DevMeme · Legal
Privacy Policy
Last updated June 30, 2026
DevMeme is a gallery of programming memes and software-engineering humor. This policy explains exactly what we collect, why, and the control you keep over it — in plain English.
This Privacy Policy explains how DevMeme (“we”, “us”, the operator of devme.me and its subdomains) handles personal information when you browse the gallery, sign in, save and like memes, comment, or use private-beta community features when enabled. We built DevMeme to be light on data: there are no passwords, no advertising trackers, and we never touch your code or repositories. If anything here is unclear, email [email protected].
Who this policy covers
This policy applies to the DevMeme website and the accounts, saves, votes, comments, and community features when enabled. It does not cover third-party websites we link to (for example, the original source of a meme), or the sign-in providers you choose — those services have their own privacy policies. For the purposes of the GDPR and similar laws, DevMeme is the data controller for the information described below. You can reach us about any privacy matter at [email protected].
Information we collect
Information you give us
- When you sign in with a provider (GitHub, Google, Apple, or Telegram): your name or
username, email address when shared by that provider, and avatar image as shared by that provider,
plus the unique account identifier the provider assigns. With Apple you may choose to hide your
email, in which case we receive a private relay address. Telegram does not share email for the
openid profilescopes we request. - When you sign in by email (the passwordless “magic link”): your email address. Nothing else — there is no name field in the email flow.
- Content you create: the memes you bookmark or save, the votes you cast, the comments you write, and any community posts or media you submit if those features are enabled. Your chosen display name and avatar accompany the content you make public.
- Reports you make: if you report a comment, we record the report, the reason you select, and that it came from your account, so our moderators can act on it.
Information collected automatically
- Technical & device data: your browser/user-agent string, viewport size, and connection type, used to serve the right layout and to debug.
- IP address: like any web server, ours receives your IP address with each request. For counting views it is converted to a one-way hash and is never stored in the clear; for sign-in and security it helps us rate-limit requests and protect the service against abuse and spam. We do not use it to build a profile of you or to work out your precise location, and we do not sell it.
- Usage & engagement analytics (first-party): to understand how DevMeme is used and make it better, we record events such as memes viewed, votes, saves, shares, page navigation, and which categories you open — together with the page you are on, the site or link you arrived from (referrer), and any campaign tags in that link (UTM parameters). These events carry a randomly-generated, per-visit identifier so a single session makes sense, but they are not linked to your account or IP address, never sold, and never shared for advertising or across other websites.
- Performance metrics: Core Web Vitals (such as load, layout-shift, and input-response timings) and the page they relate to, so we can keep the site fast. These are not tied to your account.
- On-device memory: to keep browsing smooth, your browser stores a few things locally on your device — your theme, recently-seen memes (so you are not shown the same ones again), your saves and votes, and a short-lived session identifier. These stay on your device; see section 3.
What we deliberately do not collect
- Passwords — sign-in is passwordless, so there is none to store or leak.
- Your source code, repositories, or private provider data beyond the basic profile fields listed above.
- Payment information — DevMeme is free.
- Precise geolocation and third-party advertising or cross-site tracking identifiers.
Cookies & local storage
We use only first-party cookies and on-device storage — no advertising or cross-site tracking cookies, so nothing here follows you around the web. The essential cookies are required to sign you in and keep you signed in; the rest remember your preferences, keep browsing smooth, or power our own first-party analytics. None of it is shared with advertisers.
| Name | Purpose | Type | Lifetime |
|---|---|---|---|
devmeme_session | Keeps you securely signed in (httpOnly session token). Essential. | Essential | ~30 days |
devmeme_auth_uid | Tells the interface you are signed in so it can show your account. Not a security token. | Essential | ~30 days |
devmeme_uid | Legacy anonymous identifier, read only to merge a pre-account guest’s saves/votes. | Functional | Until replaced |
devmeme_oauth_state, devmeme_oauth_verifier, devmeme_oauth_next | Protect the sign-in round-trip (CSRF/PKCE) and return you to the page you came from. | Essential | ~10 minutes |
devmeme_oauth_native | Used only inside our native iOS app's sign-in round-trip. Web visitors never receive it. | Essential | ~10 minutes |
theme, devmeme:preferences (local storage) | Remember your light/dark choice and display settings on this device. | Functional | Until you clear it |
devmeme:viewHistory (local storage) | Remembers memes you have already seen so you are not shown the same ones again. | Functional | ~30 days (capped at ~1,000 entries) |
devmeme:votes, devmeme:bookmarks (local storage) | Remember your votes and saves on this device, including before you sign in. | Functional | Until you clear it |
devmeme:analytics-session-id (session storage) | A randomly-generated, per-visit identifier that groups our own first-party analytics for one session. Not linked to your account. | Analytics | Cleared when you close the tab |
You can clear or block cookies in your browser settings at any time; blocking the essential ones will sign you out and disable saving across devices. Clearing on-device storage resets your local history and preferences on that device.
