Strand ("we", "our", "the app") is a social media analytics companion for iOS developed by Becar. We believe your data is yours. This policy explains what we collect, why, and how we protect it.
1. Information we collect
Social media data from Meta APIs. When you connect your Instagram or Threads account via Meta's OAuth 2.0 login, we request the following permissions:
instagram_business_basic — your public profile information (username, display name, profile picture, biography, follower count, following count, media count)
Gamification data. Your XP, streaks, levels, achievements, and goals are generated and stored locally by the app.
No additional data. We do not collect device identifiers, location data, browsing history, or any data beyond what is listed above.
2. How we use your data
We use your social media data exclusively to:
Display your analytics dashboard (follower growth, engagement rates, post performance)
Calculate engagement metrics and trends over time
Evaluate progress toward goals you set within the app
Power gamification features (XP, streaks, achievements) based on your activity
We do not use your data for any other purpose, including advertising, profiling, selling, or sharing with third parties.
3. What we do NOT do
We do not collect or store your social media passwords
We do not read your direct messages
We do not access your contacts, camera, microphone, or phone data
We do not sell, rent, license, or share your data with third parties
We do not use your data for advertising or ad targeting
We do not track you across other apps or websites
We do not use your data for surveillance, discrimination, or any unlawful purpose
We do not transfer your data to data brokers
4. How authentication works
Strand uses Meta's official OAuth 2.0 authorization flow. When you tap "Connect," you are redirected to Meta's login page — we never see or handle your password. Meta provides us with an access token that allows us to read your analytics data. This token is stored securely in your device's Keychain (Apple's hardware-encrypted storage) and is never shared.
Our server (api.strandapp.xyz) handles the OAuth token exchange process as required by Meta's API. The server acts as a stateless proxy — it does not log, store, or retain your access token or any user data. The token is returned to your device immediately after exchange.
5. Where your data is stored
On your device. All analytics data, goals, XP, streaks, and achievements are stored locally using Apple's SwiftData framework.
iCloud sync. If you have iCloud enabled, your data is synced privately across your Apple devices using Apple's CloudKit service. This data is encrypted in transit and at rest, stored in your personal iCloud account, and is not accessible to us. Apple's iCloud is subject to Apple's Privacy Policy.
On our server. Our authentication server processes OAuth token exchanges but does not store any user data. It has no database and retains no state between requests.
6. Data retention and deletion
Your analytics data is stored on your device (and in your iCloud account if enabled) for as long as you use the app. You have full control over your data:
Disconnect an account — remove a connected social account from within the app at any time. This removes all analytics data associated with that account.
Delete all data — uninstall the app to remove all data from your device. To also remove iCloud data, go to Settings → [Your Name] → iCloud → Manage Storage → Strand → Delete Data.
Revoke API access — revoke Strand's access to your Meta account at any time from Meta Business Integrations settings. This immediately prevents us from accessing your data through Meta's APIs.
Request deletion — contact us at privacy@strandapp.xyz to request confirmation that your data has been deleted or to request deletion of any data on our server (though our server retains none).
In accordance with Meta's Platform Terms, we affirm that:
We only use Meta Platform Data to provide the app's analytics features as described in this policy
We do not sell, license, or purchase Meta Platform Data
We do not transfer Meta Platform Data to any advertising network, data broker, or other service that monetizes data
We do not use Meta Platform Data for surveillance or to discriminate against individuals
We will delete all Meta Platform Data upon user request or when it is no longer necessary for the permitted purpose
We comply with all applicable laws regarding data collection, use, and disclosure
9. Security
We take reasonable measures to protect your data:
OAuth tokens are stored in Apple's Keychain (hardware-encrypted, per-device)
All network communication uses HTTPS/TLS encryption
Our server is stateless and retains no user data
iCloud data is encrypted in transit and at rest by Apple
The app uses only official Meta APIs and never scrapes data
10. Your rights (GDPR, CCPA)
Regardless of where you live, you have the right to:
Access — request a copy of the data we hold about you (note: all data is stored on your device and accessible to you directly)
Deletion — request deletion of your data at any time (see Section 6)
Portability — your data is stored locally and can be accessed on your device
Correction — your social media data is refreshed from Meta's APIs on each sync; corrections to your profile should be made on Meta's platforms
Objection — you can disconnect your account at any time to stop all data processing
Non-discrimination — we will not discriminate against you for exercising any of these rights
For California residents (CCPA): We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. You may contact us to exercise your rights under the California Consumer Privacy Act.
For EU/EEA residents (GDPR): Our legal basis for processing your data is your explicit consent, provided when you connect your social media account. You may withdraw consent at any time by disconnecting your account.
11. Children's privacy
Strand is not intended for children under 13 (or under 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with their data, please contact us at privacy@strandapp.xyz and we will promptly delete it.
12. Changes to this policy
We may update this policy as the app evolves. We will notify users of significant changes through the app. The "last updated" date at the top reflects the most recent revision.
13. Contact us
Questions or requests about this privacy policy or your data? Contact us: