Data Privacy

The data collected depends on the features you use. Optional fields are labeled in product flows and can be skipped. We group collection into the categories below:

• Account & Authentication: Name, username, email, password hash, session tokens, MFA secrets, device identifiers, IP address, login history, and security question confirmations when applicable.
• Profile & Demographics (optional): Bio, professional tags, phone number, country, city, pronouns, date of birth, website, portfolio links, and notification preferences. Email and phone visibility can be toggled from settings.
• Content & Uploads: Feed items, drafts, attachments (images, video, audio, documents), application forms, polls and votes, event RSVPs, bookmarks, likes, comments, moderation status, and revision history for edited posts.
• Relationship Graph: Follows, unfollows, mutes, blocked accounts, saved lists, referral codes, and creator program interactions to personalize feeds and recommendations.
• Applications & Records: Portfolio submissions, work samples, role preferences, eligibility attestations, and interview notes retained by program administrators.
• Payments & Compliance (if enabled): Tax forms, payout preferences, transaction metadata, and invoices handled via our payment partners. Sensitive banking details remain with the payment processor.
• Telemetry & Device Signals: Browser type, operating system, cookie identifiers, crash logs, feature flag assignments, network latency, and security signals (failed logins, rate limit counters) through first-party analytics.
• Content Safety Signals: Automated text and image classifications (e.g., AWS Comprehend and Rekognition), hash-based abuse checks, and cache metadata (keys, expiration timestamps) generated to keep the platform safe and performant.
• Communications: Support tickets, moderation escalations, survey responses, in-product chat transcripts, and feedback provided through forms or email.

When we need additional verification (for example, for payouts or to prevent impersonation) we explain the requirement at collection and store that information in segregated, access-controlled systems.

We process information under contractual necessity, legitimate interests, and legal obligations. Typical uses include:

• Delivering Services: Authenticate sessions, maintain profiles, sync saved content across devices, power search, and route application workflows to reviewers.
• Personalization: Recommend creators, categories, tags, and content based on follows, likes, comments, bookmarks, and application history.
• Safety & Moderation: Detect spam, plagiarism, harmful behavior, or policy violations; triage reports; retain audit trails; and enforce community guidelines. Automated analysis uses providers such as AWS Comprehend and Rekognition; outputs are kept minimal and refreshed as content changes.
• Communications: Send security alerts, transactional notifications, application updates, community digests, and optional marketing emails (only with consent).
• Analytics & Product Research: Run aggregated metrics, A/B tests, and surveys to improve quality, performance, and accessibility.
• Compliance: Maintain records required by law, respond to lawful requests, and enforce our Terms and policies in line with Nigerian data protection frameworks such as the Nigeria Data Protection Act (NDPA) and related regulations.

We share personal data only when necessary to operate Feedcover, when you ask us to, or when we are legally required to do so.

• Service Providers: Cloud hosting, storage, email delivery, analytics, content moderation, caching, and support tooling offered under strict confidentiality and data processing agreements. This includes infrastructure (e.g., AWS), content safety services (e.g., Comprehend/Rekognition), and managed cache layers (e.g., Redis).
• Collaborative Features: Public profiles, content, comments, polls, application outcomes, and social interactions you choose to share with communities or partners.
• Legal Requests: Courts, regulators, or law enforcement when required by law or to protect any person from harm or abuse.
• Business Changes: If Feedcover engages in a merger, acquisition, or asset transfer, we will continue to protect your data and notify you about new ownership or privacy obligations.

We do not sell personal information or share directly identifiable data with advertisers. When we provide insights externally, we use aggregated or de-identified datasets.

