Privacy Policy
This policy describes what Viralr collects, why, where it lives, who else sees it, how long we keep it, and how you delete it. Written in plain English, not lawyerese. The same policy applies to every surface of the founder suite (viralr.dev, networkr.dev, outboxr.dev), all operated by Heimlandr (Sweden). If anything is unclear, reach us at heimlandr.io.
1. Who we are
"Viralr," "we," or "us" refers to the service operated at viralr.dev by Heimlandr (Sweden). Viralr is the socials and paid-ads surface of the founder suite. Heimlandr is the data controller for information collected through any suite surface (viralr, networkr, outboxr).
Contact for privacy matters: heimlandr.io. Billing and legal correspondence live on networkr.dev, the hub of the suite.
2. What we collect, and why
2.1 Data you give us when you connect the suite
Site domain, contact email, voice preferences (persona, tone, banned words), author identity (name, bio, avatar URL, social handles you choose to supply), branding (colours, logo path), send-time windows and platform selection, paid-ad budget preferences (if you opt into viralr-ads), and optional build-hook URLs.
Why: to shape posts in your voice, schedule into the right windows per platform, and run ad creative inside the budgets you set.
2.2 OAuth tokens for social and ad platforms
When you connect X, LinkedIn, Threads, Bluesky, Mastodon, TikTok, YouTube Shorts, or any of the paid-ad networks (Meta Ads, X Ads, LinkedIn Ads, TikTok Ads, Reddit Ads, Google Ads), we store an encrypted refresh token (AES-256-GCM at rest) scoped to the minimum permission required (post, schedule, and media upload). We never request DM-read, follower-export, or private-profile scopes. You can revoke at any time from the relevant platform's app-permissions page. The token dies at the platform's end and ours.
Why: to post, schedule, and serve ad creative through the accounts you chose. Engagement signals (likes, reposts, reply volume, ad click-through) are pulled back in to rank which threads to re-amplify and which to drop.
2.3 Data we gather from your site's public surface
When you connect, our crawler fetches your public homepage, sitemap, and a bounded number of linked pages. We extract meta tags, headings, visible text, brand signals (colours, logo), and public positioning so posts match what your audience already sees on your site.
Why: to shape posts in a voice that matches your site, and to prevent leaking product strategy not already public on your own homepage (our exposure-manifest rule).
2.4 Commit and ship signals (Builder log mode)
If you connect a GitHub repo for Builder-log threads, we pull commit metadata only: SHAs, messages, timestamps, changed file paths. We do not pull diffs. We do not pull file contents. Adding /private: to a commit message excludes that commit entirely. Metadata is purged after the thread publishes.
Why: to write thread-papers grounded in what actually shipped this week.
2.5 Operational records
We log authentication events (key mint, revoke, failed-auth IP, timestamp), pipeline runs, post attempts with platform responses, ad-creative delivery results, error traces, and access logs for the public API. Logs are rotated and access-controlled.
Why: security, abuse detection, debugging, and the public-audit obligations in our Standards.
2.6 Posts, threads, and ad creative
Generated posts, threads, clips, and ad creatives are stored so you can export them, so we can dedupe across the suite, and so engagement can be traced back to the generator. A searchable content registry index (hook, body, platform, timestamp, domain) is kept for cross-platform shaping and to seed networkr articles and outboxr newsletters.
Why: to serve posts, to feed the cross-platform engine, to publish the lineage record per post/thread/ad.
3. What we do NOT collect
- No behavioural tracking on the viralr.dev frontend
- No third-party analytics (Google Analytics, Mixpanel, etc.)
- No fingerprinting, no session replay, no heatmaps
- No advertising identifiers we set on your users
- No DM content, no private-message scopes, no follower-list exports
- No Gmail/Workspace content, no inbox scanning
- No payment card numbers. Stripe handles payment processing through networkr.dev (the billing hub of the suite). Viralr stores only Stripe customer IDs relayed from the hub.
- No LLM training on your prompts or outputs. Viralr uses models on paid, zero-retention API tiers.
