Privacy Policy
We designed Founder.mood to minimise personal data. We don't store your email in plain text and we avoid building a social graph.
Australian note: Depending on your circumstances (e.g., turnover, activities), the Privacy Act 1988 and the Australian Privacy Principles (APPs) may apply. We aim to align with APPs regardless.
1. What we collect (and why)
Things you provide
Posts & comments: What you write and publish (to operate the Service and moderate harm).
Account credentials (optional):
- HMAC email tag (non-reversible cryptographic tag derived from your email; used for login lookup).
- Password hash (bcrypt; used to authenticate).
We do not store your email in plain text.
Things generated by the system
Aliases: Fresh random alias per post; per-thread alias for comments (unlinkability).
Abuse protection signals: Short-lived rate-limit keys derived from network information (rotating buckets; we do not store raw IP in durable logs for this purpose).
Diagnostics & security logs: Standard web/app logs and bot-protection data (e.g., Cloudflare Turnstile) to keep the Service secure.
Optional features
AI anonymisation: If you enable it, we send your draft text to an AI model to remove names/places while keeping tone.
Private mood timeline: If you enable it, we generate analytics for you only.
2. What we don't collect
No public profile graph (no follows, no "more from this person").
No marketing contact list. We don't send promotional emails or texts.
Spam Act note: If we ever send commercial electronic messages, we will follow consent, identification, and unsubscribe rules. Currently, we do not send marketing messages.
3. How we use information
Provide and improve the Service.
Keep the Service safe (abuse prevention, fraud, and security).
Moderate harmful/illegal content and surface crisis resources when needed.
Comply with law, requests from authorities, or to enforce our Terms.
4. Lawful basis / APP alignment (plain English)
Where APPs apply, we collect and use personal information for purposes you would reasonably expect in operating and securing a community platform, and with your consent where required. We minimise collection and employ data-protection by design.
5. Cookies and similar tech
We do not use advertising trackers. We may use essential cookies or similar technologies for session management, bot-protection, and security.
6. Retention
Account data: Kept while your account is active.
Rate-limit/anti-abuse keys: Short-lived (e.g., minutes).
Logs: Retained for a limited period for security and diagnostics, then deleted or anonymised.
Deleted accounts: When you use the kill-switch, your account data is deleted; your posts remain for community continuity but are permanently detached from any identity.
7. Sharing
We share information only with:
Service providers (hosting/CDN, security/bot-protection, moderation tooling, analytics if used) under contract and only as needed.
Legal reasons (e.g., responding to lawful requests, enforcing Terms, protecting safety).
We do not sell personal information.
8. International transfers
Our providers may store or process data outside Australia. We take steps to ensure appropriate protection consistent with Australian privacy expectations (e.g., contractual safeguards and minimisation).
9. Your choices & controls
Post without an account: share without creating credentials.
Kill-switch (delete account): delete account data; posts detach.
Access & correction: request access to or correction of your personal information we hold.
AI anonymisation: you control whether to use it on drafts.
10. Children
The Service is for users 16+. If you believe a child has provided personal information, contact us to remove it.
11. Security
We use technical and organisational measures appropriate for a small platform: TLS in transit, bcrypt for passwords, non-reversible HMAC tag for login, least-privilege access, and security monitoring.
No method is 100% secure.
12. Data breaches
If a data breach is likely to result in serious harm, and the Privacy Act applies to us, we will assess and notify affected individuals and the OAIC in line with the Notifiable Data Breaches scheme.
13. Online safety
We respond to valid notices and requests under Australian online safety expectations, and we provide a reporting path for harmful or illegal content. See Online Safety & Reporting.
14. Changes to this Policy
We may update this Policy. We'll post the new date at the top. Substantial changes will be highlighted.
15. Contact & complaints
Questions or complaints about privacy? Contact us: privacy@zorentia.com.au
If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC).
Privacy by design, not by accident
Your anonymity is protected by our architecture, not just our promises. Start sharing your founder story without compromising your identity.