Securing user, creator, and applicant data is central to how we build. We employ layered safeguards across infrastructure, application code, and operations:

• Encryption: TLS 1.2+ for data in transit and encrypted stores for databases, secrets, and uploads. Encryption keys are managed with restricted access controls.
• Access Controls: Role-based permissions, just-in-time elevation, mandatory MFA for staff, and quarterly entitlement reviews.
• Secure Development: Code reviews, static analysis, dependency scanning, secret detection, and staging environments before production releases.
• Logging & Monitoring: Centralized audit logs, anomaly detection for authentication and content abuse, automated alerting for privileged actions, and incident response runbooks.
• Scoped Moderation Outputs: Safety classifications are stored with least-privilege access and short retention, and are refreshed or purged when content is updated or deleted.
• Data Isolation: User uploads reside in segmented object storage. Sensitive verification records live in separate encrypted vaults with access logging.
• Business Continuity: Encrypted backups, multi-region replication, disaster recovery drills, and tabletop exercises with the response team.
• Third-Party Assurance: Vendor security questionnaires, contractual breach notification clauses, and annual penetration tests by independent specialists.

We encourage you to use strong unique passwords, enable multi-factor authentication, and report suspicious activity to security@feedcover.com.

We retain personal information only for as long as needed to fulfill the purposes described in this notice or to meet legal, accounting, or reporting obligations.

• Account Data: Maintained for the life of your account and deleted or anonymized within 30 days of verified deletion requests, except where legal holds apply.
• Content & Interactions: Posts, uploads, comments, likes, follows, and application records remain until you remove them or close your account. Backups may retain metadata for up to 90 days.
• Security Logs: Stored 12–24 months to investigate fraud, rate limiting, or platform abuse.
• Ephemeral Caches: Performance caches (e.g., Redis) use short time-to-live expirations and are purged on content edits or deletes.
• Compliance Records: Tax, payout, and legal documents retained in accordance with statutory requirements (often up to 7 years).
• Support History: Conversation transcripts and ticket summaries retained up to 24 months to improve service and resolve recurring issues.

When data is deleted, we sanitize active systems and schedule purges for backup media following documented procedures.

Depending on your location, you may have statutory rights (such as GDPR, UK GDPR, CCPA/CPRA, LGPD). We provide tools and support channels so you can exercise control over your data.

• Manage Profile: Update profile fields, toggle email/phone visibility, manage tags, and review third-party connections from settings.
• Download Data: Request an export containing your posts, applications, follows, interactions, and account metadata.
• Delete Account: Initiate deletion in settings or contact hello@feedcover.com. We verify the request and purge personal data consistent with our retention commitments.
• Opt Out of Marketing: Use email unsubscribe links or notification preferences to adjust promotional communications. Transactional emails remain necessary.
• Cookies & Analytics: Adjust browser settings to control cookies. Essential cookies remain required for authentication and security.
• Appeal Moderation: Submit appeals on enforcement decisions if you believe an error occurred.

We may request additional information to verify your identity before fulfilling rights requests to protect your account.

Feedcover operates globally, which means personal information may be processed in the United States or other countries where our infrastructure or service providers are based. Wherever data travels, we apply the protections outlined in this notice.

• Transfer Safeguards: Standard contractual clauses, data processing agreements, encryption, and access restrictions for cross-border transfers.
• Regional Requirements: We honor local rights requests, maintain records of processing activities, and assess regulatory changes that affect cross-border data flows.
• Children's Privacy: Feedcover is not directed to children under 16. If we learn that data was collected without proper consent, we delete it promptly.

By using Feedcover, you acknowledge that your information may be transferred to jurisdictions with different data protection laws than your home country.

We update this notice whenever we introduce new features, integrate additional partners, or change how we process personal data. Significant updates are announced via email or in-product notifications with effective dates clearly indicated.

For privacy questions, data requests, or security disclosures, email hello@feedcover.com. Physical mail can be sent to Feedcover, 9 Olufunmilola Okikiolu, off Toyin Street, Ikeja, Lagos, Nigeria.

If you are dissatisfied with our response, you may contact your local data protection authority. We aim to resolve all requests promptly and transparently.