1. Overview
This Privacy Policy explains how PornTok (the “Service”, “we”, “us”) collects, uses, discloses, and safeguards information when you access or use our website and related services. By using the Service, you consent to this Policy.
2. What We Collect
- Account Information: If you register, we collect username, email, hashed password, verification codes and timestamps, and verification status. We also track limited metadata about registration and verification attempts to prevent abuse.
- Usage Data: We log requested URLs, basic request metadata, and maintain rate‑limit counters keyed to your IP address for anti‑abuse. We store per‑video view counts in our database. For anonymous personalization, we use client‑side storage (sessionStorage and localStorage) on your device to keep short viewing histories and category preferences; this information is not transmitted to our servers except for aggregate effects (e.g., the order of videos we serve during your session).
- Device Fingerprinting (Anti‑Abuse): We may use a third‑party library (e.g., FingerprintJS) to derive a pseudonymous visitor identifier on your device to help detect bot abuse and deduplicate repeated view events. The identifier may be sent with some requests and can be logged ephemerally for rate‑limiting/deduplication. We do not build user profiles with this identifier.
- Email Operations: We use Resend to deliver verification and password reset emails. Your email and the verification code are used solely for account security purposes.
- Content Metadata: For videos sourced from third parties (e.g., Reddit/RedGifs), we store source post IDs, titles, subreddit names, and any available public usernames, plus CDN video keys and URLs, orientation, categories, and view counts.
- Reports and Moderation: When you submit a report, we store your report details, the relevant video ID, your IP address, your user ID if signed in, and timestamps, to help prevent abuse and to process the report.
3. How We Use Information
- Provide and operate the Service, including streaming and content curation.
- Secure the Service: prevent abuse, enforce rate limits, deduplicate actions, and detect bots.
- Authenticate users and provide account features (likes, saves, profile).
- Send transactional emails (verification, password reset) via Resend.
- Monitor performance, perform analytics in aggregate, and improve recommendations.
- Process reports, handle takedowns, and comply with legal obligations.
4. Cookies and Local Storage
We use authentication cookies to maintain sessions for signed‑in users. We also use sessionStorage/localStorage on your device to store anonymous viewing history and category preferences to personalize your feed. You can clear these via your browser. We do not sell or share this client‑side history with third parties.
5. IP Addresses and Rate Limiting
For anti‑abuse, we store minimal, time‑bound logs of IP addresses associated with specific actions (e.g., registration attempts, email verification, password reset requests, report submissions) to enforce rate limits and detect suspicious activity. These entries are automatically pruned (typically within 24 hours). We may aggregate counts for analytics and security without retaining full IP logs beyond necessary windows.
6. Third‑Party Services
- Cloudflare R2/CDN: We host and stream videos via a third‑party provider, which processes your device's requests to deliver media (including IP address and user agent as required for content delivery). We store video keys and generated URLs in our database.
- Resend: We send verification and password reset emails via Resend.
- FingerprintJS: We may derive a pseudonymous visitor ID used solely for security and deduplication.
- Reddit/RedGifs APIs: For ingestion of publicly available content metadata.
7. Data Retention
We retain account data for as long as your account is active and as needed for legal, security, and operational purposes. Security logs related to rate limiting and fingerprinting are short‑lived by design. Video metadata is retained while content remains on the Service. We may preserve data as required by law or to enforce our Terms.
8. Your Choices
- You may request deletion of your account. Some records may be retained as required by law.
- You can clear browsing data, cookies, and local storage via your browser.
- Do not use the Service if you do not consent to anti‑abuse measures necessary to protect it.
9. Children’s Privacy
The Service is strictly for adults 18+. We do not knowingly collect personal information from anyone under 18 and will remove such information if discovered.
10. International Data Transfers
Our services and third‑party providers may operate across jurisdictions. By using the Service, you consent to the transfer and processing of your information outside your country, subject to appropriate safeguards where required.
11. Security
We employ technical and organizational measures appropriate to the risk, including hashing of passwords, least‑privilege access to databases, and scoped rate limiting. No system is perfectly secure. You are responsible for protecting your account credentials.
12. Legal Bases and Rights (Where Applicable)
Where applicable (e.g., GDPR/UK GDPR), our processing may rely on consent (e.g., sending verification emails), performance of a contract (providing the Service), legitimate interests (security, analytics, personalization via client‑side storage), or compliance with legal obligations. You may have rights to access, rectify, delete, or object to certain processing, subject to limitations. Contact us to exercise rights.
13. Changes
We may update this Policy from time to time. Material changes will be indicated by an updated “Last Updated” date. Your continued use constitutes acceptance.