Crossdeck
Open the app

Legal

Privacy Policy

Last updated May 31, 2026

The short version. Crossdeck is built to run on your device. Your network connections and your column layout stay on the device you use them on. We don't store your deck on our servers, we don't sell your data, and we never post on your behalf without an explicit action from you.

1. Who we are

Crossdeck is operated by Wepala, LLC (“Crossdeck”, “we”, “us”). This policy explains what information the Crossdeck application and this website handle, why, and the choices you have. Questions? Email privacy@wepala.com.

2. Information that stays on your device

Crossdeck is local-first. The following live in your browser/app storage on your device, not on our servers:

  • The networks you connect and the access tokens or app passwords used to talk to them.
  • Your deck: columns, sources, ordering, and per-column muted words.
  • Cached posts fetched from your connected networks, kept only to render your columns.
  • Local preferences such as theme.

Because this data is on your device, clearing your browser storage or signing out removes it. We cannot retrieve it for you, because we never had a copy.

3. Connecting Bluesky, Mastodon and other networks

When you connect a network, you authenticate directly with that network — an app password for Bluesky, or OAuth authorisation on your home instance for Mastodon. Crossdeck then talks to that network's API from your device using the credential you provided, to read the feeds you asked for and to publish posts you explicitly send. Your use of each network remains subject to that network's own terms and privacy policy.

We do not receive, proxy, or store your network credentials on our servers. Disconnecting a feed (from the column's source menu or Settings → Connections) revokes Crossdeck's access and removes the cached posts for that source from your device.

4. Information we process on our servers

We aim to keep server-side processing to the minimum needed to deliver the service:

  • This marketing website is served as static files. Our hosting provider may process standard request metadata (such as IP address and user agent) in server logs for security and to keep the site running.
  • Support requests. If you email us or use the support form, we receive the contact details and message you send so we can reply and keep a record of the conversation.

We do not run advertising or third-party tracking pixels on this site.

5. What we never do

  • We do not sell or rent your personal information.
  • We do not post, like, boost, or follow on your behalf without an explicit action from you.
  • We do not build advertising profiles from your feeds.

6. Cookies and local storage

The application uses your browser's local storage to hold your deck and connections, as described above — this is essential to how the product works and is not used for tracking. The marketing site does not set advertising or analytics cookies.

7. Children

Crossdeck is not directed to children under 13 (or the minimum age of digital consent in your country), and we do not knowingly collect their personal information.

8. Security

We use reasonable technical and organisational measures to protect the limited information we handle. No method of transmission or storage is completely secure; keep the device you use Crossdeck on protected, since your connections live there.

9. Your rights

Depending on where you live, you may have rights to access, correct, or delete personal information we hold (for example, support correspondence). Most of your Crossdeck data is on your device and is yours to manage or delete directly. For anything held by us, contact privacy@wepala.com and we'll respond as required by applicable law.

10. Changes to this policy

We may update this policy as the product evolves. When we make material changes we'll update the “Last updated” date above and, where appropriate, give additional notice.

11. Contact

Wepala, LLC — privacy@wepala.com. For general help, see Support.