past.fun

Privacy Policy

Last updated: March 7, 2026

1. Information We Collect

When you use past.fun, we collect:

  • Account information: email address, username, and optional profile details (display name, bio, avatar)
  • User-generated content: timelines, events, descriptions, and images you create or upload
  • Usage data: pages visited and features used, collected to improve the Service

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Authenticate your account and manage sessions
  • Display your public profile and timelines to other users
  • Send transactional emails (password resets, account notifications)
  • Improve the Service based on usage patterns

3. Data Processing

We use Supabase as our backend infrastructure provider. Supabase processes and stores your data on our behalf. Your data is stored in a PostgreSQL database hosted by Supabase. Uploaded images are stored in Supabase Storage.

4. Analytics

We use PostHog to understand how our Service is used. PostHog collects anonymized usage data including pages visited, features used, browser type, and device information. Session recordings may be captured with all text and input fields masked. We do not sell your data to third parties. We do not use third-party advertising trackers.

5. Cookies

We use cookies for authentication session management and analytics. We also store your theme preference (light/dark/system) in localStorage. Analytics cookies help us understand usage patterns and improve the Service.

6. Your Rights

You have the right to:

  • Access your data — your profile and timelines are visible to you at any time
  • Export your data — timelines can be exported as CSV or JSON from the timeline page
  • Delete your data — you can delete your account and all associated data from the Settings page
  • Correct your data — you can update your profile and timeline information at any time

7. Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated data (profile, timelines, events, follows, bookmarks) is permanently deleted. Uploaded images are removed from storage.

8. Data Security

We implement reasonable security measures to protect your data, including encrypted connections (HTTPS), secure authentication via Supabase Auth, and row-level security policies on all database tables.

9. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can remove it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For questions about this Privacy Policy or to exercise your data rights, please reach out via the contact information on our website.