Waterfall Privacy Policy

Last Modified: 18th December 2019

Waterfall (referred too hereafter as "Waterfall", "us", "we", or "our") based in the United Kingdom. We try our best to be transparent about what we're doing with the site, and this includes how we handle your personal data and keeping it secure. This document (the "Privacy Policy") is intended to shed some light on how we treat the information you provide when you visit waterfall.social ("the site"), any of the blogs hosted on the site, or any of our other domains, products, or apps (including mobile - collectively with the site, the "Services").

What this Privacy Policy covers

This Privacy Policy covers our treatment of data gathered when you use the Services. It does not apply to the practices of third parties we do not own, control, or manage, including but not limited to any third party websites, services, applications, or businesses ("Third Party Services"). Waterfall tries to work only with Third Party Services with similar or compatible privacy policies, and abides by the European Union's General Data Protection Regulations.

Also; this doesn't cover what our users do on their blogs. While we try and prevent any tracking scripts from being added, we can't guarantee we get them all. When you visit a blog, it might collect information that we don't.

What We Collect and How We Use It

In the course of providing the Services, we collect and recieve various types of information. Some is necessary to use the Services, such as some basic analytics information on how you're using the site to provide recommendations. We describe more about the information and their uses below.

We rely on the following bases to lawfully collect and use your information:

  • First, we need to process your information in certain ways to provide the Services to you in accordance with our Terms of Service. This processing is necessary to perform the contract between you and us, and our TOS makes it clear that processing this information to provide personalised recommendations to you, and to provide detailed analytics regarding selected creator's content is a necessary part of providing the Services. All data provided to creators is fully anonymised.

  • Second, where you've given us consent to use your information in certain ways, we will rely on your continued consent. This consent can be revoked at any time.

  • Third, as described below, in certain cases we might process information where necessary to further legitimate interests, whether those of ourselves, our users (such as to decide on additional site features that benefit everyone) or partners, but only when those interests are not overridden by your own rights or interests.

Occasionally, Waterfall may rely on other legal bases to process your information, such as to protect your vital interests or those as others (such as where there is a risk of imminent harm), where necessary in the public interest, or to comply with legal obligations. Where appropriate, users will be informed of these uses.

Account Information: When you create an account on the Services (an "Account"), we ask information such as your email address, blog names, password, date of birth, etc ("Account Information") in order to provide the Services. We may use this data to allow or deny access to certain types of content, such as by using your age to prevent access to adult content, or your provided blacklist to help you avoid content you don't want to see.

You can keep yourself as anonymous as you want on Waterfall, but remember that if you post something, you should, by and large, assume it's here forever, same as with anything on the Internet. Blogs are visible publicly by default, but you can password protect them.

Email Communications: As part of the Services, you will occasionally receive email and other communications from us. Administrative communications are considered part of the services (for example, account recovery, password reset, and emergency security notifications), which cannot be opted out of. Other notifications, such as when a user follows a blog you own, can be opted of from the Settings pages. We will never email you to ask for your password.

Information about Your Accounts on Third Party Services: You can link your Account to certain Third Party Services, such as Discord. In order to do so, you can choose to provide us with your username or other user ID for a Third Party Service, and you may then be required to log into that Service. After you complete this login process, we will receive a token that allows us to access your account on that service so that we can, for example, post your content to that service when you ask us to. We do not receive or store your passwords for your Third Party Service accounts.

User Content: By default, all sharing through the Services is public. When you provide content to us, it is published so that anyone can view it. We do have options for restricted access, such as password protected blogs, blocking users, etc that allows private publishing. Unless you specifically select otherwise, you should assume content is public. Please also be aware that though you may have shared something privately with another User, they may choose to subsequently post it in a public manner. Content published publicly is accessible to everyone, including search engines (note: when you disable your blog from being searched on the site, we also ask search engines not to index it. Most respect this request, though there are some that don't) and this may affect the control you have regarding that content. In addition, information shared publicly may be copied and shared throughout the Internet, including through actions or features native to the Services, such as reblogging.

Don't let this put you off form sharing your creations or thoughts - just understand that it can be nearly impossible to get rid of something once it's out there.

Native Actions: The Services allow you to perform certain actions integral to the product, such as like, reblog, or comment on a post. These are all public actions, and a record is left on the notes of a post. We use information about native actions to improve the Services, such as by seeing which kinds of content are popular, which kinds of content have trouble spreading, etc. We also use this for personalisation - such as generating blog recommendations, etc.

Financial Information: We will sometimes collect financial information, such as information related to your payment method (valid credit card number, type, expiration date or other financial information). We ask for this information when you decide to purchase a paid Service. We do not, however, store that financial information; such information is stored by our payment processor (the "Payment Processor"), and use and storage of that information is governed by the Payment Processor's applicable terms of service and privacy policy. For Waterfall, we use Stripe. We do receive certain information from our Payment Processor - a unique token that we connect with your Account for audit and support purposes, and in the case of an artist on the Commission Market, an ID provided to us to allow directing the flow of payments.

