← Back home Legal

Privacy Policy

Effective 26 May 2026 · v0.23.0

This Privacy Policy explains what Knewflash (“Knewflash”, “we”, “us”) collects when you use the Knewflash mobile app and related services, how we use it, who we share it with, and the choices you have. Knewflash is a media-sharing app where reactions to other people’s posts are themselves first-class content.

1. Who we are

Knewflash is operated by the Knewflash team. You can contact us about this policy at contact@strixthekiet.me.

2. The short version

We collect your phone number to sign you in, and a handle, date of birth, and (optional) profile photo that you choose.
We store the flashes, reactions, captions, messages, and friend / block / report actions you create.
We use Google Firebase for authentication, push notifications, and crash reports, and Google Cloud for storage and compute.
We do not sell your personal information and we do not show third-party ads in the app. However, content you post with a public or friends-only audience may appear in Knewflash’s own promotional materials (see section 5).
You can delete your account from inside the app at any time.

3. Information we collect

3.1 Account information

Phone number. Knewflash signs you in with your phone number via Firebase Phone Authentication. A one-time SMS code is sent to you to verify the number. Your phone number is stored against your account.
Handle. The unique username you choose. Handle changes are recorded in a handle history.
Date of birth. Collected once at sign-up so we can enforce a minimum age of 16. We store the date you provide.
Profile photo. Optional. If you upload one we store the image.

3.2 Content you create

Flashes and reactions. Photos and videos you record or upload, including their captions, audience setting (public, friends, or private to one friend), and the chain relationship to a parent flash if the post is a reaction.
Messages. Direct messages you send to friends, including any flashes you share into a conversation.
Social actions. Friend requests, friendships, blocks, reports, likes, and views.

3.3 Device and usage data

Push token. A Firebase Cloud Messaging (FCM) token for the device, used to deliver push notifications you have opted into.
Crash and diagnostic data. Firebase Crashlytics collects crash reports and limited device metadata (model, OS version, app version) when the app crashes or hits a non-fatal error. This helps us fix bugs.
Server logs. Our backend logs basic request metadata (timestamp, endpoint, response code, IP address, user id) for reliability, abuse prevention, and security. Logs are retained for a limited period and then deleted.
View events. When you open a flash, we record a single view event per flash per session so the poster can see who viewed their friends-only posts and so view receipts can be shown in private chats. View rows older than 90 days are deleted automatically.
Audit log. Moderation-relevant actions (setting your date of birth, changing your handle, profile photo changes, friend / block / report transitions, posting a flash, and any moderator action on your content) are written to an internal audit log. This is only accessible to our moderation team.

3.4 Device permissions

The app asks the operating system for permission to use the following. You can change any of these later in your device’s system settings.

Camera — to record flashes and reactions and to take a profile photo.
Microphone — so video recordings include sound.
Photo library — to let you pick existing photos or videos to share.
Push notifications — to deliver alerts you have enabled in Notification Settings.

4. How we use your information

To operate the core service: sign you in, show you flashes, deliver messages, build chains, and run the friend / block / report system.
To enforce safety: the minimum age of 16, blocks, the moderation queue, and removal of content that violates our Terms of Service.
To send push notifications you have enabled, such as friend requests, reactions, messages, and Ignite streak resets.
To investigate bugs and improve stability through aggregated crash and error data.
To respond to your support requests.
To comply with legal obligations and respond to valid legal process.

We do not use your personal information to train third-party machine-learning models, and we do not sell or rent it to anyone.

5. Promotional use of your content

Content you post with a public or friends-only audience — together with your handle and profile photo — may be used by Knewflash in its own marketing and advertising materials (for example screenshots, in-app spotlights, the Knewflash website, App Store and Google Play listings, social media posts, and paid advertising for Knewflash). Private flashes, direct messages, view receipts, and your moderation history are never used in advertising.

The licence that makes this possible is granted under section 5 of our Terms of Service. If you delete your account we stop using your content in new promotional materials, but copies already distributed in finished campaigns may remain in circulation.

6. How content is shared on Knewflash

Public flashes are visible to any Knewflash user, including in the feed, in search, and on your profile.
Friends-only flashes are visible to your friends. The poster of a friends-only flash can see a viewer list (handle, avatar, time) for that post.
Private flashes are sent to a single friend as a flash message inside your one-to-one conversation. They do not appear in any feed, search result, or profile grid. When the recipient opens a private flash, a view receipt is posted in that conversation so both of you can see it was viewed.
Blind flashes are blurred behind a tap-to-reveal gate in feeds and chats. Revealing one starts the reaction flow.
Your handle, profile photo, and public flashes are visible to anyone who searches for you or opens your profile, unless you have blocked them.

7. Who we share information with

We share information only with the service providers we need to run Knewflash, with people you share content with on the app, and where the law requires it.

Google — Firebase Authentication. Verifies your phone number and issues sign-in tokens.
Google — Firebase Cloud Messaging. Delivers push notifications to your device.
Apple — Apple Push Notification service (APNs). Used by Firebase Cloud Messaging to actually reach your iPhone.
Google — Firebase Crashlytics. Receives crash and non-fatal error reports.
Google Cloud Platform. Hosts our backend services (Cloud Run), database (Cloud SQL / Postgres), and stores your uploaded photos and videos (Cloud Storage).
Other users. Anyone you post to, react to, send a friend request to, or message will see the content you direct to them, plus your handle and profile photo. People you block can no longer see you.
Law enforcement. We will disclose information if we believe in good faith that we are legally required to, or to protect the safety of users.

8. International transfers

Knewflash is hosted on Google Cloud. Your information may be processed in the United States or other countries where Google operates infrastructure. We rely on Google’s contractual safeguards for international data transfers.

9. How long we keep your data

Account, flashes, reactions, messages, and social graph — kept while your account exists. They are deleted, or marked for deletion, when you delete your account.
View events — deleted automatically after 90 days.
Server request logs — kept for a limited operational period (typically up to 30 days) and then deleted.
Moderation audit log — retained for as long as needed for safety and abuse investigations, even after the underlying content is removed.
Crash reports — retained for the period set by Firebase Crashlytics (currently up to 90 days for individual events).

10. Your choices and rights

Sign out — from Settings → Sign Out. This does not delete your account.
Delete your account — from Settings → Delete account. This removes your profile, flashes, reactions, friendships, and messages from the app. Some safety and audit records are retained as described above.
Change your handle, profile photo, or notification preferences — from Settings inside the app.
Block or report another user — from their profile or from the long-press menu on a flash.
Revoke a device permission — from your phone’s system settings.
Access, correction, deletion, portability, objection, restriction — depending on where you live, you may have additional rights under local law (for example, GDPR in the EU/UK or CCPA in California). Email contact@strixthekiet.me and we will respond within a reasonable period.

11. Children

Knewflash is not for anyone under 16. We ask for your date of birth at sign-up and block accounts that report an age under 16. If you believe a child under 16 has created an account, please email contact@strixthekiet.me and we will remove it.

12. Security

Connections between the Knewflash app and our servers are encrypted in transit (HTTPS). Your uploaded media and database records are encrypted at rest by Google Cloud. No system is perfectly secure; please use a strong, unique passcode on your device and keep your phone number under your control, because the phone number on your account is what signs you in.

13. Changes to this policy

If we make a material change to this policy we will update the effective date above and, where appropriate, surface the change in the app before it takes effect. Continuing to use Knewflash after a change means you accept the updated policy.

14. Contact

Questions, requests, or complaints about this Privacy Policy: contact@strixthekiet.me.