RG Herd Privacy & Security

Operational transparency • Minimal collection • No ad-tech nonsense

Privacy, Retention & Security Policy

This document explains what data is collected, how it is used, how long it may be retained, and how the system is secured. This is not a marketing document. It is an operational transparency document.

Read the policy Contact Ops
Effective Date: 2/17/2026
Operator: RG Herd Infrastructure
Service: | base | (base.rgherd.com)

1. Purpose

This document explains:

2. Data We Collect

When you use | base |, the system may collect the following categories of data:

Account information
  • Username
  • Email address (if provided, not required)
  • Account creation timestamp
Authentication & session data
  • Login timestamps
  • Device identifiers
  • Session identifiers
  • Token issuance records
Network & technical metadata
  • IP address
  • User agent string
  • Request timestamps
  • Basic connection metadata
Message & content data
  • Messages and media posted in unencrypted rooms
  • Encrypted message and media payloads (stored but not readable)
Note

“Collect” in this context includes data created as part of normal system operation (authentication logs, network logs, storage records).
RG Herd does NOT collect, use or sell data for advertising or monetization.

3. Encrypted vs. Unencrypted Rooms

| base | supports end-to-end encrypted (E2EE) rooms. Room type determines what is visible to the server. Users are responsible for choosing the appropriate room type for their needs.

Encrypted rooms
  • Message content is encrypted client-side.
  • The server stores encrypted payloads but cannot read message contents.
  • Metadata (such as room membership and timestamps) remains visible to the server.
Unencrypted rooms
  • Message content is visible to the server.
  • Media uploaded is stored server-side and accessible to administrators.

4. How Data Is Used

Data is used for authentication and session management, preventing abuse, maintaining service stability, security monitoring, investigating violations of Terms of Service, and infrastructure troubleshooting.

Used for
  • Authentication and session management
  • Preventing abuse
  • Maintaining service stability
  • Security monitoring
  • Investigating Terms of Service violations
  • Infrastructure troubleshooting
Not used for
  • Sold data
  • Advertising
  • Behavioral profiling
  • Marketing analytics
  • Sharing for marketing purposes

5. Logging & Monitoring

The platform uses standard infrastructure logging and security monitoring practices to detect abuse, prevent unauthorized access, maintain service integrity, and mitigate denial-of-service or exploit attempts.

Monitoring is conducted strictly for operational and security purposes. The system does not engage in commercial surveillance or data monetization.

6. Data Retention

Retention varies depending on data type. Some data is retained only as long as necessary for operations and security. Some data persists by design unless deleted or configured with retention windows.

Account records

Retained while the account is active. May be retained for a limited period after deactivation for administrative or legal purposes.

Authentication logs

Retained for a reasonable operational period to investigate abuse and maintain security.

Message data
  • May persist indefinitely unless deleted by user or server configuration.
  • May be subject to retention windows depending on room configuration.
  • Unsynchronized messages may expire permanently.
Backups

System backups may exist for disaster recovery purposes. Backups are not guaranteed to be permanent archives.

7. Administrative Access

Server administrators may access unencrypted room content, account status, session metadata, and IP/login logs for operational and moderation purposes. Administrators do not have access to the contents of properly encrypted messages.

Scope limit

Administrative access is limited to operational and moderation purposes.

8. Data Disclosure

Data may be disclosed only when required by valid legal process, necessary to prevent imminent harm, or necessary to protect system integrity. Requests for user data must comply with applicable law.

9. Security Practices

The platform uses layered security practices. No system is immune to compromise. Users are responsible for securing their own devices and encryption keys.

Platform safeguards
  • Encrypted transport (HTTPS/TLS)
  • Delegated authentication
  • Access control enforcement
  • Rate limiting and abuse detection
  • Infrastructure monitoring
User responsibilities
  • Protect account credentials
  • Protect encryption keys
  • Manage device security
  • Back up important data

Loss of encryption keys may result in permanent loss of access to encrypted messages.

11. International Users

The platform may be hosted in specific jurisdictions. Data may be stored in those jurisdictions. Users are responsible for complying with laws applicable to their location.

12. Policy Updates

This policy may be updated at any time. Continued use of | base | constitutes acceptance of any changes.

13. Contact

For privacy-related questions:

help@rgherd.com