Information Related to Use of the Services: We collect information about how people use the Services, including those with an Account. This type of information may be collected in our log files each time you interact with the Services. We use internal tools and third party applications and services (like Google Analytics) to collect and analyse this information. Some of this information may be associated with the IP Address used to access the Services, and some may be connected with your Account, and some may only be collected and used in an aggregated and anonymised form (as a statistical measure that wouldn't identify you or your Account).

Location Information: As well as your IP Address, which could be used to glean a rough location, we collect your timezone and local currency when you log in. We use this to determine the correct timezone for queued posts, and the currency to present to you when purchasing blog slots or a subscription on the Services.

Derived Information: As described above in "Native Actions" and "Information Related to Use of the Services," we may analyse your actions on the Services in order to derive or infer characteristics that may be descriptive of your Account (for example, what kinds of blogs you follow or what kinds of posts you view, like, or reblog). We use this information for the purposes described in "Information Related to Use of the Services" above.

With Whom Your Information Is Shared

We only share information when we have your permission to do so, have given prior notice (such as in this Privacy Policy), or that information is aggregated or anonymised and does not identify you. You confirm that you have all appropriate consents to upload and share the personal information of third parties.

Information Shared With and Received from out Affiliates: We do not share data with any business or group external to ourselves except as outlined below.

Information Shared with the Public through the Services: As noted above, by default, content on the Services is public. Because this kind of information is public and may be indexed by search engines, this information is inherently shared.

Remember, you can make a blog private or unsearchable in your Settings.

Information We Share with Your Consent or at Your Request: Without prejudice to your rights mentioned below, if you ask us to release information that we have about your Account, we will do so if reasonable and not unduly burdensome.

Information Shared with Other Third Parties: We may share or disclose public, aggregate or anonymised information with people and entities that we do business with, such as for the purposes of analytics.

Security and Information Retention

Protecting our systems and the information within is an uphill battle, but a necessary one. We do our best to make sure everything stays secure, and that the trust you put in us is deserved.

Your Account Information is protected by a password for your privacy and security. We may enable additional security features in the future, or you may elect to use any of the features provided to further enhance your security, such as Two-Factor Authentication. Choosing a strong, secure password is your responsibility. Waterfall cannot see your password.

Waterfall will retain account information for as long as necessary for the purposes set out above. You can, at any time, close your account and Waterfall will, within a reasonable timeframe, delete all information that is no longer required to comply with legal requirements, provide the Services, resolve disputes, enforce other agreements, or as otherwise permitted by law.

Legitimate Interests

Waterfall may use your data to provide, improve, and customise the Services and content we provide to you. This may include the sharing of your information for such purposes and we do so as it is necessary to pursue our legitimate interests and your legitimate interests in receiving personalized content and services. Using and sharing your information for such purposes is also necessary to enable us to pursue our legitimate interests of understanding how our Services are being used. Using your information for the reasons described in this Privacy Policy is also necessary to allow us to pursue our legitimate interests of improving our Services, obtaining insights into usage patterns of our Services, efficiency and interest of our Services for users.

We may also use your information for safety and security purposes, including the sharing of your information for such purposes and we do so, as it is necessary to pursue our and your legitimate interests of ensuring the security of our Services, including enhancing users' protection against harassment, intellectual property infringement, spam, crime and security risks of all types.

What Information You Can Access

If you have a registered Account, you can access most information associated with your Account by logging in and checking your Account Settings. All users, regardless of whether logged in or having an account, can remove cookies from their web browser settings.

Deleting Your Account

You can delete your account while logged in from your settings page. This action cannot be undone. Deletion will be effective immediately, though it will take some time for some data to be cycled out of backups, caches, etc. Data that will not be scrubbed includes any reblogs of your post, and data within them. Those will remain on the blogs of whoever reblogged them. If there's something you absolutely need gone, edit the post before deleting your account.


Waterfall is run by a British individual, and so information is primarily collected and processed in the United Kingdom. However, we also maintain servers in Canada, which serves as a secondary location for processing and collection. Under GDPR, we are permitted only to transfer information to countries outside of the EU with an adequate level of privacy protection. The Adequacy Decisions made under the old Data Protection Directive remain in force, meaning that Waterfall may, if ever required, transfer data between the countries of Andorra, Argentina, Canada, Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, and Uruguay.

Waterfall will maintain an up to date list of server locations on this page. Currently, servers are located in France, Canada, and the United Kingdom.

Waterfall will not store data in the United States due to doubts over the adequacy of US Privacy Protections.

Changes to The Privacy Policy

We may update this Privacy Policy occasionally, so you should check in now and then. If we make substantial changes, we will notify you either by email, staff post, or prominently posting a notice on the dashboard.

Questions or Concerns

If you have questions regarding privacy on the Services, please contact us using the support email. You are also welcome to contact us in the Discord server if a faster response is warranted.