← Babble-on

Privacy Policy

Our promise

Babble-on is built on a simple commitment: real people, real conversations, no surveillance economy. We are a paid social platform, not an advertising business. We do not sell your information. We do not share your information for behavioral advertising. We do not use your content to train AI.

This Privacy Policy explains exactly what information we collect, how we use it, who we share it with, how long we keep it, and what rights you have. We have tried to write it in plain English. Where the law requires specific legal language, we have used it and explained what it means.

We are RD7 Group LLC, a New York limited liability company located at 555 W 23rd Street, Apt N10B, New York, NY 10011. We operate the Babble-on service at babble-on.io and in the Babble-on mobile applications. References to "Babble-on," "we," "us," or "our" mean RD7 Group LLC.

Scope of this Policy

This Policy applies to information we collect through:

  • The babble-on.io website.
  • The Babble-on mobile applications for iOS and Android.
  • Direct communications with us (email, support requests, legal notices).

Babble-on is a United States service at this stage. We accept users in all U.S. states and territories. We do not currently accept users in the European Union, the United Kingdom, or other regulated international jurisdictions. If you are located outside the United States, please do not use Babble-on.

1. The short version

The rest of this Policy goes into detail. The short version is:

  • What we collect. Account basics (email, password, username, display name), an attestation that you are 18 or older, the content you post, who you follow and who follows you, and basic technical data needed to operate the service.
  • What we don’t collect. Your date of birth, your phone number, your location, your real name (unless you choose to use it), your payment card details, or behavioral data for advertising.
  • What we don’t do. We don’t sell your information. We don’t share your information for behavioral advertising. We don’t use your content to train AI. We don’t run third-party analytics or trackers. We have no advertisers.
  • Who we share with. A small list of service providers we need to operate the platform (Supabase for our database and authentication, Vercel for web hosting, Expo for mobile app distribution, Stripe for payments, Apple and Google for app distribution). Each is bound by data-protection agreements with us.
  • Your rights. You can access, correct, or delete your information at any time from your account settings. California residents and residents of other states with comprehensive privacy laws have additional formal rights described in Sections 10 and 11.

2. Information we collect

2.1 Information you give us

At account creation

When you create a Babble-on account, we collect:

  • Email address. Used as your account identifier, to send transactional messages (login codes, password resets, account notices), and to communicate with you about the service.
  • Password. Stored in cryptographically hashed form by our authentication provider, Supabase. We never store your plaintext password. We also keep cryptographic hashes of your last five passwords in our database (using bcrypt) so that we can prevent password reuse.
  • Username and display name. Your username is your identifier on the platform; your display name is how you appear to other members. Both are public to Babble-on members.
  • Age attestation. You confirm that you are at least 18 years old. We record the timestamp of that confirmation. We do not collect your date of birth.
  • Legal acceptance. We record the timestamp at which you accept our Terms of Service, Community Standards, and this Privacy Policy, and the version of each that you accepted.
  • Invitation token. Because Babble-on is invite-only, we record which member invited you and the time your invitation was used.

In your profile

You may optionally add to your profile:

  • A short biography ("bio").
  • An avatar image.

In your activity on the service

As you use Babble-on, we collect the content and metadata of what you create:

  • Posts. Up to 300 characters of text. Each post has a timestamp and is associated with your account.
  • Passes (reposts). When you repost another member’s content, we record that you reposted it and when.
  • Replies. Replies to other members’ posts. Same format as posts, with a reference to the post being replied to.
  • Knucks. When you mark a post with a knucks (our equivalent of a "like"), we record which post and when.
  • Follows. We record the members you follow and the members who follow you, with timestamps.
  • Blocks and mutes. We record which members you block or mute, with timestamps. Block and mute information is private to you.
  • Direct messages. The text and any media of messages you send and receive in direct conversations with other members. Direct messages are stored on our servers in plaintext. We do not proactively read direct messages, but we may access them in response to a valid user report, hash-matched media indicating child sexual abuse material, a legal request, or a credible imminent threat to life.
  • Uploaded media. Any images or videos you upload to your profile, your posts, or your direct messages. Media is stored in Supabase Storage.
  • Notifications. An in-app record of activity directed at you (replies, follows, mentions, smashes), with read status and timestamps.
  • Presence indicator. We record a timestamp of when you were last active on the service, so we can show approximate presence information to other members if you have not disabled it.

