This Privacy Policy describes how newsence ("we", "us", "our") collects, uses, and protects information when you use the newsence service (the "Service"). By using newsence, you agree to the practices described here.
This document is a working draft and not a substitute for legal advice. If you are using newsence to process regulated data, please consult a qualified attorney for your jurisdiction.
1. Information we collect
We collect information in three categories:
1.1 Account information
When you sign up via Google OAuth, we receive your name, email address, and profile picture from Google. When you sign up via email one-time-password, we receive only your email address. We do not receive or store passwords.
1.2 Content you create or save
newsence stores articles you save, RSS / Twitter / YouTube / Hacker News feeds you connect, documents you write, collections you organise, AI chat messages you send, and entity / concept relations the AI extracts from your saved content.
1.3 Usage and technical information
We collect anonymised product analytics through PostHog (page views, clicks, feature usage), and standard web server logs (IP address, user agent, referrer, request timestamps) for security and debugging.
2. How we use information
- To provide, maintain, and improve the Service
- To generate AI summaries, translations, semantic embeddings, and entity extractions from content you save or connect (your content is sent to AI providers for this purpose — see Section 3)
- To deliver transactional emails (sign-in codes, account notifications, billing receipts)
- To analyse aggregate product usage and improve features
- To detect and prevent abuse, fraud, and security incidents
- To comply with legal obligations
3. Third-party services
newsence relies on the following third-party providers. By using newsence, you also agree to their privacy practices:
- Google — OAuth sign-in (we receive your name, email, and profile picture if you choose Google sign-in)
- Supabase — managed PostgreSQL database and pgvector storage for your account, content, and embeddings
- Vercel — web hosting and serverless function execution
- Cloudflare — Workers for scheduled feed crawling, image proxying, and edge functions
- OpenRouter — AI inference provider. Content you save or chat about is sent to OpenRouter, which routes to underlying models (e.g. Anthropic Claude, OpenAI, Google Gemini) for summarisation, translation, embedding, and chat responses.
- PostHog — product analytics (anonymised event tracking)
- Polar — subscription billing and payment processing for paid plans (we never see your full card number)
- Better Auth — open-source authentication library running on our infrastructure (handles session tokens)
4. Data sharing
We do not sell your personal information. We share data only with the third-party providers listed above as necessary to operate the Service, with law enforcement when legally required, or with your explicit consent.
5. Cookies
We use first-party HTTP-only cookies for authentication (managed by Better Auth) and PostHog cookies for analytics. You can disable cookies in your browser, but doing so will prevent you from signing in.
6. Data retention and deletion
We retain your data for as long as your account is active. You can request account deletion at any time by contacting us at the email below; we will permanently delete your account and associated content within 30 days, except where retention is required by law (e.g. billing records).
7. Your rights
Depending on your jurisdiction, you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing. To exercise these rights, contact us at the email below. We will respond within 30 days.
8. International data transfers
Our infrastructure providers operate globally. Your data may be processed in the United States, European Union, or Asia depending on the provider. Where required, we rely on standard contractual clauses or equivalent safeguards.
9. Children
newsence is not intended for users under 13 years old (or 16 in jurisdictions where applicable). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.
10. Security
We follow industry-standard security practices including encrypted connections (HTTPS / TLS), encrypted database storage, and limited internal access. No internet service is 100% secure; we cannot guarantee absolute security but we will notify affected users in the event of a confirmed breach.
11. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent changes. For material changes that affect your rights, we will notify you by email or in-product notice before the change takes effect.
12. Contact
For privacy questions, data requests, or to report a concern, contact us at hello@newsence.app.