Privacy Policy

Last updated: May 26, 2026.

Back to app

Who controls your data

mread-it is a read-it-later and feed reader application. the deployment operator is the data controller for account data and saved reading data. For privacy requests, contact the support channel provided with this deployment.

Data we process

We process the data needed to run the service:

  • Account data, including email, optional name, password hash, account dates and API token status.
  • Saved reading data, including URLs, titles, excerpts, authors, images and reading state.
  • Feed data, including feed URLs, titles, fetch metadata and refresh errors.
  • Article cache data, including extracted HTML or Markdown when the reader fetches article content.
  • Local browser preferences, such as theme and reader display settings.
  • Security and operational logs, such as user id, item id, feed id, URLs, request errors and technical events.

Why we process data

  • To create and authenticate your account.
  • To save, display, search, export and delete your articles and feeds.
  • To refresh RSS/Atom feeds and fetch article content you request.
  • To secure the service, prevent abuse and diagnose failures.

Legal bases

Where GDPR applies, we rely on contract necessity to provide the service, legitimate interests for security and reliability, legal obligation where applicable, and consent only for optional features that require it. Where LGPD applies, we rely on equivalent legal bases including contract execution, legitimate interest, legal obligation and consent where needed.

Cookies and local storage

The app uses essential authentication cookies to keep you signed in. It also stores reader preferences in your browser local storage. These are used for service functionality, not advertising. If analytics, marketing or other non-essential trackers are added, they must be disabled until you consent.

Third parties

The service may use infrastructure providers for hosting, Postgres database storage and optional Cloudflare R2 image caching. It also contacts external websites when you add feeds, save pages, refresh feeds or proxy reader images. Data may be processed in the region configured by the deployment operator. Those external websites may receive network request data such as IP address and user agent.

Retention

Account, feed and saved item data is kept while your account exists. Deleted items are removed from the application database. Cached media may remain in infrastructure caches until cache expiry or deletion jobs remove it. Operational logs are retained as long as needed for security and reliability.

Your rights

Depending on your jurisdiction, you may request access, correction, portability, deletion, restriction, objection, information about data sharing and withdrawal of consent. The settings page provides data export and account deletion controls. For requests that are not covered by those controls, contact the support channel provided with this deployment.

Security

Passwords and extension API tokens are stored as hashes. API tokens are shown only when rotated and should be kept secret. Rotate your token from Settings if it may have been exposed.