In moderation and enforcement

When you report a post, profile, or message, or when we take enforcement action affecting you, we record information about that event, including:

  • Reports you have filed, including the content reported, the category, and any note you added.
  • Enforcement actions taken against your account, including the rule violated, the action taken, and the timestamp.
  • Appeals you have filed and their resolution.

2.2 Information collected automatically

Technical data through our infrastructure

Our underlying infrastructure collects some technical information automatically as part of operating the service:

  • Supabase (authentication and database). Our authentication provider logs authentication events: successful sign-ins, password reset requests, one-time-code requests, and similar events. These logs may include the IP address from which the event originated, depending on the Supabase plan tier. These logs are retained by Supabase under its own terms.
  • Vercel (web hosting). Our web hosting provider records standard server-access logs for requests to babble-on.io. These logs contain the request URL, the IP address making the request, the user-agent string, the timestamp, and the HTTP status code. They are retained by Vercel under its own terms.

We do not export, mine, or analyze these infrastructure logs for behavioral profiling. We may consult them for security investigation, debugging, or to respond to legal requests.

Cookies and similar technologies

Babble-on uses a minimal set of technologies for session management:

  • Web (babble-on.io). We use HTTP cookies set by our authentication provider, Supabase, to keep you signed in across page loads. These are strictly necessary for the service to function. We do not use analytics cookies, advertising cookies, social-media tracking pixels, or any cookies set by third parties for tracking purposes.
  • Mobile (iOS and Android). Session tokens are stored in your device’s secure storage (iOS Keychain on iPhones and iPads; Android Keystore on Android devices), through the Expo SecureStore mechanism. Tokens are encrypted at the device level by the operating system.

We do not place any cookies that require notice-and-consent under the e-Privacy framework, because we do not place non-essential cookies.

2.3 Information from third parties

We receive limited information from third parties that help us provide the service:

  • Stripe (payments). When you subscribe to Babble-on, you provide payment information directly to Stripe at babble-on.io. We do not see your full payment card number, CVV, or other sensitive payment data — those are handled by Stripe under its own terms and privacy policy. Stripe sends us a customer identifier, your subscription status, and information about successful and failed payments.

2.4 Information we do not collect

To make our promises concrete, here is what we do not collect:

  • Your date of birth. Age verification is by attestation only.
  • Your phone number.
  • Your real name (unless you choose to use it as your display name).
  • Your precise geolocation.
  • Your device fingerprint, advertising identifier, or other persistent device identifier.
  • Behavioral data captured by analytics platforms. We do not use Google Analytics, Meta Pixel, Mixpanel, Amplitude, PostHog, or any similar service.
  • Error or crash reporting data sent to third parties. We do not use Sentry, Bugsnag, or similar services.
  • Information about your interests, the content you view from outside Babble-on, or your activity on other websites or apps.
  • Information from data brokers.
  • Special-category data, such as health information, biometric data, racial or ethnic origin, religious beliefs, or sexual orientation, unless you voluntarily include such information in your content.

3. How we use information

We use the information we collect to:

  • Provide the service: deliver your posts to other members, let other members reply to and repost your content, deliver your direct messages, show you content from members you follow, and run the platform.
  • Authenticate you and keep your account secure.
  • Process your subscription payment through Stripe.
  • Communicate with you about your account, your subscription, security issues, changes to our policies, or other operational matters.
  • Enforce our Community Standards and these Terms: review reports, identify violations, take enforcement action, handle appeals.
  • Comply with our legal obligations, including reporting child sexual exploitation under 18 U.S.C. § 2258A, responding to lawful legal process, and meeting our obligations under the TAKE IT DOWN Act and other applicable laws.
  • Investigate and prevent fraud, abuse, security incidents, and other harm to Babble-on or its members.
  • Improve the service, including by debugging issues, understanding service errors, and making considered design decisions.

