Privacy

Last updated 2026-06-05. TL;DR — we collect what we need to deliver your digest. We don't track, syndicate, or sell anything else.

What we collect

Email + password — for your account, stored in Supabase (eu-central-1). Passwords are hashed by Supabase before they reach our database.
Reading preferences — the arXiv categories you subscribe to and the reader profile you pick. Used to render your digests.
Generated summaries + usage counts — every summary we make for you is stored so you can re-read it; daily counts power the Free-tier quota.
Payment metadata — if you upgrade to Pro, Stripe stores your card on their side and sends us your subscription state (active / cancelled / past_due). We never see your card number.

No analytics, no engagement tracking, no third-party pixels (Google Analytics, PostHog, Mixpanel, Plausible — none of them, including in emails).
No reading-time, no click-tracking on summary links.
No IP-based geolocation or device fingerprinting beyond what Vercel logs by default for security.
No selling, sharing, or syndicating of your reading profile to anyone.

5 flows

Five processors. Each handles one specific job. We don't add any analytics or marketing-stack processors.

Your browserSupabase Auth (EU)
via HTTPS
- Email
- Password (hashed)
- Session token
Account creation, login, session management
Your browserStripe Checkout (US + EU)
via HTTPS, Stripe-hosted
- Email
- Payment method (Stripe-side only)
Pro tier checkout and subscription management
DIGEST backendarXiv API (public)
via HTTPS
- Category code
- Date range
Fetch new papers — no user data is sent
DIGEST backendOpenRouter (US, multi-provider)
via HTTPS
- Paper abstract
- Profile-specific prompt
LLM-based summarisation — no user PII is attached to the call
DIGEST backendResend (US)
via HTTPS
- Recipient email
- Generated digest HTML
Daily / weekly newsletter delivery (Pro tier)

Under GDPR (and equivalent regimes), you have the right to access, correct, delete, restrict, port, or object to our processing of your data.

Access (§15) — your dashboard at /dashboard/history shows everything we've generated for you. For a full export, email hello@digest.ltd.
Rectification (§16) — update your email, name, default profile, or default categories in dashboard settings.
Erasure (§17) — email hello@digest.ltd from your account address with the subject "Delete my account". We respond within 30 days. Deletion removes your account, all summaries, and all usage records. Stripe records are retained per their statutory accounting requirements.
Portability (§20) — email request; we deliver JSON of your data.
Object (§21) — email; we stop the relevant processing.

We don't do any automated decision-making in the §22 sense — DIGEST generates content, it doesn't make decisions about you.

We set only the cookies that are strictly necessary for the product to work. No consent banner because no non-essential cookies.

sb-<project-ref>-auth-token — Supabase auth session, ~1 hour expiry, HttpOnly, SameSite=Lax. Refreshed automatically while you're logged in.
sb-<project-ref>-auth-token-code-verifier — Supabase PKCE flow, session-scoped, HttpOnly.
__stripe_mid + __stripe_sid — set by Stripe only on the checkout / customer portal pages (stripe.com domain). Fraud prevention.

No analytics, advertising, or social-media cookies.

All GDPR + privacy questions go to hello@digest.ltd. Acknowledgement within 5 business days; substantive response within 30 days per GDPR.