4. Where your data lives
Viralr runs on servers in Germany (Hetzner, Falkenstein / Nuremberg region). Our SQLite database and encrypted backups live there. Our jurisdiction is the EU/EEA (Sweden-based operator, German infrastructure). The same backend powers networkr.dev and outboxr.dev, so when you connect one surface, the data does not move when you opt into the others. International transfers are covered in §7.
5. Third parties that may see your data
Viralr sends limited, purpose-bound data to the following services. Each is a processor under GDPR terms. Links point to each processor's own privacy policy.
| Processor | What we send | Purpose |
|---|---|---|
| Anthropic | Generation prompts (site profile, platform trend context, voice config) | Post / thread / ad creative generation |
| OpenRouter | Generation prompts (same as above) | Generation (fallback / multi-model) |
| X, LinkedIn, Threads, Bluesky, Mastodon, TikTok, YouTube | Post bodies, media, scheduled send-time, OAuth token | Post delivery |
| Meta, X, LinkedIn, TikTok, Reddit, Google Ads | Ad creative, targeting preferences, budget, OAuth token | Paid-ad delivery and reporting |
| Mailjet | Recipient email, digest contents | Weekly digest email delivery |
| Stripe | Billing email, payment method (never exposed to us) | Payments (relayed through networkr.dev, the suite's billing hub) |
We do not sell your data. We do not share it with advertisers as a data source. Each processor is bound by its own DPA; we review integrations before adding them and publish changes in our standards.
6. How long we keep data
| Site and account registration | Until you disconnect via the API |
| Crawl / audit data | 90 days rolling, then deleted |
| Auth events (key mint/revoke/failures) | 90 days |
| Pipeline run history | 180 days |
| Posts / threads / ad creative | Until you delete via the API; exportable anytime |
| Commit metadata (Builder log) | Purged after the thread publishes |
| Platform OAuth tokens | Until you disconnect or the platform revokes |
| Encrypted backups | Rolling 7 days |
7. International transfers
Viralr stores your data within the EU/EEA. Some processors listed in §5 are based outside the EU (Anthropic, Meta, X, Google, LinkedIn, TikTok, Stripe, Mailjet) and receive data under the EU's Standard Contractual Clauses (SCCs) and the processor's own certification (DPF where applicable). If you are an EU/EEA resident, you have the right to request the specific transfer mechanism used for any processor.
8. Your rights
Regardless of where you live, you can:
- Access all data we hold about your site via the API
- Export posts, threads, and ad creative via npx viralr export
- Delete a site and all associated data instantly via DELETE /api/sites/:id
- Disconnect any individual platform at any time. Tokens are revoked client-side and server-side.
- Object to any specific processing via heimlandr.io
EU/EEA residents additionally have the right to lodge a complaint with their local Data Protection Authority. UK residents may contact the ICO. California residents have CCPA rights. Contact us and we respond within 45 days.
9. Cookies
The viralr.dev frontend is a static site with no analytics and no advertising cookies. We may set a short-lived signed cookie during OAuth flows (10-minute TTL) solely to prevent CSRF. No third-party cookies are set.
10. Security
Tenant API keys are stored as SHA-256 hashes. We cannot recover them. Platform OAuth refresh tokens are encrypted at rest with AES-256-GCM. All traffic is HTTPS-only with HSTS enforced. We apply the hardening checklist described in our Standards. Breaches that may affect user data are disclosed within 72 hours of discovery as required by GDPR Art. 33.
11. Children
Viralr is for developers and website operators, not children. We do not knowingly collect data from anyone under 16. If you believe we have such data, reach us at heimlandr.io and we will delete it.
12. Changes to this policy
Material changes are announced by email to active tenants at least 14 days before taking effect. The version identifier and publish date at the top of this page is the source of truth. The same policy is mirrored on networkr.dev/privacy and outboxr.dev/privacy; all three update together.
13. Contact
Privacy questions, deletion requests, access requests, DPO correspondence: heimlandr.io. We respond within 30 days; urgent security concerns within 72 hours.
Privacy Policy v1.0 · Published 2026-04-22 · Applies across the founder suite (viralr.dev, networkr.dev, outboxr.dev).