Privacy Policy

Effective: May 1, 2026

Pizzy Holdings ("we," "us," or "CyberRant") operates the CyberRant platform, including the website at cyberrant.org, the web application at app.cyberrant.org, the CyberRant desktop application, and the CyberRant mobile application. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services.

1. Information We Collect

We collect information you provide directly and information generated through your use of CyberRant:

  • Account Information: Name, email address, username, password (hashed), profile photo, and bio when you register.
  • Authentication Data: Credentials used through email/password login or Google OAuth2 sign-in.
  • Content You Create: Rants (posts), comments, likes, reshares, and any media (images or video) you upload.
  • Messages: Private Rants (direct messages), including self-destructing messages. Message content is stored until the destruction timer expires or the message is manually deleted.
  • Device Information: Device type, operating system, browser type, push notification tokens (Expo push tokens for mobile), and IP address.
  • Usage Analytics: Pages visited, features used, timestamps of activity, interaction patterns, and session duration.
  • Subscription Data: Subscription plan, billing status, and transaction identifiers processed through RevenueCat.

2. How We Use Your Information

  • Provide, maintain, and improve the CyberRant platform and its features.
  • Authenticate your identity and secure your account.
  • Deliver notifications (in-app, push, and email) about activity relevant to you.
  • Process subscriptions and manage billing through RevenueCat.
  • Power Rant AI features, including security analysis and content generation.
  • Enforce our Terms of Service and Acceptable Use Policy.
  • Detect and prevent fraud, abuse, and security incidents.
  • Communicate with you about updates, security alerts, and support.

3. Data Storage and Security

Your data is stored in PostgreSQL databases. Passwords are hashed using bcrypt before storage. Authentication tokens (JWT) are signed with a secret key and transmitted over HTTPS. Media files are stored as encoded data within our database infrastructure. We implement rate limiting, input validation, and access controls to protect against unauthorized access.

4. Third-Party Services

We share limited data with the following third-party services:

  • RevenueCat: Manages subscription billing and entitlements. Receives your user identifier and subscription status.
  • Google OAuth2: If you sign in with Google, we receive your name, email, and profile photo from Google. We do not receive your Google password.
  • OpenAI: Rant AI features send prompts to OpenAI's API for processing. We do not send your personal account information to OpenAI.
  • Expo Push Notifications: Mobile push notification tokens are sent to Expo's push service to deliver notifications.

5. Cookies

We use cookies and similar technologies for authentication, preferences, and analytics. For full details, see our Cookie Policy.

6. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate information in your profile settings.
  • Deletion: Request deletion of your account and associated data.
  • Export: Request a portable copy of your data.
  • Objection: Object to certain processing activities, including marketing communications.

To exercise any of these rights, contact us at support@cyberrant.org.

7. Data Retention

We retain your account data for as long as your account is active. Self-destructing Private Rants are permanently deleted when their timer expires. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law. Anonymized, aggregated data may be retained indefinitely for analytics purposes.

8. Children's Privacy

CyberRant is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will delete it promptly. If you believe a child under 13 is using CyberRant, please contact us at support@cyberrant.org.

9. GDPR Compliance

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR). We process your data based on legitimate interest (operating the platform), contractual necessity (providing the service you signed up for), and consent (where applicable). You may withdraw consent at any time. You also have the right to lodge a complaint with your local data protection authority.

10. CCPA Compliance

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell your personal information. To exercise your CCPA rights, contact us at support@cyberrant.org.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the platform or sending an email to your registered address. Continued use of CyberRant after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Pizzy Holdings
Email: support@cyberrant.org