Privacy Policy
Last updated: 2026-06-26
Chrome Extension — Data disclosure
The Readden browser extension reads the URL and page content of the active browser tab only when you explicitly save an article. It does not run in the background, does not read your browsing history, and does not collect data from pages you have not actively chosen to save.
Data captured per saved article: page URL, page title, extracted article text, and an HTML snapshot. This data is stored in your Readden account and used solely to provide the read-later service.
1. Controller / Responsible party
The data controller for this service is:
mediapulsTimo Haldi (sole proprietor)
Winterthur, Switzerland
E-mail: hello@readden.app
2. Data we collect and why
Account data
When you sign in with Google OAuth, we receive your e-mail address and display name from Google. We store only your e-mail address to identify your account. We do not store your Google password.
Legal basis: performance of a contract (GDPR Art. 6(1)(b)); revDSG Art. 31(2)(a).
Article library
We store the URLs, titles, extracted article text, and HTML snapshots of articles you save. This data is the core of the service you signed up for.
Legal basis: performance of a contract (GDPR Art. 6(1)(b)); revDSG Art. 31(2)(a).
Reading state
We track which articles you have read or archived so we can sync your reading state across devices.
Legal basis: performance of a contract (GDPR Art. 6(1)(b)).
Subscription status
We store your subscription plan and status to gate access to paid features. Payment details (card numbers, etc.) are handled exclusively by our billing partner Polar.sh — we do not see or store them.
Legal basis: performance of a contract (GDPR Art. 6(1)(b)).
Usage analytics
We use PostHog (EU region) to collect aggregated product analytics (feature usage, session counts). PostHog does not receive your article content. You can opt out via your account settings.
Legal basis: legitimate interest in improving the product (GDPR Art. 6(1)(f)); revDSG Art. 31(2)(b). Swiss users: additional consent layer may be required — confirm with lawyer.
3. Sub-processors (third parties receiving data)
| Processor | Purpose | Data location | Data shared |
|---|---|---|---|
| Convex | Database, file storage, authentication backend | EU (eu-west-1) | Account data, article library, reading state |
| Vercel | Web hosting, CDN, serverless functions | EU / global edge | Server request logs (IP, user-agent) |
| Polar.sh | Billing, subscription management, EU VAT (Merchant of Record) | EU | E-mail address, subscription data, payment details (Polar only) |
| Resend | Transactional email, article digest emails | EU | E-mail address, article titles (in digest) |
| PostHog | Product analytics | EU | Pseudonymised usage events (no article content) |
| OAuth sign-in | Global (Google infrastructure) | E-mail address, display name (received from Google on sign-in) |
We have (or will enter into) Data Processing Agreements with each sub-processor listed above before we process personal data through them.
4. Retention
We retain your account data and article library for as long as you maintain an active account. If you delete your account, all personal data is deleted within 30 days from our live databases and within 90 days from backups.
Server logs (Vercel) are retained for 30 days. Analytics data (PostHog) is retained for 12 months.
5. Your rights
Under GDPR and the Swiss revDSG you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure ("right to be forgotten") — request deletion of your data.
- Portability — receive your data in a machine-readable format.
- Object / withdraw consent — object to processing based on legitimate interest, or withdraw consent where consent is the legal basis.
- Restriction — ask us to restrict processing while a dispute is resolved.
To exercise any right, e-mail us at hello@readden.app. We will respond within 30 days.
You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if you are an EU resident, with your local supervisory authority.
6. International data transfers
Most data is processed in the EU (Convex eu-west-1, PostHog EU, Polar.sh EU, Resend EU). Vercel uses a global CDN; server-side processing occurs in EU regions where possible.
Google (OAuth) may process your e-mail address and display name outside the EU/EEA under Google's standard contractual clauses. The EU Commission has not issued an adequacy decision for the US, but Google's SCCs provide an appropriate safeguard.
7. Contact
For privacy questions or data requests: hello@readden.app
This document is a starting point and has not been reviewed by a lawyer. Do not rely on it as legal advice.