Push notifications
If you choose to turn on notifications, your browser creates a push subscription
and we store what is needed to deliver them: the push endpoint URL your browser provides, the two
public keys that encrypt each message (p256dh and auth), and your
browser's user-agent string. We use this only to send the notifications you asked
for. You can turn notifications off at any time in your browser or device settings — that revokes
the subscription, and we delete it on our side. Delivery happens through your browser vendor's push
service (for example Apple, Google, or Mozilla), which we do not control.
How we use your information
- Create your account and sync your saves, upvotes, downvotes, and history across your devices.
- Show your bookmarks and voted jokes, and operate comments and communities.
- Send you a sign-in link when you ask for one, and the notifications you turn on.
- Keep the service secure, prevent abuse and spam, and enforce our Terms of Service.
- Measure and improve performance, and understand which features are used so we can make DevMeme better.
- Comply with legal obligations when they apply.
Legal bases (GDPR / UK GDPR)
Where the GDPR or UK GDPR applies, we rely on:
- Performance of a contract — to give you an account and sync your content.
- Legitimate interests — to secure the service, prevent abuse, and understand and improve how DevMeme performs and is used (first-party analytics), balanced against your rights.
- Consent — where the law requires it, such as turning on push notifications; you can withdraw it at any time.
- Legal obligation — when we must retain or disclose data to comply with the law.
How we share information
We do not sell your personal information, and we do not share it for advertising. We disclose data only:
- To the sign-in provider you choose (GitHub, Google, Apple, or Telegram) during authentication.
- To our email provider, Resend, to deliver your one-time sign-in links.
- To your browser's push service (such as Apple, Google, or Mozilla) when you enable notifications, solely to deliver them.
- To the infrastructure that runs DevMeme — our own servers and self-managed database, search, and cache — under confidentiality obligations. We never hand your data to advertising networks or data brokers.
- To authorities where we are legally required to, or to protect our users, the public, or our rights.
Content that is public
Comments, votes, private-beta community posts, and the display name and avatar you sign in with may be visible to other people on DevMeme when those features are enabled. Please don’t post anything you would not want to be public.
How long we keep it
- Account and content data is kept while your account is active.
- When you delete your account (or ask us to), we delete or anonymize your personal data within a reasonable period, except where we must keep some of it to comply with the law.
- A push-notification subscription is deleted as soon as you turn notifications off or your browser revokes it.
- First-party analytics and performance data is retained in aggregate to track trends over time; it is not tied to your identity.
- Ephemeral signals like view counters and trending scores expire automatically.
- Security and abuse-prevention logs are kept only as long as needed for that purpose.
Your rights & choices
Depending on where you live, you may have the right to:
- Access the personal data we hold about you and get a copy (portability).
- Correct inaccurate data or delete your data.
- Object to or restrict certain processing, and withdraw consent.
- Under the California CCPA/CPRA: to know, delete, and correct your data, and to opt out of any “sale” or “sharing” — note we do neither — without being treated differently for exercising these rights.
To exercise any of these, email [email protected]. We may need to verify your identity first. You also have the right to complain to your local data protection authority.
Because we do not sell or share your personal information, there is nothing for you to opt out of on that front — but where it applies, we treat a recognized browser opt-out signal such as Global Privacy Control (GPC) as a valid request.
How we protect your data
Sign-in is passwordless, so there is no password to be stolen. Session tokens are stored in httpOnly cookies that scripts on the page cannot read, and traffic is encrypted in transit. No method of storage or transmission is ever 100% secure, but we work to protect your information and to limit what we collect in the first place.
International data transfers
DevMeme is available worldwide, and your information may be processed in countries other than the one you live in. Where required, we put appropriate safeguards in place for such transfers.
Children
DevMeme is intended for developers and is not directed to children under 13 (or under the minimum age of digital consent in your country, where higher). We do not knowingly collect personal data from children; if you believe a child has provided us data, contact us and we will remove it.
Changes to this policy
We may update this policy as the product evolves. When we do, we’ll change the “last updated” date above, and for material changes we’ll provide a more prominent notice. Continued use after a change means you accept the updated policy.
Contact
Questions, requests, or concerns about privacy go to [email protected]. For the rules that govern your use of the service, see our Terms of Service.