3.1 How we do not use information

As a binding commitment, we do not use your information to:

  • Sell it to third parties.
  • Share it with advertising networks or data brokers.
  • Target advertising at you (we do not run advertising).
  • Train any third party’s machine-learning model. We do not provide your content to OpenAI, Anthropic, Google, Meta, or any other AI developer for training purposes.
  • Build psychological profiles for any purpose other than enforcing our Community Standards.
  • Manipulate your engagement through algorithmic amplification of emotionally charged content.

4. How we share information

We share information only as described in this section. We do not sell it.

4.1 With other Babble-on members

Your username, display name, bio, avatar, posts, replies, reposts, and follows are visible to other Babble-on members by design — that is what a social platform is. Your direct messages are visible only to the parties to that conversation.

4.2 With our service providers

We share information with a small set of third-party service providers that help us operate the platform. Each is contractually bound to handle your information only on our instructions and consistent with this Policy.

Service providerPurposeData shared
Supabase, Inc.Database, authentication, file storage, transactional emailAll account data, content, profile, follow graph, blocks, mutes, notifications, uploaded media, authentication credentials (hashed)
Vercel, Inc.Web hosting for babble-on.ioRequest/response data while you use the website (IP, user agent, timestamp, route)
Expo (650 Industries, Inc.)Mobile app build and distribution infrastructureApp build artifacts only; no runtime user data routed through Expo
Stripe, Inc.Subscription payment processingEmail, account identifier, subscription status; you provide payment card data directly to Stripe, which we do not see
Apple Inc.iOS app distributionWhatever Apple collects under the App Store terms; we do not transmit additional data to Apple beyond what is required for app distribution
Google LLCAndroid app distributionWhatever Google collects under the Play Store terms; we do not transmit additional data to Google beyond what is required for app distribution

Each of these service providers maintains its own privacy practices, which apply to data they process for us. Supabase, Vercel, Expo, and Stripe are required to comply with applicable U.S. privacy laws, including the California Consumer Privacy Act, in their service relationships with us.

Sub-processor notice

Supabase, our primary processor, may use its own sub-processors for transactional email delivery and other infrastructure functions. The current list of Supabase sub-processors is published at supabase.com. We will provide notice if we add, remove, or replace a primary service provider that processes substantial user data.

4.3 For legal reasons

We may disclose your information when we believe in good faith that disclosure is required to:

  • Comply with applicable law, regulation, legal process, or governmental request.
  • Enforce our Terms of Service or Community Standards, including investigating potential violations.
  • Detect, prevent, or address fraud, security, or technical issues.
  • Protect against harm to the rights, property, or safety of Babble-on, our members, or the public, as required or permitted by law.
  • Comply with our mandatory reporting obligation to the National Center for Missing & Exploited Children CyberTipline under 18 U.S.C. § 2258A when we become aware of apparent child sexual exploitation.
  • Comply with our obligations under the TAKE IT DOWN Act with respect to non-consensual intimate imagery.

We require legal process — a subpoena, court order, search warrant, or valid emergency request — for non-public information. We will challenge legal requests that we believe are overbroad or improper.

4.4 In a business transaction

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will give you reasonable advance notice if such a transaction would change how your information is handled, and will require the receiving party to honor commitments we have made in this Policy.

4.5 With your consent

We may share your information with third parties when you direct us to do so, or with your explicit consent for a specific purpose. We will identify the third party and the purpose at the time we ask.

5. Security

We use reasonable technical, administrative, and organizational measures to protect your information from unauthorized access, disclosure, alteration, and destruction. Specifically:

5.1 Encryption in transit

All communication between your device and Babble-on is encrypted using TLS (Transport Layer Security). The web application enforces HTTPS. Mobile applications use HTTPS for all API requests. Connections that do not use TLS are rejected.

5.2 Encryption at rest

The database and file storage that hold your account data, posts, messages, and uploaded media are encrypted at rest using AES-256 encryption, managed by Supabase on infrastructure provided by Amazon Web Services.

5.3 Password security

Your password is never stored in plain text. It is cryptographically hashed by our authentication provider using industry-standard algorithms (bcrypt). We also store bcrypt hashes of your last five passwords to prevent reuse. We cannot recover your password if you forget it; you can reset it through the password-reset flow.

