Uniform Worker Privacy Policy

Privacy terms for Uniform's current worker Zero Knowledge runtime

Uniform is designed to keep active runtime records as lean and privacy-preserving as possible while still operating the service. This page explains what the current product stores, what it does not store, and where third parties may still create their own records.

This page describes worker accounts and worker content only. Organizer accounts are public-facing, handled separately, and covered on the organizer privacy page.

For a deeper technical walkthrough, see our Technical Information page.

Last updated: March 11, 2026

Jump to a section

Overview

1. Uniform is built to minimize identifying data in active app-runtime systems

Uniform supports private worker organizing through pseudonymous handles, device-key session authentication, encrypted content workflows, and architecture that separates main app records from payment-provider identifiers.

We do not sell personal information. We also do not store plaintext protected posts, comments, direct messages, or media in active runtime tables.

Organizer profiles, organizer contact fields, and organizer bulletin content are intentionally public-facing and are not part of the worker privacy promises on this page.

Important limit

Privacy-focused architecture does not mean absolute anonymity. Other users, legal process, your own disclosures, compromised devices, or third-party provider records can still affect what becomes knowable about you.

Information We Collect

2. This is the information Uniform does store in the active runtime

The items below are categories of information we do keep in the current product. They are not examples of information we avoid collecting. The next section covers what we do not store in active runtime records.

We do store account and security data

  • Anonymous handle and account status.
  • Device public keys, signing public keys, and session challenge metadata.
  • Context, location, and thread membership metadata needed for access control.
  • Derived age-safety status such as age band, whether minor protections are enabled, and age-verification timestamps.
  • Notification preferences and, if enabled, device push tokens.

We do store encrypted content and related metadata

  • Encrypted posts, comments, direct messages, and media payloads.
  • Envelope and key-epoch metadata needed to deliver the right encrypted content to the right members.
  • Context, thread, and actor-scoped metadata needed to render organizing activity.

We do store support, safety, and operational records

  • In-app feedback submissions, including message text and optional encrypted image attachment metadata.
  • Reports, appeals, suppression state, moderation actions, and related audit history.
  • Anonymous union-card receipt artifacts such as location references, receipt hashes, and timestamps.

What We Do Not Store

3. This is what Uniform does not store in active runtime records

  • Real-name, personal email, or phone fields in active account, session, or protected content records.
  • Date of birth in the database, logs, analytics, moderation records, or support tools.
  • Plaintext protected posts, comments, direct messages, or media in main app runtime tables.
  • Auth or session IP-address persistence in the app database.
  • Payment processor customer or subscription identifiers in the main social app database.
  • Signed union-card content on the server.

How We Use Information

4. We use the limited information we keep to run the app, control access, and protect users

In plain terms, we use the information described above to make Uniform work, decide what your account can access, and handle safety, support, and legal obligations. We do not keep this information to build advertising profiles or sell your data.

  • Sign you in by verifying your device and issuing short-lived app sessions.
  • Control access to the right organizing spaces, threads, keys, and encrypted media.
  • Deliver and sync encrypted posts, comments, messages, and attachments to the right recipients.
  • Verify 16+ eligibility and apply minor safety restrictions without retaining the submitted date of birth.
  • Send optional, metadata-minimized push notifications if you enable them.
  • Review reports, appeals, and abuse-related signals to enforce safety rules.
  • Check billing or membership access state for accounts that require it.
  • Respond to support requests, feedback, and legal requirements.

Sharing and Disclosure

5. We share information only in limited operational, legal, and user-directed situations

We may share information with service providers that help us run the product, including hosting, encrypted media storage, push delivery, customer support tooling, and security operations. Those providers receive only the data needed to perform their roles.

We may also disclose information when required by law or when reasonably necessary to investigate abuse, protect users, enforce our Terms, or defend rights and property.

If you contact us by email, we receive whatever you include in that email, along with normal email-provider metadata such as sender address, timestamps, and message-routing information.

Payments and Third Parties

6. Payment providers and app stores may create records outside Uniform's main app database

Uniform uses a billing-vault model so the main app runtime does not store processor customer or subscription IDs. The main app checks access state without making the social database the source of payment identity.

If you pay through Apple, Google, Stripe, a crypto payment provider, or another third party, that provider may still know transaction, billing, wallet, or account details outside Uniform's active runtime tables.

The strongest payment-side anonymity generally comes from using a non-identifying crypto wallet or payment alias rather than a card or app-store account, but no payment method eliminates every possible identity risk.

Like most internet services, infrastructure, payment, app store, and email providers may process network, device, or transaction data to deliver their services. Those provider-side records are distinct from Uniform's main app-runtime records.

Security and Anonymity Limits

7. We use encryption and access controls, but no service can promise perfect secrecy

Uniform uses encrypted content storage, device-key session authentication, scoped access checks, metadata-minimized push notification design, and client upgrade gates to reduce accidental exposure and improve privacy.

Even with those controls, we cannot guarantee that your identity or activity will never be inferred, exposed, or compelled through legal process, human behavior, configuration mistakes, provider-side records, or security incidents.

We retain data for as long as reasonably necessary to operate the service, enforce safety rules, investigate abuse, comply with law, resolve disputes, and protect users and systems. Different categories of data may be retained for different periods.

Your Choices and Requests

8. You can manage settings in-app, including account deletion, and contact us for privacy requests

Controls you can use

  • Manage push-notification permissions on your device and in supported app settings.
  • Delete your account from the current web or mobile app settings flow.
  • Choose what you include in support emails or feedback submissions.
  • Control what personal details you reveal in your own content.

Privacy requests

If you want help with account deletion, or want to request access, correction, or export of information that may be associated with you, contact support@getuniform.app. We will review requests consistent with applicable law, safety obligations, and operational limits.

Age Eligibility and Changes

9. Uniform is for users 16 and older, and we do not retain submitted dates of birth

Uniform is for users who are at least 16 years old. During signup or a required age re-check, we temporarily process a submitted date of birth to confirm eligibility and to place an account into the correct age-safety band.

We do not retain the submitted date of birth after that check. Instead, we store only derived age-safety facts such as whether the account is `minor_16_17` or `adult_18_plus`, whether minor protections are enabled, when the age check happened, when the next minor re-check is due, and the policy version or verification method used.

Accounts for users ages 16-17 may have additional safety restrictions, including disabled direct messaging and higher-priority moderation handling for reports involving those accounts.

We may revise this Privacy Policy as the product, legal environment, or security posture changes. When we do, we will update the date on this page.