your data, your call.

StillHere is a solo project — one person making and maintaining a small mental-health platform. there's no parent company, no investors, no data-monetization model. when this policy says "we", that's mostly just one human.

that means the lawyer-grade vocabulary of typical privacy policies doesn't really fit, so the rest of this is plain language.

account

• your handle (the @name you picked).
• your password — stored as an irreversible hash. we cannot read it, even if we wanted to.
• optionally: a display name, avatar image, and any free-text bio you add.
• the timestamp of when you joined.

activity

• posts you write (title, body, language, topics, mode tag, attached images/videos).
• comments you write.
• the "support" hearts you give.
• the posts you save (a per-account bookmark list).

technical

• basic web-server logs from our host (request, time, IP) — kept short-term for security.
• when you publish a post or comment, we store two extra fields alongside it: the request IP and a random per-browser identifier we put in your localStorage. these are only used to enforce a temporary block if a moderator pauses an account that's been breaking the guidelines. they are not used for tracking, profiling, or analytics.
• no cookies are set by StillHere apart from the auth session token. no analytics scripts. no advanced fingerprinting (no canvas hashes, no font enumeration, no advertising ID).

• no email or phone number. we don't ask for them. you don't have to give one.
• no real name. the handle is the only identifier.
• no precise location. we never geo-locate you — your IP is stored only as an opaque value for the block list described in section 02, and never resolved to a city or coordinates.
• no advanced device fingerprinting (no canvas hashes, no font enumeration, no advertising ID). the only "fingerprint" we keep is a random string we generated in your browser the first time you posted — you can wipe it any time by clearing site data.
• no third-party trackers. no facebook pixel, no google analytics, no segment.
• no behavioural profiling for advertising or "engagement". the feed is chronological by design.

your handle is the only public thing about you, and it doesn't need to relate to your real identity. if you pick something neutral, you are effectively anonymous on the site.

that said — here's how we think about anonymity honestly:

• your posts are linked to your handle internally (so you can edit or delete them later).
• if you put your real name in a post, that's public. we don't scan or hide it.
• if you reuse the same handle elsewhere on the internet, someone could connect them. we can't prevent that.
• if you screenshot your own post and share it, the screenshot exists outside this site. we have no control over it.
• posting "anonymously" (without an account) is still tied to your request IP and a random browser identifier so that blocks can be enforced. those values stay inside our database and are not used to identify who you are — only to recognise the same device/connection across submissions.

the ai companion is the most private feature on the site. how it works:

1. your messages are sent through an edge function we host (it holds the model api key, so your browser never sees it).
2. the model provider receives your message without your handle, account id, or any identifier.
3. the conversation is stored in your browser's localStorage — not on our servers.
4. if you switch devices or clear your browser data, those conversations are gone. that's the trade-off — privacy over portability.

we work with a model provider that operates under a zero data retention policy — they don't keep your prompts after responding.

StillHere can't run on nothing. it relies on three vendors:

• Supabase — our database & authentication backend (where your handle, password hash, posts, comments live). they process this data on our behalf.
• An AI gateway — proxies ai chat requests with zero data retention. they see only your message text, not who you are.
• Vercel — hosts the website itself; their servers log standard request data for a few days.

that's the full list. nothing else. no analytics vendor, no error-tracking saas, no email service, no advertising network.

simple rules:

• your account and content stay until you delete them. there's no automatic expiry.
• deleted posts and comments are removed from the database within a few minutes (no soft-delete, no shadow copy).
• when you delete your account, your profile row is anonymized; your posts become "anonymous". if you also click "delete all my posts" first, they're gone entirely.
• web-server access logs are kept by our host for a few days for security, then purged.

no matter what country you're in or what acronym applies (GDPR / CCPA / LGPD / DPDP), you have these:

• access — see what's stored. for now this is what you see in your profile + edit-profile pages; email us if you want a JSON export.
• correction — edit your profile and posts directly.
• deletion — delete posts individually, delete-all-posts from edit-profile, or delete the entire account. those buttons actually work.
• portability — email us, we'll send a JSON of your content.
• objection — there's nothing to object to (no profiling, no ads), but if there were, you could.

to exercise any of these, click the appropriate button — or write to hello@stillhere.app.

• passwords are hashed by Supabase using industry-standard algorithms — we can never read them in plaintext.
• all traffic is encrypted in transit over HTTPS.
• row-level security at the database means even if someone breaks in to our app code, they still can't query data they shouldn't.
• this is a small project. we don't have a security team — but we follow standard hygiene and respond fast to any reports.

found a vulnerability? please email hello@stillhere.app before disclosing publicly. thank you.

StillHere is intended for users 16 and older. the stories shared here often touch on grief, depression, trauma, and adult themes; adult language is common. we don't knowingly collect data from anyone under 16. if you believe a minor signed up, please tell us and we'll remove the account.

if anything material changes, we'll post a notice on the updates page and bump the version number above. the older versions stay archived in our git history.

questions, requests, concerns — write to hello@stillhere.app. this is a one-person project so a real human will respond, usually within a day or two.