5.4 Session security

On the web, session tokens are kept in HTTP-only cookies that are not accessible to client-side scripts. On mobile, session tokens are stored in the device’s encrypted secure storage (iOS Keychain or Android Keystore). We invalidate sessions on password change and on suspicious-activity signals.

5.5 Access controls

Access to production systems, user data, and moderation tooling is limited to authorized personnel with role-based access. Access is logged. Production-database access is restricted to a small named set of individuals.

5.6 What we do not promise

No system can guarantee perfect security. We cannot promise that your information will never be accessed, used, or disclosed in a manner inconsistent with this Policy. We commit to maintaining reasonable security and to notifying affected users in the event of a confirmed data breach, as required by applicable state breach-notification laws.

5.7 End-to-end encryption notice

Babble-on does not currently provide end-to-end encryption for any communications, including direct messages. Your direct messages and other content are stored in plain text on our servers, are readable by Babble-on as the operator of the service, and may be disclosed in accordance with the legal-process provisions of Section 4.3.

6. How long we keep your information

6.1 Active accounts

We keep the information associated with your active account for as long as your account is active and as needed to provide the service. This includes your profile information, posts, replies, reposts, direct messages, follows, blocks, mutes, and notifications.

6.2 Closed accounts

When you close your account, we delete most associated data within a reasonable period after closure. We use database-level cascading deletion to ensure that closing your account removes your profile, posts, follows, smashes, notifications, blocks, mutes, and password history. We may retain limited information after account closure where retention is required for one of the following reasons:

  • Legal compliance. Where retention is required to comply with a legal obligation, including CSAM-related evidence under 18 U.S.C. § 2258A (one-year minimum retention).
  • Suspension and ban evasion. Where retention is necessary to prevent a banned user from re-registering, we may retain a hash of your email, your IP address at signup, and your device fingerprint for ban-evasion purposes.
  • Active disputes. Where retention is necessary to resolve a pending or threatened dispute, including a moderation appeal.
  • Security incident investigation. Where retention is necessary to investigate a security incident that affected the service.

6.3 Backups

Our database and file storage are backed up by Supabase on a rolling schedule. Backup copies of deleted data may persist in backup snapshots for a reasonable period before they are overwritten in the normal course of backup rotation. We do not restore deleted user data from backups in the ordinary course.

6.4 Specific retention periods

CategoryRetention
Active-account data (profile, posts, follows, etc.)Until account closure
Password history (last 5 hashed passwords)Until account closure
Invite tokens7 days from generation, then expired and pruned
Authentication event logs (Supabase)Per Supabase’s retention policy
Web access logs (Vercel)Per Vercel’s retention policy
CSAM-related evidenceMinimum 1 year per 18 U.S.C. § 2258A; longer if NCMEC or law enforcement requests
Hashes of removed NCII contentIndefinitely, to prevent re-upload
Consumer privacy requests and our responsesAt least 24 months per California Privacy Rights Act
Moderation logsAt least 24 months
Closed-account ban-evasion dataWhile necessary to prevent re-registration; reviewed periodically

7. Your choices and rights

7.1 Access and update your information

You can view and update most of your account information at any time from your account settings, including your display name, bio, avatar, password, and the email address associated with your account.

7.2 Delete your account

You can delete your Babble-on account at any time from your account settings. Account deletion is permanent: your posts, profile, and other account data are removed from the service, subject to the exceptions in Section 6.2 above.

7.3 Marketing communications

We do not send marketing emails. We send only transactional and account communications: login codes, password resets, security notices, subscription notices, enforcement actions, policy updates, and similar service messages. These communications are part of the service and cannot be unsubscribed without closing your account.

7.4 Cookies

Babble-on uses only strictly necessary cookies for session management on the web. There is no separate cookie-consent layer because we do not place non-essential cookies. You can clear cookies from your browser at any time; doing so will sign you out of Babble-on.

7.5 Do Not Track and Global Privacy Control

Some browsers send Do Not Track signals or Global Privacy Control signals to indicate a preference for opting out of certain data practices. Because Babble-on does not sell personal information or share it for cross-context behavioral advertising, these signals do not change our processing. Where applicable state law treats a Global Privacy Control signal as a request to opt out of sale or sharing, we will honor it as such, consistent with the rights described in Section 10.

