01 · overview
OutOfToken ("we", "our", "the service") is an AI-powered technology news aggregator. This Privacy Policy explains what data we collect, how we use it, and your rights. By using OutOfToken you agree to the practices described here.
02 · data we collect
- Account data — when you sign in with Google we receive your name, email address, and profile picture from Google OAuth.
- Newsletter subscription — if you subscribe we store your email address and a unique unsubscribe token.
- Comments — comments you post are stored alongside your display name and avatar.
- Usage signals — we may log article views and category follows to personalise your feed. No third-party analytics SDK is embedded.
- Cookies — we use a single session cookie for authentication (NextAuth). No advertising or tracking cookies are set.
03 · how we use your data
- Authenticate you and maintain your session.
- Send the daily AI digest email you subscribed to.
- Display your name and avatar next to comments you post.
- Improve article curation and feed personalisation.
We do
not sell, rent, or share your personal data with third parties for advertising purposes.
04 · third-party services
To operate the service, OutOfToken works with the following categories of third-party providers. Each operates under its own privacy policy and data practices.
- Authentication providers — used to verify your identity when you sign in. We receive only the profile information you have made available through that provider.
- Email delivery services — used to send transactional messages (e.g. password resets, digest emails). Your email address is shared only to the extent necessary for delivery.
- AI processing services — used to analyse, summarise, and generate article content. Article text may be processed by these services; no personally identifiable information is included in those requests.
- Content and media providers — used to source imagery displayed alongside articles. Images are served via CDN; no personal data is exchanged.
- Cloud infrastructure providers — used for web hosting, database storage, and application deployment. Data is stored in encrypted form within secure cloud environments.
We do not share your personal data with any of these providers beyond what is strictly necessary to deliver the service.
05 · data retention
- Account and comment data is retained while your account is active.
- Newsletter subscriptions are retained until you unsubscribe via the link in any email.
- You may request deletion of your data at any time by emailing us (see § 08).
06 · security
All data is transmitted over HTTPS. Database credentials and API keys are stored as encrypted environment variables and never exposed client-side. We follow industry-standard practices for access control and secret rotation.
07 · children
OutOfToken is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us and we will delete it promptly.
08 · your rights
Depending on your jurisdiction you may have the right to access, correct, port, or delete your personal data. To exercise any of these rights, or to ask questions about this policy, contact us at:
privacy@outoftoken.com
09 · changes
We may update this policy from time to time. Material changes will be announced on the site. Continued use of OutOfToken after changes take effect constitutes acceptance of the updated policy.