Privacy Policy

Last updated: June 10, 2026

What we collect

• Your email and password. Stored hashed via Supabase Auth.
• Your RSS subscriptions. The feed URLs you choose to add.
• Article read state. Which articles you've marked read or starred.
• Service usage. Tokens, last-seen timestamps, API request metadata for rate-limiting and debugging.
• Billing info. Handled entirely by Stripe. We never see your card.

What we don't collect

• The content of conversations you have with Claude or other AI assistants. Newsmind only sees the tool calls Claude makes (e.g. "list_feeds") and returns articles in response.
• Behavioral tracking, ad pixels, third-party analytics SDKs.

Article content

We poll your subscribed RSS feeds and store the article content so your AI assistant can search and read them. We don't redistribute that content; it's shown only to you, the subscribed user. See Terms §10 for retention details.

How your data is shared

It isn't, except with the providers we use to operate the service:

• Supabase — database, auth, edge functions hosting
• Stripe — payment processing
• Cloudflare — DNS / CDN for the marketing site
• OpenAI — article text and search queries are sent to OpenAI's embeddings API (text-embedding-3-small) to power semantic search and story clustering. OpenAI's API terms prohibit training on this data. No account information is sent.
• Resend — transactional email delivery (sign-up confirmations, password resets, watch alerts you opt into)

We don't sell your data. We don't use it to train AI models.

Your rights

You can export your subscriptions as an OPML file at any time — ask your AI assistant to call the export_opml tool, or hit the same endpoint over REST with your access token. You can also delete your account at any time. See Terms §10 for what we retain and for how long. Email [email protected].

GDPR (EU/EEA and UK users)

If you are in the EU/EEA or UK, the General Data Protection Regulation (GDPR) applies to our processing of your personal data. Newsmind is the data controller; contact [email protected].

Legal bases

• Contract (Art. 6(1)(b)) — account data, subscriptions, read state, and article storage are processed to provide the service you signed up for.
• Legitimate interest (Art. 6(1)(f)) — request metadata for rate-limiting, abuse prevention, and debugging.
• Legal obligation (Art. 6(1)(c)) — billing records retained as required by tax law (held by Stripe).

Your GDPR rights

• Access & portability — export your subscriptions via export_opml, or email us for a full copy of your personal data in a machine-readable format.
• Erasure — delete your account self-service from the account page; this removes your account data, subscriptions, read state, and access tokens.
• Rectification — to correct your account data, email us at [email protected].
• Restriction & objection — email us and we will respond within 30 days.
• Complaint — you may lodge a complaint with your local supervisory authority.

Storage, transfers & retention

Data is processed by the sub-processors listed above, which are based in the United States and rely on Standard Contractual Clauses and/or the EU–US Data Privacy Framework for international transfers. Article content is retained on a rolling window (30 days on Pro, 90 days on Max); account data is kept until you delete your account. See Terms §10.

Contact

Questions about this policy: [email protected]