OpenReadr

Privacy policy

Last updated: 2026-05-14

Who runs this service

This instance of OpenReadr is operated by Compunext. Contact: privacy@openreadr.com.

What data we store

  • Your email address and (optionally) display name.
  • Your password — stored only as an Argon2id hash, never in plain text.
  • If you use the avatar feature: the uploaded image, otherwise we use Gravatar (which derives an identicon from a hash of your email).
  • Your last sign-in time, IP address, and browser User-Agent — used for displaying "last seen" in admin and to detect suspicious sign-ins.
  • Your application data: feeds you add, articles fetched on your behalf, tags, alerts, channels, saved searches, notifications. All of this is strictly scoped to your account.
  • A security audit log of authentication and administrative events (login success/failure, password changes, 2FA actions, admin actions). Each entry records the actor, target, IP, User-Agent, and timestamp.

Where the data lives

All data is stored in a single SQLite database on the server that hosts this instance. The database is not shared with third parties. Backups, if any, are made by the operator.

Third parties

By default, no data is sent to third parties. You may explicitly connect optional services:

  • SMTP provider — only used to send transactional mail (account verification, password reset, alert notifications you configured).
  • Webhook endpoints — only triggered for alerts you configured.
  • LLM API (Anthropic / OpenAI) — only invoked for features you explicitly use.
  • Gravatar — your email's MD5 hash is sent to gravatar.com when no avatar is uploaded; this is industry-standard but you can disable it by uploading any avatar.

Cookies

We use only strictly functional cookies (session + remember-me). No analytics, no tracking, no third-party cookies. Details on the cookies page.

Your rights

  • Access — view all your data in the app itself or export it as JSON from your profile.
  • Correction — update your email, name, password, and 2FA from your profile.
  • Erasure — delete your account from your profile. This removes all your data via cascade.
  • Portability — export your settings as JSON.
  • Objection / complaint — contact us, or the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Retention

Account data is kept as long as your account exists. When you delete your account, all associated rows are removed within the same database transaction. Audit-log entries that reference you are kept for security purposes but the actor/target fields are nulled out.

Security

Passwords are hashed with Argon2id and individually salted. Two-factor authentication is available. Sign-ins on a new IP or browser trigger a notification email. Failed-login lockout prevents brute force. All traffic is served over HTTPS in production.

Changes to this policy

Material changes are noted at the top of this page with the updated date. Substantive changes will be communicated by email.

Back to sign in