Privacy policy
Last updated: 12 June 2026 · applies to crossfriend.xyz
crossfriend exists to do one thing: let people who already know you on one platform find you on another — only where you have explicitly opted in. Privacy is not a feature of this service; it is the service. This policy describes exactly what we collect, what we do with it, and how you delete it. We never sell your data, we show no advertising, and we run no analytics or tracking.
Who we are
crossfriend ("we") is operated as a small independent service at crossfriend.xyz. Contact for anything in this policy: privacy@crossfriend.xyz.
What we collect
- Linked platform identities. For each platform account you connect: the platform name, your account's platform identifier (e.g. a SteamID, a Discord ID, a Bluesky DID, a Mastodon address), and your public handle or display name there. Signing in proves you own the account — we only ever link identities you have authenticated or explicitly selected.
- OAuth tokens. Where a platform requires a token to read data on your behalf (Discord, X, Epic Games, Mastodon), we store that token encrypted at rest and use it only for the reads described here. Bluesky's sign-in token is used once to prove your identity and then discarded — never stored. Steam sign-in (OpenID) involves no token at all.
- Your Discord connections (with your permission): the verified accounts on your Discord profile, fetched live when you review them — and only the ones you tick are linked here. We never link a platform from a denylist we maintain for child-safety reasons.
- Friend and follow lists. When you scan for friends (and to filter out people you already know), we read your own friend/follow list from the platform, live. These lists are held in memory for at most about five minutes (rate-limit caching) and are never written to our database. We never read anyone's social graph except as visible to your own authenticated account.
- Consent records. Your grants (who may find you, where, under what conditions), access requests and their outcomes, decline cooldowns, and blocks.
- The disclosure log. An append-only record of every disclosure event involving your identity: reveals, requests, approvals, declines, blocks, unblocks. This log exists so that your consent is provable — see "Retention" for how it interacts with deletion.
- A session cookie. One signed, strictly-necessary cookie that keeps you logged in. No analytics cookies, no advertising cookies, no third-party trackers.
- Error reports. If error reporting is enabled, crash details go to Sentry (a processor) with cookies, authentication headers, and URL query strings stripped before sending.
How we use it
Solely to operate the service: authenticating you, reading your own connection lists when you ask, evaluating other people's consent rules before showing you anything, and keeping the audit trail that makes consent enforceable. No profiling, no advertising, no model training, no sale or rental of data — ever.
How we share it
- With other users — only as you direct. Disclosure of your linked identities to other users is the product, and it happens strictly under your own grants: you choose the platform pair, the relationship required, and whether each disclosure needs your per-person approval. Grants are revocable at any time; blocks override everything and are invisible to the person blocked.
- With the platforms you link. Reading your data requires API calls to that platform (Discord, Steam, etc.); those requests are governed by the platform's own privacy policy. We use Discord API data (your identity and verified connections) only as described above, consistent with the Discord Developer Terms of Service and Developer Policy.
- Processors. Our hosting provider (the server this runs on) and, if enabled, Sentry for scrubbed error reports. No other third parties receive any data.
- Legal. We may disclose data if required by law.
Retention
- Linked accounts, grants, and blocks: kept until you unlink or erase them.
- OAuth tokens: kept until you unlink the account, erase your profile, or the platform revokes our access — whichever comes first; then deleted.
- Friend/follow lists: in memory only, at most ~5 minutes, never persisted.
- The disclosure log is append-only. When you erase your account, every personal detail in the log is redacted (a "tombstone"), but the fact that a disclosure event happened is retained. This permanence is deliberate: it is what makes consent — yours and other people's — provable after the fact.
Deleting your data
Deletion is self-serve and immediate — no email required, though you can always reach us:
- Unlink a single platform from your dashboard: revokes every grant using that account (in both directions), redacts the account record, and deletes its stored token.
- Erase your whole account from the dashboard's danger zone: removes your profile and all linked accounts, revokes all grants, drops pending requests and stored tokens, and tombstones your disclosure-log entries as described above.
- Revoke from the platform's side (e.g. de-authorising crossfriend in your Discord settings): we detect the dead token, delete it, and stop all reads; your account here stays until you decide.
You may also email privacy@crossfriend.xyz to request access to, correction of, or deletion of your data, and we will respond promptly. Depending on where you live you may have statutory rights (e.g. under UK/EU GDPR) to the same effect; nothing here limits them.
Age
crossfriend is for adults only. You must be 18 or older to use it; minors are never permitted as users and are never discoverable, and this is enforced in the engine itself, not just in policy.
Security
All traffic is HTTPS. Stored OAuth tokens are encrypted at rest. Sessions are signed cookies. Friend-graph data is never persisted. No system is perfectly secure, but the architecture is built so that the most sensitive data is either never stored or stored encrypted.
Changes
If this policy changes, the new version will be posted here with an updated date. Material changes will be flagged on the dashboard.