Privacy Policy

How Newsdrop handles your data

Last updated: November 14, 2025

Newsdrop gives you a dedicated inbox for newsletters and delivers AI-generated digests so you can keep up without drowning in email. This policy explains what data we collect while providing that service, why we process it, and the choices you have.

Data We Collect

Account and profile

  • Name, primary email address, and password (hashed using modern algorithms).
  • Your Newsdrop username, timezone, digest cadence, and notification preferences.
  • Google account ID when you sign up with Google.

Billing

  • Subscription status, plan, invoices, and tax details managed through Stripe.
  • We never store full payment card numbers—Stripe handles them on our behalf.

Newsletter content sent to Newsdrop addresses

  • Messages delivered to your dedicated Newsdrop inbox address (for example username@inbox.newsdrop.io) via Mailgun, including sender, subject, headers, HTML and text bodies, and delivery timestamps.
  • Newsletter labels, folders, and read/unread state you set in the app.
  • Digest entries that reference specific newsletter emails.

Gmail import data (optional)

When you connect Gmail to backfill past newsletters:

  • We request Google’s Gmail.readonly scope and store a refresh token so we can import newsletters in the background.
  • We only ingest messages that match the senders you select. Other mail is ignored.
  • We store imported messages the same way as emails delivered directly to Newsdrop.

Gmail access is automatically revoked once the import completes. You may also revoke access at any time from your Google Account settings. When access is revoked we delete the stored refresh token.

Generated digests and metadata

  • AI summaries, topics, and highlights generated from your newsletters.
  • Internal metrics, error logs, and delivery events that help us keep digests accurate.

Usage and analytics

  • Device, browser, and IP information captured by our privacy-friendly analytics provider (Umami) to understand site performance.
  • Basic product telemetry (feature usage, button clicks) that helps us improve onboarding and digest quality. We do not build behavioral advertising profiles.

How We Use Your Data

  1. Deliver, classify, and store newsletters sent to your Newsdrop address.
  2. Generate AI-powered digests and allow you to search past newsletters.
  3. Provide optional Gmail backfill so you can import historical newsletters.
  4. Detect abuse and secure the platform.
  5. Process payments, trials, and refunds using Stripe.
  6. Provide customer support and respond to requests.
  7. Analyze aggregate usage to improve reliability and usability.

AI Summarization & Classification

To produce digests and identify newsletters, we send the relevant portions of your emails to AI providers such as OpenAI or Groq. We only send the content required to generate the requested summary or classification. Providers act as processors and are contractually prohibited from training on Newsdrop data.

Third-Party Processors

  • Mailgun – receives newsletters sent to your Newsdrop address and forwards them to our infrastructure.
  • Google (Gmail API) – optional read-only connection that lets you backfill newsletters from Gmail.
  • Stripe – billing, payments, invoicing, and tax calculations.
  • OpenAI – generate summaries and classifications of newsletter content.

Each provider only receives the data needed to perform its role, and we review their security and privacy commitments.

Data Retention

  • Newsletter emails, digests, and metadata stay in your account until you delete them or delete your Newsdrop account.
  • Gmail refresh tokens are removed immediately when you disconnect Gmail.
  • Billing records are retained for up to seven years to comply with financial regulations.
  • Backups containing your data are encrypted and rotated on a rolling schedule of up to 35 days.

Your Choices & Rights

  • Access or export your newsletters and digests at any time from the app.
  • Delete newsletters, newsletters backfills, or your entire account (which removes all associated content from active systems and upcoming digests).
  • Disconnect Gmail access from Newsdrop or through Google’s security center.
  • Opt out of marketing messages; we only send product and billing emails needed to operate your account.
  • If you live in a region with data protection laws (GDPR, CCPA, etc.), you can request copies, corrections, or deletion by contacting us.

Security

  • All traffic to Newsdrop uses HTTPS/TLS.
  • Passwords are hashed and never stored in plain text.
  • Access to production systems is restricted, audited, and protected by multi-factor authentication.
  • We continuously monitor for suspicious activity and keep our dependencies patched.

Children’s Privacy

Newsdrop is not directed to children under 16, and we do not knowingly collect data from them. If you believe a minor has created an account, please contact us so we can remove the data.

Changes to This Policy

We will update this document when we make material changes and will post the new effective date above. Significant changes will be communicated via email or in-product notice.

Contact Us

Questions about privacy or data requests? Email us at hi@aron.codes.