NewsBriefly AI
Sign inGet NewsBriefly AI

Privacy Policy

Effective May 10, 2026

This Privacy Policy explains how NewsBriefly AI ("NewsBriefly", "we", "our", or "the Service") collects, uses, discloses, and protects information when you use newsbrieflyai.com and related web applications.

NewsBriefly AI is an independent project operated by Santosh Pandey, an individual sole proprietor based in Kathmandu, Nepal("the Operator", "we", "us").

1. Information we collect

1.1 Account information

When you create an account, we collect:

  • Your email address.
  • Your display name and avatar URL (if you sign in with Google).
  • A salted Argon2 hash of your password (only if you choose to set one). We never store your password in plain text.
  • Authentication metadata (sign-in providers used, email verification state, last sign-in time).

1.2 Gmail data (restricted scope)

When you connect a Gmail account, NewsBriefly requests the https://www.googleapis.com/auth/gmail.readonly scope. We use this scope to:

  • Read messages from senders you have explicitly approved in the app.
  • Detect new messages from those senders via Gmail Push Notifications (Google Pub/Sub) and/or a 15-minute polling fallback.

We store an encrypted (Fernet, AES-128-CBC + HMAC-SHA256) Google OAuth refresh token so we can continue reading new messages from approved senders without prompting you again.

We do not read messages from senders you have not approved. We do not send, modify, or delete email on your behalf. We do not request the gmail.send, gmail.modify, or any other write-capable scope.

1.3 Email and article content

For each approved-sender email we ingest, we store:

  • The raw HTML of the email in encrypted Cloudflare R2 object storage (private, 90-day expiry).
  • The sender, subject, and received timestamp in our PostgreSQL database.
  • Extracted article content (Markdown), AI-generated summaries, key points, topic tags, importance scores, and provider-agnostic embeddings.

1.4 Usage data

We record limited interaction data to power your feed and improve the product:

  • Which articles you opened, saved, or liked, and when.
  • Approximate read duration per article (in seconds).
  • Daily counts of articles processed for quota enforcement.

1.5 Billing data

If you subscribe to a paid plan, payments are processed by Stripe. We store your Stripe Customer ID, subscription ID, plan, status, trial end, and current period end. We never see or store your card number, CVV, or full payment details — those are held by Stripe.

2. How we use your information — Google API Limited Use

NewsBriefly AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, data obtained through Google APIs is used only to:

  • Display newsletter content and AI-generated summaries to you in the app.
  • Provide search, save, related-article, and notification features that you have requested.

We will never:

  • Transfer Gmail data to others, except as needed to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.
  • Use Gmail data to serve advertisements, including retargeting, personalized, or interest-based advertising.
  • Allow humans to read your Gmail data, unless: (a) we have your explicit consent for specific messages, (b) it is necessary for security purposes such as investigating abuse, (c) it is required by law, or (d) the data is aggregated and used for internal operations.
  • Use your Gmail data, article content, or any data derived from Gmail to train, fine-tune, or improve generalized AI or machine learning models.

3. AI processing

To produce summaries, key points, topic tags, importance scores, and embeddings, NewsBriefly sends extracted article content to one of the following AI providers, depending on configuration:

  • Anthropic (Claude API)
  • OpenAI (GPT and embeddings APIs)
  • Self-hosted Ollama (local inference, no third-party transfer)

These providers act as data processors. We send only the article content needed to perform the requested task, and we have configured them so submitted data is not used to train their models. Provider sub-processors are listed in our public sub-processor list (contact us for the current version).

4. How we share information

We do not sell your personal data. We share data only with:

  • Service providers acting as data processors: Cloudflare (R2 storage, CDN), Stripe (payments), Resend (transactional email), and the AI providers listed above.
  • Law enforcement or regulators when required by valid legal process.
  • A successor entity in a merger, acquisition, or sale of assets, with prior notice to you.

5. Data retention

  • Raw email HTML in R2: deleted automatically 90 days after ingestion.
  • Extracted article Markdown, summaries, and metadata: kept until you delete your account.
  • Account, billing, and authentication records: kept until you delete your account, then purged within 30 days.
  • Backup copies are rotated within 30 days of primary deletion.

6. Your rights

You may, at any time:

  • Export all your data as a ZIP archive from Settings → Account → Export, or via GET /users/me/export.
  • Delete your account and all associated data from Settings → Danger Zone → Delete account. This also revokes our Google OAuth tokens at Google's revoke endpoint.
  • Disconnect Gmail at any time without deleting your account, from Settings → Gmail.
  • Revoke our access directly from your Google Account at myaccount.google.com/permissions.
  • Request access, correction, restriction, or portability of your personal data by emailing privacy@newsbrieflyai.com. We respond within 30 days.
  • If you are in the EU/EEA or UK, lodge a complaint with your local data protection authority.

7. Security

Refresh tokens are encrypted at rest with Fernet. Passwords are stored as Argon2 hashes. All traffic uses TLS 1.2+. We restrict production access to authorised personnel using role-based access controls. See our Security page for more.

8. Children

NewsBriefly AI is not directed to children under 13 (or under 16 in the EU/EEA). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact privacy@newsbrieflyai.com and we will delete it.

9. International transfers

The Operator is based in Nepal. Our infrastructure and sub-processors are primarily located in the United States and the European Union. If you access the Service from outside these regions, your data will be transferred to and processed there. Where required by EU/EEA law, we rely on Standard Contractual Clauses with our sub-processors.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via email and at the top of this page at least 14 days before they take effect.

11. Contact

Privacy & data requests: privacy@newsbrieflyai.com
General support: support@newsbrieflyai.com
Postal: Santosh Pandey, Tarkeshwor 6, Kathmandu, Nepal