data is used to deliver the platform's features (for example, showing your reaction on a post) and to calculate depth scores and reading streaks where applicable.

Encrypted tip messages

If you send a message to a journalist's encrypted source inbox, that message is end-to-end encrypted on your device before it is transmitted. PeopleOnly's servers handle only ciphertext — we never see the plaintext contents of any tip message. We store the ciphertext and the nonce required for decryption by the journalist's private key. No metadata identifying the sender is stored.

Notifications

If you enable push notifications, we store your browser's push subscription endpoint and associated cryptographic keys in order to deliver notifications to your device.

Technical data

Standard server logs may capture your IP address, browser type, and request timestamps. These logs are used for security monitoring and are not linked to your profile for advertising purposes.

3. How we use your data

• To create and manage your account
• To deliver platform features — feeds, reactions, comments, notifications
• To process subscriptions and payments via Paddle
• To send you platform notifications and, if you opt in, email updates
• To detect and prevent fraud, abuse, and violations of our terms
• To comply with legal obligations, including valid court orders
• To improve the platform based on aggregate, anonymised usage patterns

We do not sell your personal data to third parties. We do not use your data for behavioural advertising. Any advertising on PeopleOnly is targeted by content topic, never by individual user behaviour or profile.

4. Who we share your data with

Didit (identity verification)

Didit performs KYC on our behalf. Didit holds your identity documents. PeopleOnly does not receive those documents. See Didit's privacy policy for details of their processing.

Paddle (payments)

Paddle is our merchant of record for all payments. Paddle processes your payment card data and handles tax compliance. PeopleOnly does not store card numbers or payment credentials. Paddle's privacy policy governs their processing.

Cloudflare (CDN and media hosting)

Media files — including video hosted via Cloudflare Stream — are served through Cloudflare's network. Cloudflare may log request metadata (IP address, timestamp) in the course of normal CDN and DDoS protection operations. Cloudflare's privacy policy governs their processing.

Courts and legal authorities

PeopleOnly will disclose user identity information only when served with a valid court order from a court of competent jurisdiction in a recognised democratic country. See section 5 for the full disclosure process.

No one else

We do not share personal data with advertisers, data brokers, analytics companies, or any other third parties beyond those listed above.

5. Identity disclosure and the public ledger

If a court of competent jurisdiction in a recognised democratic country issues a valid order requiring us to disclose a user's identity, we will:

1. Require that the order is cryptographically signed and reviewed by at least two designated keyholders within PeopleOnly before any disclosure proceeds.
2. Contact the subject of the order where legally permitted to do so.
3. Provide the requesting party with the minimum information required to satisfy the order — in most cases, this means passing the request to Didit, who holds the underlying identity documents.
4. Log the disclosure immediately on our public immutable disclosure ledger, recording the date, jurisdiction, and legal order reference number. The identity of the subject is not shown on the public ledger — only that a disclosure occurred.

There is no silent surveillance. Every disclosure is public. PeopleOnly will never disclose identity information voluntarily, for commercial purposes, or without a valid court order.

6. Cookies

PeopleOnly uses a minimal number of cookies:

• Session cookie: A secure, HttpOnly cookie that keeps you signed in. It contains a cryptographically signed session token — not your personal data.
• CSRF token: A security cookie that prevents cross-site request forgery attacks.

We do not use tracking cookies, third-party advertising cookies, or analytics cookies.

7. Data retention

We retain your account data for as long as your account is active. If you delete your account, we remove your personal information (email address, display name, avatar, bio) within 30 days. Some records are retained for legal reasons:

• Disclosure log entries are immutable and permanent — they record that a disclosure occurred, not who the subject was.
• Transaction records are retained for 7 years for accounting and tax compliance.
• Voluntary retractions you submit are permanently linked to the original content for accountability reasons. If you delete your account, the retraction record is anonymised.

8. Your rights — GDPR and POPIA

You have the following rights over your personal data under the GDPR (if you are in the EU/EEA/UK) and POPIA (if you are in South Africa):

• Access: Request a copy of the data we hold about you.
• Rectification: Ask us to correct inaccurate data. Most profile data can be corrected directly in your account settings.
• Erasure (Right to be Forgotten): Request deletion of your personal data. Delete your account to initiate this process. Some data is retained as described in section 7.
• Portability: Request your data in a structured, machine-readable format (JSON).
• Objection: Object to processing of your data where we rely on legitimate interests as the legal basis.
• Restriction: Ask us to restrict processing while a complaint is being resolved.
• Complaint: If you are in South Africa, you may lodge a complaint with the Information Regulator (inforegulator.org.za). If you are in the EU/EEA/UK, you may lodge a complaint with your local data protection authority.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

9. Security

We take security seriously. Our platform uses TLS encryption for all data in transit. Passwords are hashed using bcrypt and never stored in plaintext. The source protection inbox uses end-to-end encryption — we cannot read those messages. An independent security audit is planned before public launch.

If you discover a security vulnerability, please report it responsibly to [email protected].

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the date at the top of this page. Continued use of PeopleOnly after a change constitutes acceptance of the revised policy.

11. Contact

For any privacy-related questions or requests: [email protected]