Privacy Policy

Last updated: 2026-05-11

This Privacy Policy describes how Persona.bio ("we", "us") collects, uses, and protects information when you use the Service.

What we collect

When you sign in with Google we receive your email address, name, Google profile picture URL, and the Google identifier needed to sign you in next time. We store these on your user record so we can identify you and display your name on your persona.

When you answer questions, your answers are stored along with whether each answer should appear on your published persona. We sanitize submitted text to strip HTML before storage.

When you configure share rules or request access to another persona we store share rule rows (who you've granted access to) and share request rows (who has asked to see your persona).

We log routine request metadata (timestamp, IP address, user agent) to operate the Service and investigate abuse. We do not use this for advertising or sell it.

When someone views a published persona we record persona view events so the persona owner can see how often their page is read. Each event stores the persona slug, the source (HTML page, markdown export, or temporary share link), the time, the referring site, and a salted hash of the viewer's IP address. We do not store the raw IP. The hash lets a persona owner spot repeat visits without learning who the viewer is. View analytics are a Gold-plan feature; the data is collected for every published persona so we have history available when an owner upgrades.

We use a single session cookie to keep you signed in. We do not use third-party analytics or advertising trackers in the application.

How we use it

We use your information to:

  • Sign you in and identify you in the Service.
  • Display your persona to viewers you've granted access to.
  • Surface incoming share requests on your My Profile page.
  • Show persona owners how their published page is being read (Gold view analytics). Owners see counts and a short hash prefix for each view; they do not see raw IP addresses, viewer names, or viewer email addresses.
  • Operate and protect the Service (debugging, abuse investigation).

Who we share it with

Persona.bio is single-tenant and we do not sell, rent, or share your personal information with third parties for marketing. Limited sharing happens in three cases:

  • Hosting and infrastructure providers that store and serve your data on our behalf (currently Fly.io for compute and Tigris for backups). They process data only as necessary to provide their services.
  • Identity providers when you sign in (currently Google). Sign-in data flows to and from those providers under their terms.
  • Legal requirements when we are required to disclose information by law, subpoena, or to protect the rights, property, or safety of users or the public.

Where we store it

Your data lives in a SQLite database on a Fly.io volume in the United States, with continuous replication to Tigris (S3-compatible) for disaster recovery. We retain backups for 24 hours.

How long we keep it

We keep your data for as long as your account exists. Deleting your account (see Account Deletion below) removes your user row, answers, share rules, and pending share requests from the live database immediately. Backup snapshots expire on their own retention schedule (24 hours for Litestream).

Your rights

You can:

  • Access your data at any time on My Profile and via your published persona page.
  • Correct any data by editing your answers or your name on the authentication provider.
  • Delete your account from the Danger Zone on My Profile. Deletion is immediate and irreversible.
  • Contact us at feedback@persona.bio with any privacy question or request not covered above.

Cookies

We use one cookie, persona-session, to keep you signed in. It is HTTP-only, SameSite=Lax, and marked Secure in production. Clearing this cookie signs you out. We do not use third-party advertising cookies.

Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

Changes to this Policy

We may update this Policy from time to time. Material changes will be announced via email to active users (when transactional email is enabled) or via a visible in-app banner. The "Last updated" date above always reflects the current version.

Contact

feedback@persona.bio