8. Children’s privacy

Babble-on is an adults-only service. You must be at least 18 years old to create an account, as required by our Terms of Service and Community Standards. We are not directed at children, we do not knowingly collect information from anyone under 18, and we do not have any features intended for children.

If we receive actual knowledge that an account belongs to a person under 18, we will terminate the account and delete the associated personal data within 30 days, retaining only the minimum information necessary to prevent re-registration.

If you are a parent or guardian and you believe your child has provided us with personal information, please contact us at privacy@babble-on.io and we will take steps to delete that information.

9. Third-party links and content

Babble-on may contain links posted by members to third-party websites, services, or content. We are not responsible for those third parties or their privacy practices. If you follow a link from Babble-on to another service, that service’s privacy policy applies to its handling of your information.

10. California residents

This Section 10 applies to California residents and describes the rights and disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, "CCPA").

10.1 Categories of personal information collected

In the past 12 months, we have collected the following categories of personal information from California residents:

CCPA categoryExamples we collectSource
IdentifiersEmail address, username, account identifierFrom you
Customer recordsDisplay name, bio, avatar, password (hashed)From you
Internet or network activityPosts, replies, reposts, smashes, follows, blocks, mutes, notifications, login events, IP address (via infrastructure providers)From you, from our infrastructure providers
GeolocationApproximate location inferred from IP address (via infrastructure providers); not stored by us beyond service-provider logsFrom our infrastructure providers
Commercial informationSubscription status, payment history (no card data)From Stripe
InferencesNone drawn for behavioral profiling or advertising purposes
Sensitive personal informationAccount credentials (password); content of communications (direct messages); contents of posts you choose to make, which may include sensitive content you voluntarily discloseFrom you

We do not collect biometric information, health information, racial or ethnic origin, religious beliefs, sexual orientation, union membership, genetic data, or precise geolocation (within 1,850 feet) as such — but you may voluntarily reveal such information in your content.

10.2 Sources of personal information

We collect personal information from the following sources:

  • Directly from you, when you create an account, complete your profile, and use the service.
  • Automatically through our infrastructure providers (Supabase, Vercel) as you use the service.
  • From Stripe, when you subscribe (subscription status only; no card data).

10.3 Business and commercial purposes

We use personal information for the following business and commercial purposes, as defined by the CCPA:

  • Operating the service, including authenticating users, delivering content, and processing subscriptions.
  • Auditing related to interactions with you.
  • Detecting, protecting against, and responding to security incidents and fraud.
  • Debugging to identify and repair errors.
  • Performing services on behalf of the business, including providing customer service.
  • Internal research for technological development.
  • Quality and safety: enforcing our Community Standards.
  • Complying with legal obligations.

10.4 Recipients of personal information

In the past 12 months, we have disclosed personal information to the categories of recipients described in Section 4.2 (Service providers), Section 4.3 (Legal reasons), and Section 4.4 (Business transactions). The specific recipients are identified in Section 4.2.

10.5 We do not sell or share personal information

Babble-on does not sell personal information for monetary or other valuable consideration. We do not share personal information for cross-context behavioral advertising, as those terms are defined under the CCPA.

Because we do not sell or share personal information, the right to opt out of sale or sharing under the CCPA is satisfied by our underlying practice. We respond to Global Privacy Control signals consistent with this practice.

10.6 We do not use sensitive personal information for inferring characteristics

We use sensitive personal information only for the purposes for which we collected it (operating the service) and for the limited additional purposes permitted under California Civil Code section 1798.121(a) without an opt-out right (including security, fraud prevention, and short-term transient use). We do not use sensitive personal information to infer characteristics about you.

10.7 Your California rights

As a California resident, you have the following rights with respect to your personal information:

  • Right to know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business and commercial purposes for which we collected it, and the categories of third parties to whom we have disclosed it.
  • Right to delete. You have the right to request deletion of personal information we have collected from you, subject to exceptions California law permits (for example, where the information is needed to complete a transaction, detect security incidents, or comply with a legal obligation).
  • Right to correct. You have the right to request correction of inaccurate personal information.
  • Right to opt out of sale or sharing. We do not sell or share personal information, so there is nothing to opt out of. We will continue to honor this commitment as a contractual matter under our Terms.
  • Right to limit use of sensitive personal information. Because we do not use sensitive personal information for purposes that would trigger the right to limit under California Civil Code section 1798.121, the right to limit is satisfied by our underlying practice.
  • Right to non-discrimination. We will not deny service, charge a different price, or provide a different level of service because you exercised your California privacy rights.

