Privacy Policy: Still In?

Still In? is built to avoid displaying individual votes on an event. This page explains what event data we store and how the app displays outcomes.

Who is responsible

Still In? is run as a free, non-commercial project. Its operator is the data controller for the limited event data described below. For any question about your data, or to ask that an event be deleted, contact dev@stillin.app.

No accounts

Still In? does not ask you to create an account or provide an email or password. An event is reached through its event links. Whoever holds a link can use it.

What we store

For each event we keep:

two random link tokens (one per person);
each person's vote (yes or no);
the event's status (pending, a yes, or called off) and its deadline.

This data is stored only as needed to provide the event feature. The event record stored by the app does not include your name, email, or account details.

What the app does not display

The API response and voting page do not display either person's individual vote. They show the event status and whether the current link has already voted. In some situations, someone may infer a vote from the final outcome, especially if they know their own vote or hold both links.

How long we keep it

An event runs until its deadline, up to 7 days. Once it is decided — it gets a yes, or is called off — the outcome stays readable for a short window, currently about 48 hours, after which the event record, including the link tokens and votes, is automatically deleted from storage. We do not sell event data or use it for advertising.

Legal basis

We rely on our legitimate interest in providing the feature you chose to use: storing an event's link tokens, votes, status, and deadline is what lets the event work, and processing the technical request data described below is what lets us deliver the service securely, prevent abuse, and keep it available. We keep this data to the minimum needed and delete it automatically, as described above.

Third parties

The app is hosted on Cloudflare, which may process technical request data such as IP address, browser information, request path, and request headers to deliver the service, apply security rules, detect abuse, rate limit traffic, and block or challenge suspicious requests. Fonts are served by the app itself, so no font requests are made to third-party providers. We do not add analytics or advertising trackers.

Where your data is processed

Cloudflare runs a global network, so the technical request data above may be processed on servers outside the European Union, including in the United States.

Security cookies

Still In? does not set its own tracking cookies. If Cloudflare needs to check or protect traffic, it may set strictly necessary security cookies to verify a browser or remember that a security check was passed.

Contact

Questions about privacy? Get in touch at dev@stillin.app.