Back

Privacy Policy

Last updated: 2026-04-21

Who we are

Readit ("we", "us") is operated by Mahmoud Alwadia. If you have questions or want to exercise your rights under GDPR, email us at [email protected].

What we collect, and why

We collect the minimum required to run the service:

  • Account data - your email address, display name, and profile image from your Google account. Used to authenticate you and display your name inside the app. Legal basis: contract (Art. 6(1)(b) GDPR).
  • Content you save - the URLs and parsed text of articles you save, tags you apply, collections you build, your reading activity. Used to provide the core product. Legal basis: contract.
  • Usage data - minimal logs (timestamps, endpoint, HTTP status) for debugging and abuse prevention. No third-party analytics unless you accept the cookie banner. Legal basis: legitimate interest (Art. 6(1)(f)).
  • Billing data (Pro users only) - handled by Stripe. We store your Stripe customer ID and subscription status; we never store card details. Legal basis: contract.

How long we keep it

  • Account + content: until you delete your account.
  • Logs: 30 days, then rotated.
  • Billing records: 10 years (German tax law: AO § 147).
  • Database backups: 30 days rolling.

Who else sees your data (subprocessors)

  • Hetzner Online GmbH (Germany) - our VPS host. Stores the database and application files.
  • Google LLC - OAuth sign-in. Your email and profile come from Google when you log in.
  • Google (Gemini API) - Pro users' article summaries, auto-tags, and embeddings are sent to Gemini for generation. We send the article content; Gemini doesn't receive your email.
  • Stripe Payments Europe, Limited (Ireland) - payment processing for Pro subscriptions. We send your email, country, and subscription status.
  • Microsoft - text-to-speech audio is generated via Microsoft Edge's public TTS endpoint. We send the article text; no account info.
  • OpenAI (Pro users only, if premium voices are selected) - text-to-speech. We send the article text.
  • Sentry (EU region) - error tracking. Crash reports include the path and error message; we redact user input.
  • PostHog (EU region, optional) - product analytics. Only loaded after you accept the cookie banner.

Your rights under GDPR

You have the right to:

  • Access - download everything we hold about you. Settings → Data & Account → Export my data.
  • Deletion - wipe your account and all data. Settings → Data & Account → Delete my account. This is immediate and irreversible.
  • Correction - edit your profile directly, or email us.
  • Portability - the export is a machine-readable JSON you can load elsewhere.
  • Objection - you can disable analytics at any time by revoking cookie consent.
  • Complaint - lodge a complaint with your local data protection authority. In Germany, that's the Datenschutzkonferenz.

Cookies

We set a single essential cookie to keep you signed in (session cookie). No tracking, marketing, or analytics cookies are set until you opt in via the cookie banner. Opting out at any time removes any set analytics cookies.

Children

Readit is not directed at users under 16 and we don't knowingly collect their data.

Changes

We'll post material changes to this page with a new "last updated" date. Major changes affecting your rights will be emailed to you directly.

Contact

Questions? Privacy requests? [email protected].