10.8 How to exercise your California rights

California law requires us to provide at least two methods for submitting requests. You can exercise your rights through either:

  • In-app privacy controls. From your account settings on babble-on.io or in the mobile app, select "Privacy Controls" and choose the action you wish to take.
  • Email. Send your request to privacy@babble-on.io. Include enough information for us to identify your account and process the request.

We will acknowledge your request within 10 business days and respond substantively within 45 days. We may extend the response period by an additional 45 days where reasonably necessary, in which case we will notify you of the extension and the reason.

10.9 Verification

For some requests we will need to verify your identity before we act. The verification we ask for will be proportionate to the sensitivity of the request. For requests about information associated with your account, we may verify through control of your account (for example, by sending a confirmation to the email address on file).

10.10 Authorized agents

You may designate an authorized agent to make a request on your behalf. The agent must provide proof of authorization (such as a power of attorney) and we may ask you to confirm directly that you have authorized the agent.

10.11 Personnel training and record-keeping

Personnel who handle California consumer privacy requests receive training on California privacy rights and our procedures for verifying, routing, and resolving requests. We retain a record of consumer requests and our responses for at least 24 months, as required by the California Privacy Rights Act.

10.12 Notice at collection

This Privacy Policy serves as our notice at or before collection of personal information from California residents, as required by California Civil Code section 1798.100(a).

11. Other state privacy rights

Several other U.S. states have enacted comprehensive consumer privacy laws, including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others. As a matter of operational practice, Babble-on extends substantially equivalent rights to residents of those states, even where the state’s law would not strictly require it.

Specifically, if you are a resident of any U.S. state with a comprehensive consumer privacy law, you may exercise the rights described in Section 10.7 by following the procedure in Section 10.8. We will respond to your request within the timeline applicable in your state or within 45 days, whichever is shorter.

Specific variations in state-law requirements — such as appeal rights for denied requests under the Virginia Consumer Data Protection Act — are honored as required by the law applicable to your residency. If you are unsure of your rights, contact us at privacy@babble-on.io and we will clarify.

11.1 Breach notification

All 50 U.S. states have data-breach-notification laws. In the event of a security incident that affects your personal information, we will notify you in accordance with the strictest applicable timeline, as required by your state of residency.

12. Where we operate

Babble-on is a United States service operated by RD7 Group LLC, a New York limited liability company. Our infrastructure providers store data in the United States; specifically, our database and file storage are hosted in U.S. data centers operated by Supabase on Amazon Web Services infrastructure located in Ohio.

We do not currently offer the service to users in the European Union, the United Kingdom, or other jurisdictions with comprehensive data-protection regimes outside the United States. If you are located in such a jurisdiction, please do not use Babble-on.

13. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of the Policy. If we make a material change — for example, a change in the categories of information we collect, a change in how we use information, or a change in the entities we share information with — we will provide reasonable advance notice through one or more of the following:

  • An in-app notice or banner.
  • An email to the address associated with your account.
  • A notice on babble-on.io.

Generally, advance notice will be at least 30 days. If a change materially expands the categories of personal information we collect or the purposes for which we use it, we will obtain your affirmative opt-in consent before applying the change to your information, consistent with FTC guidance for material changes to mobile app data practices.

Your continued use of Babble-on after the effective date of a non-material change means you accept the change. If you do not agree, you may close your account.

14. How to contact us

If you have questions about this Privacy Policy or our handling of your personal information, contact us at:

RD7 Group LLC
Attn: Privacy
555 W 23rd Street, Apt N10B
New York, NY 10011
Privacy requests: privacy@babble-on.io
General support: support@babble-on.io
Legal/DMCA: dmca@babble-on.io

We will respond to privacy inquiries within a reasonable time, generally within 10 business days for acknowledgment and 45 days for substantive responses.