TheyToldMeToTheyToldMeTo

Privacy Policy

Last updated: February 23, 2026

What Data We Collect

When you create an account, we store:

  • Account info — your name, email address, and username
  • OAuth profile info — if you sign in with Google, GitHub, or Apple, we receive your basic profile (name, email, avatar). We do not receive your password from these providers.
  • Content you create — lists, list items, recommendations, and completion status

We do not collect analytics, track your browsing, or use advertising cookies.

Why We Collect It

We use your data solely to operate the service — to authenticate you, display your lists, deliver recommendations between users, and let you share lists with friends.

Cookies & Sessions

We use a single JWT authentication cookie to keep you signed in. That's it. No tracking cookies, no analytics cookies, no third-party advertising cookies.

Third-Party OAuth Providers

If you sign in with Google, GitHub, or Apple, we receive only the basic profile information needed to create your account (name, email, profile picture). We don't access your contacts, files, repositories, or any other data from those providers. Each provider has its own privacy policy governing how they handle your data on their end.

Data Storage

Your data is stored in a PostgreSQL database hosted on AWS infrastructure in the United States. We use HTTPS encryption for all connections to the service.

Your Rights (Including GDPR)

You have the right to:

  • Access your data — you can see all your lists, items, and profile info in the app
  • Rectify your data — you can edit your display name and other profile info
  • Erase your data — you can delete your account, which removes all your data
  • Port your data — contact us and we'll provide an export of your data
  • Object to processing — contact us if you have concerns about how we process your data

To exercise any of these rights, email us at hello@theytoldmeto.com.

Data Retention & Deletion

We keep your data for as long as you have an account. When you delete your account, we delete your data from our systems. We don't keep backups of deleted accounts beyond standard database backup windows (up to 30 days), after which the data is permanently gone.

Children's Privacy

TheyToldMeTo is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has created an account, please contact us.

Changes to This Policy

We may update this policy from time to time. If we make significant changes, we'll update the date at the top of this page. Continued use of the service after changes means you accept the updated policy.

Contact

Questions about your privacy? Reach out at hello@theytoldmeto.com.

Privacy Policy·Terms of Service