Legal

Privacy Policy

Effective June 11, 2026

1. Who We Are and Scope of This Policy

ReadGlim ("we", "us", "our") operates readglim.com, an AI-powered content intelligence platform. This Privacy Policy explains what personal data we collect when you use the Service, why we collect it, the lawful basis for each use, how long we keep it, who we share it with, and the rights you can exercise. By using the Service, you acknowledge this policy. If you do not agree, please do not use the Service.

2. Data We Collect and Why

Account Information

When you sign up via Google OAuth or email, we receive your name, email address, and profile picture through Clerk, our authentication provider. We store a user ID linked to your Clerk account. Lawful basis: performance of a contract (your account).

Interest Preferences

During onboarding and via your profile settings, you may select topic categories (e.g. AI Research, Developer Tools). These are stored to personalise your feed. Lawful basis: performance of a contract; your explicit action constitutes consent.

Interaction Events

We record events such as articles opened, bookmarks saved, topics browsed, and feed interactions. This data drives ranking improvements and personalisation. We use PostHog for product analytics; event data is transmitted to and stored on PostHog's infrastructure under a data-processing agreement. Lawful basis: legitimate interests (improving service quality). You may opt out — see Section 7.

Technical and Log Data

We collect standard server logs including IP address, browser type, device type, operating system, and referring URL for security monitoring and performance analysis. Logs are retained for a maximum of 30 days and then permanently deleted. Lawful basis: legitimate interests (security and stability).

Communications

If you contact us via email, we retain the content of that correspondence to respond to you and, where relevant, to improve the Service. Lawful basis: legitimate interests (responding to enquiries).

3. What We Do Not Collect

We do not collect payment card or banking information (we currently offer no paid tier).
We do not collect precise geolocation data.
We do not build advertising profiles or sell your data to third parties for any purpose.
We do not knowingly collect data from children under 13 (see Section 12).

4. Third-Party Sub-Processors

Clerk

Handles authentication. Stores your email address, OAuth tokens, and session data. Clerk acts as a data processor under a DPA. See clerk.com/privacy for details.

PostHog

Product analytics. Receives anonymised usage events tied to a pseudonymous identifier. We do not send your name or email to PostHog. You can opt out of PostHog tracking in your browser's Do Not Track settings. See posthog.com/privacy.

Neon (PostgreSQL on AWS)

Hosts our primary database. Your account data, preferences, bookmarks, and feed events are stored here. Data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Neon operates under a DPA with standard contractual clauses for cross-border transfers where applicable.

LLM API Provider(s)

We send article text to third-party large language model APIs to generate summaries. We do not transmit personally identifiable information (name, email, IP address) to these APIs. Article content is the property of its original publishers and is processed solely to generate informational summaries.

Vercel

Hosts the frontend. Processes HTTP requests and may log request metadata (IP, user-agent, response codes) in accordance with Vercel's privacy policy (vercel.com/legal/privacy-policy). Logs are short-lived and used for routing and DDoS mitigation only.

Resend

Handles transactional email delivery (account notifications, security alerts). We share only your email address with Resend for the purpose of sending a specific email. Resend does not use your data for its own marketing. See resend.com/privacy.

5. International Data Transfers

Our sub-processors (Clerk, PostHog, Neon, Vercel, Resend) may process your data outside your country of residence, including in the United States and the European Union. Where such transfers occur, we rely on the sub-processor's standard contractual clauses, adequacy decisions, or equivalent safeguards to ensure your data receives an appropriate level of protection. By using the Service, you consent to these transfers on the basis described above.

6. Data Retention

Account data

Retained while your account is active. On account deletion, your profile, preferences, and bookmarks are permanently deleted within 30 days.

Interaction events

Raw feed-event records are retained for 12 months. Aggregated, anonymised analytics derived from these events may be retained indefinitely.

Server logs

Purged after 30 days.

Email correspondence

Retained for up to 2 years for audit and dispute-resolution purposes, then deleted.

Backups

Database backups are retained for up to 35 days, after which they are automatically purged.

7. Cookies and Tracking Technologies

We use the following cookies: (a) Strictly necessary session cookies set by Clerk to authenticate you — these cannot be disabled without breaking the Service. (b) An analytics cookie set by PostHog to count unique users and sessions — this is a first-party cookie stored under readglim.com. We do not use advertising cookies, cross-site tracking pixels, or fingerprinting. You can opt out of analytics cookies by enabling Do Not Track in your browser or by clearing PostHog cookies.

8. Data Security

We apply industry-standard security controls: TLS 1.2+ for all data in transit; AES-256 encryption at rest for the primary database; role-based access controls that restrict employee access to production data to a need-to-know basis; automated dependency scanning for known vulnerabilities; and periodic review of third-party sub-processor security postures. No security measure is absolute. In the event of a data breach that is reasonably likely to result in a risk to your rights and freedoms, we will notify affected users by email within 72 hours of becoming aware, unless law enforcement requires us to delay notification.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data: access (receive a copy of data we hold about you); rectification (correct inaccurate data); erasure (delete your account and associated data); restriction (pause specific processing while a dispute is resolved); portability (receive your data in a machine-readable format); and objection (opt out of processing based on legitimate interests, including analytics). To exercise any right, email support@readglim.com with the subject line "Privacy Request — [Right You Are Exercising]". We will verify your identity and respond within 30 days. For complex requests we may extend by a further 30 days with notice.

10. Do Not Sell

We do not sell, rent, lease, or trade your personal data to any third party for monetary compensation or any other consideration. We share data with sub-processors solely to operate the Service as described in Section 4.

11. Changes to This Policy

We may update this policy periodically. When we do, we will revise the effective date at the top of this page. For material changes — such as new categories of data collected, new sub-processors, or changes to your rights — we will notify you by email and/or prominent in-app notice at least 7 days before the change takes effect. Continued use of the Service after the effective date of a revised policy constitutes acceptance.

12. Children's Privacy

The Service is not directed at, and we do not knowingly collect personal data from, children under 13 years of age (or the higher minimum age required by applicable law in your jurisdiction). If you believe a child has created an account or provided us their data, contact us immediately at support@readglim.com. We will verify the claim and delete any such data promptly.

13. Contact

For privacy questions, data subject requests, or concerns about our data practices, contact us at support@readglim.com. We aim to acknowledge all privacy enquiries within 2 business days and to resolve them within 30 days.