← Readden

Privacy Policy

Last updated: 2026-06-26

Chrome Extension — Data disclosure

The Readden browser extension reads the URL and page content of the active browser tab only when you explicitly save an article. It does not run in the background, does not read your browsing history, and does not collect data from pages you have not actively chosen to save.

Data captured per saved article: page URL, page title, extracted article text, and an HTML snapshot. This data is stored in your Readden account and used solely to provide the read-later service.

1. Controller / Responsible party

The data controller for this service is:

mediapuls
Timo Haldi (sole proprietor)
Winterthur, Switzerland
E-mail: hello@readden.app

2. Data we collect and why

Account data

When you sign in with Google OAuth, we receive your e-mail address and display name from Google. We store only your e-mail address to identify your account. We do not store your Google password.

Legal basis: performance of a contract (GDPR Art. 6(1)(b)); revDSG Art. 31(2)(a).

Article library

We store the URLs, titles, extracted article text, and HTML snapshots of articles you save. This data is the core of the service you signed up for.

Legal basis: performance of a contract (GDPR Art. 6(1)(b)); revDSG Art. 31(2)(a).

Reading state

We track which articles you have read or archived so we can sync your reading state across devices.

Legal basis: performance of a contract (GDPR Art. 6(1)(b)).

Subscription status

We store your subscription plan and status to gate access to paid features. Payment details (card numbers, etc.) are handled exclusively by our billing partner Polar.sh — we do not see or store them.

Legal basis: performance of a contract (GDPR Art. 6(1)(b)).

Usage analytics

We use PostHog (EU region) to collect aggregated product analytics (feature usage, session counts). PostHog does not receive your article content. You can opt out via your account settings.

Legal basis: legitimate interest in improving the product (GDPR Art. 6(1)(f)); revDSG Art. 31(2)(b). Swiss users: additional consent layer may be required — confirm with lawyer.

3. Sub-processors (third parties receiving data)

Processor Purpose Data location Data shared
Convex Database, file storage, authentication backend EU (eu-west-1) Account data, article library, reading state
Vercel Web hosting, CDN, serverless functions EU / global edge Server request logs (IP, user-agent)
Polar.sh Billing, subscription management, EU VAT (Merchant of Record) EU E-mail address, subscription data, payment details (Polar only)
Resend Transactional email, article digest emails EU E-mail address, article titles (in digest)
PostHog Product analytics EU Pseudonymised usage events (no article content)
Google OAuth sign-in Global (Google infrastructure) E-mail address, display name (received from Google on sign-in)

We have (or will enter into) Data Processing Agreements with each sub-processor listed above before we process personal data through them.

4. Retention

We retain your account data and article library for as long as you maintain an active account. If you delete your account, all personal data is deleted within 30 days from our live databases and within 90 days from backups.

Server logs (Vercel) are retained for 30 days. Analytics data (PostHog) is retained for 12 months.

5. Your rights

Under GDPR and the Swiss revDSG you have the right to:

To exercise any right, e-mail us at hello@readden.app. We will respond within 30 days.

You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if you are an EU resident, with your local supervisory authority.

6. International data transfers

Most data is processed in the EU (Convex eu-west-1, PostHog EU, Polar.sh EU, Resend EU). Vercel uses a global CDN; server-side processing occurs in EU regions where possible.

Google (OAuth) may process your e-mail address and display name outside the EU/EEA under Google's standard contractual clauses. The EU Commission has not issued an adequacy decision for the US, but Google's SCCs provide an appropriate safeguard.

7. Contact

For privacy questions or data requests: hello@readden.app

This document is a starting point and has not been reviewed by a lawyer. Do not rely on it as legal advice.