Privacy policy

Press and Penny is a reading product, not an advertising product. We collect what an account and an email subscription need to work — your email address, your notification choices, and lightweight usage signals — and nothing is sold or shared for advertising. You can unsubscribe in one click and delete your account yourself, any time.

• Account details.Your email address, an optional display name, and — if you sign up with a password — a hash of it (we never see or store the password itself). If you sign in with Google or Apple, we receive your email and name from them; with Apple’s Hide My Email, we store the private relay address Apple gives us.
• Email preferences and consent. Which editions you asked for (daily, weekly, monthly) and when you chose them. You only receive email you explicitly opted into, after verifying your address.
• Email delivery records. For each edition we send: whether it was delivered, opened, or a link was clicked. This tells us whether the email is working — it is not used to build profiles.
• Site usage. Aggregate, lightweight events such as page views and article clicks. No advertising trackers, no cross-site tracking, no sale of data.
• Error and security signals. Technical error reports when something breaks, and a bot-protection check at signup.

To operate the product: deliver the editions you subscribed to, keep your account secure, fix what breaks, and understand — in aggregate — what readers find useful. That’s the list. We do not sell personal information, and we do not share it with third parties except the service providers below.

Press and Penny runs on a small set of infrastructure providers, each processing data only to provide their service to us:

• Supabase — database, authentication, and file storage (accounts and content live here).
• Vercel — website hosting.
• Resend — email sending and delivery tracking.
• Sentry — error monitoring.
• Cloudflare Turnstile — bot protection on signup.

We use cookies for one thing: keeping you signed in (an authentication session). There are no advertising or cross-site tracking cookies.

Every digest email includes a one-click unsubscribe link that works without signing in, plus a link to manage preferences. Your mail app’s native “unsubscribe” button works too. Verification is required before anything is sent, and turning an edition off takes effect immediately.

Your data lives as long as your account does. Deleting your account — available self-serve from your account page — removes you from all email lists immediately and deletes your account records. Minimal send-history rows (which address an edition went to) are kept for a limited period as evidence of compliance with anti-spam law, then purged.

Wherever you live, we honor requests to access, correct, export, or delete your personal information. If you’re in the EU/UK or California, these map to your GDPR and CCPA rights — email us and we’ll handle it; deletion and preference changes you can do yourself without asking.

Press and Penny is not directed at children and we do not knowingly collect personal information from anyone under 13. If you believe a child has created an account, contact us and we’ll delete it.

If this policy changes in a way that matters, we’ll say so plainly — on this page and, for significant changes, by email to subscribers — before the change takes effect.

Questions, requests, or concerns about privacy: write to us and a person will answer.