Privacy isn't the whole story — it's the trust layer that makes private communities actually private. This page is the unvarnished version: what we store, how encryption works, where the current gaps are, and what we're doing about them.
Alpha software — we're honest about current limitations. This page is updated as the model improves.TL;DR
Three things Recline is built around. The rest of this page is the detail.
Data model
Every piece of data that touches Recline's servers — and what form it's in when it arrives.
Under the hood
Plain language. No marketing. Here is exactly what happens to a message between your keyboard and the database.
Honest accounting
Encryption protects content. Metadata is a separate and harder problem. Here is what exists and what it can reveal.
Metadata minimization is on the roadmap. Future versions will reduce timestamp precision, add optional presence masking, and reduce what membership graphs reveal. This is an active area of work, not a solved problem.
Sparks & payments
Sparks are the community economy — members earn them daily, creators earn them through tips and broadcasts. When you choose to buy a Spark pack or cash out earnings, here is exactly how that data flows.
Recline stores
Recline does not store
Recline uses Stripe for all payment processing. Stripe's privacy policy governs how Stripe handles your payment data: stripe.com/privacy
Observability
What Recline uses to understand how the product works — and what it doesn't use to understand you.
sendDefaultPii: false and a beforeSend hook that strips user objects, cookies, request bodies, and IP addresses from all events before transmission. Error reports contain stack traces and error messages — not user content or identity.Honest limitations
Recline is in alpha. The core encryption is solid. But there are real gaps — and we'd rather tell you exactly where they are than let you assume everything is finished.
Our commitment
"Recline is designed to minimize what it knows about you. The goal is not to promise privacy — it's to make surveillance architecturally difficult, and to be transparent when it isn't."
The AGPL-3.0 license means if we ever tried to violate these commitments, anyone could fork the last clean version and keep running it. The code is the contract.
UK GDPR
Under UK GDPR and the Data Protection Act 2018, you have specific rights over personal data Recline holds. Here is what they are and how to exercise them.
Legal basis for processing: Account data is processed on the basis of contract performance. Platform security and abuse prevention are processed on the basis of legitimate interest. Sparks and payment transaction records follow contractual and legal obligation (UK accounting requirements). No processing is based on consent alone, and no personal data is sold or shared with third parties for commercial purposes.
Retention schedule
Recline retains data only as long as it is needed. These are the documented retention periods for each data category.
Online Safety Act
End-to-end encryption means Recline cannot proactively scan message content. This is the correct trade-off — and here is exactly what moderation looks like as a result.
Online Safety Act 2023: Recline acknowledges its obligations under the UK Online Safety Act. End-to-end encryption does not remove our duty to conduct risk assessments, maintain accessible reporting mechanisms, take action on reported content, and cooperate with Ofcom on regulated duties. This section documents our current moderation architecture in alignment with those obligations.
Questions
If something on this page is inaccurate, incomplete, or you have a specific question about data handling, reach out directly.
Privacy questions, data requests, and trust concerns can be sent to hello@recline.social. We'll respond directly — no ticket system, no automated responses. The client code for every encryption claim on this page is readable at the GitHub link below.