This page describes what data Just Forwarded collects, why, and what happens to it. Plain English; no legal boilerplate beyond what the OAuth providers require us to disclose.
What we collect
Account info from Google sign-in: your email address and a stable Google subject ID. We use these to identify you on return visits and to deduplicate accounts. We do not pull contacts, calendar, or any other Google scope.
Username: the URL-safe handle you pick on signup. It becomes part of your share URLs.
The markdown you publish: filename, slug, full content, created/updated timestamps. You are the owner of this content.
CLI tokens: we store a SHA-256 hash of each token plus a label and last-used timestamp. We never store the token cleartext after it's first shown.
View counts: aggregate counts and last-viewed timestamps for your shares. We hash visitor user-agent strings to deduplicate within a window; we do not store raw IPs in our database.
Cookies: a signed HTTP-only session cookie (rs_session) for the dashboard, plus short-lived cookies during the OAuth handshake (rs_pending, rs_oauth_state). No third-party tracking cookies.
How we use it
Operate the service: render your shares, authenticate the dashboard and CLI, show you who's viewing what.
Diagnose problems: server logs (which may contain IP addresses) help us debug errors. We don't analyze them for marketing.
We do not sell your data. We do not use your content to train models.
Who else sees it
Anyone you send a share URL to. Public share pages are public until you set a password (when that feature ships) or delete the share.
Google, via the OAuth handshake. Their privacy policy applies to that exchange.
Our hosting provider (Railway), where the database and application run. Standard sub-processor relationship.
Product analytics (PostHog, when wired up): we send server-side events for signups, logins, publishes, and views — no identifying client-side tracking on share pages.
Your rights
Delete a share: from the dashboard or via repo-share delete <slug> when shipped. The share returns 410 Gone immediately and is hard-deleted from our records on a 30-day rolling window.
Revoke a CLI token: from the dashboard, instantly.
Delete your account: email [email protected]. We will delete your user record, your tokens, and all your shares within 7 days.
Export your data: same email. We'll send back JSON with your shares' content and metadata.
Retention
We keep your data while your account is active. Soft-deleted shares are hard-deleted on a 30-day cycle. Server logs roll over within 14 days. Backups are retained according to our hosting provider's defaults; we do not export or analyze backup data.
Children
Just Forwarded is not intended for users under 13.
Changes
If we materially change this policy, we'll bump the date at the top and email registered users where the change affects their data. Old versions are not archived publicly during beta — ask if you want a copy.
Contact
Questions, requests, or anything that looks wrong: [email protected].