Privacy Policy
The short version
- We don't sell your data. Not now, not ever.
- We collect your email if you join the waitlist. That's it for the website.
- Inside the app, we collect swipe history so the algorithm can pick tomorrow's five. We use the minimum needed.
- We use a small set of analytics + ad-attribution providers (Apple ATT, Meta, Firebase, Amplitude, AppStack). You'll be asked before anything tracks you across apps.
- Email hello@nwsly.co to request deletion of your data.
1. Who we are
"nwsly" refers to nwsly, Inc. ("we," "us," "our"). nwsly is a daily news app that delivers five AI-analyzed briefs every morning — three national, one local, one state. Our website is nwsly.co. You can reach us at hello@nwsly.co.
2. What we collect
On the website (nwsly.co)
- Waitlist email. When you sign up, we store your email address, the timestamp of the signup, and the IP address + user agent the request came from (for abuse detection).
- Local storage. If you sign up successfully, we set a
nws.signedUpflag in your browser's localStorage so the locked "fifth story" on the homepage unlocks for you on subsequent visits. This is entirely local — nothing is sent back to us. - Server logs. Standard HTTP request logs (URL, status, IP, user agent, timestamp). Retained for 30 days for security and debugging.
Inside the iOS / Android app (post-launch)
- Swipe history. Right/left/up/down swipes on each daily card. Used to pick tomorrow's five.
- Followed topics and saved stories. Stored on your device. Synced to your iCloud / Google account if you opt in.
- Subscription state. Whether you have nwsly+. We never see your card number — that's handled by Apple and Google.
- Device identifiers and ad attribution data. Only with your explicit consent via Apple's App Tracking Transparency prompt. Without consent, we cannot link your usage to ad campaigns.
- Crash reports and product analytics. Aggregated app-event data through Firebase Analytics and Amplitude. Used to fix bugs and decide what to build next.
3. What we do NOT collect
- Your card number, bank info, or payment credentials. App Store / Play Store handle billing.
- Your contacts, photos, microphone, or location.
- The full text of articles you read on external sources — we link out, we don't scrape your reading on the open web.
4. What we will NEVER do
- We will never sell your data. Not to advertisers, data brokers, or anyone else. nwsly+ subscriptions are the entire business — we have no incentive to monetize you instead of serve you.
- We will never show you ads inside the app. The in-app experience is ad-free. (We do run paid acquisition campaigns on Meta, Google, and similar platforms — that's how some users find us — but no ad will ever appear inside nwsly itself.)
- We will never pipe your reading habits into ad-targeting networks. What you read on nwsly stays on nwsly. The ad-attribution SDKs above measure which campaign brought you here; they do not export your in-app behavior as ad-targeting signal.
- We will never use your swipes to train an external AI model. Our recommendation model runs on your behalf. Our AI provider processes the published news articles we send to it; we do not send your personal data or swipe history.
5. How we use what we collect
- To deliver the product. Swipes shape your daily five. Topics filter the candidate pool. Subscription state unlocks nwsly+ features (source bias ratings + unlimited additional stories).
- To send you launch news. The waitlist gets one email when the iOS and Android apps go live. Maybe two if there's a meaningful follow-up. Nothing else.
- To measure ads (only with consent). If you tapped a Meta or Google ad to get here, our ad-attribution providers tell us which ad worked. This is opt-in via Apple ATT.
- To improve the product. Aggregated analytics show us which features people use and where they get stuck.
- To prevent abuse. IP + user-agent on the waitlist signup row helps us spot bots.
6. Third parties we share data with
We use a small number of vendors to run the service. Each one is contractually limited to processing data on our behalf — they cannot use it for their own purposes.
- Fly.io — application hosting (server logs).
- Vercel — website hosting (request logs).
- AI model provider — large-language-model API for synthesizing daily briefs from public news content (no user data passed to the model).
- Apple App Store / Google Play — billing for nwsly+ subscriptions.
- Resend — sends the waitlist launch email.
- Firebase Analytics, Amplitude, AppStack, Meta Ads — measurement and ad-attribution inside the iOS / Android apps. Each is opt-in via Apple ATT or the Android equivalent.
7. Your rights
- Access: Email hello@nwsly.co and we'll send you a copy of everything we have tied to your email or device.
- Deletion: Same address — we'll delete your account and waitlist entry within 30 days.
- Opt-out of ad tracking: Decline the App Tracking Transparency prompt on iOS, or the equivalent on Android.
- California (CCPA) and EU (GDPR) residents: You have additional rights — request portability, restriction, objection. Same email.
8. Cookies and similar technologies on nwsly.co
When you visit our website, we (and a small set of partners) may store or retrieve information on your device using cookies, localStorage, and similar technologies. We group these into four categories:
- Essential — required for the site to work (security, page navigation, remembering your language and your consent choice itself). Always on.
- Analytics — Google Analytics 4 (Consent Mode v2) and PostHog, plus our own first-party visit beacon. Tells us which pages and tools people use so we can improve them.
- Targeted Advertising — Meta, TikTok and Google Ads pixels used to measure ad-campaign effectiveness on landing pages.
- Personalization — remembers preferences such as your edition and language.
You can change your choice at any time via the Cookies link in the bottom-left of any page, or right here:
8.1 Regional behaviour
We detect your country (and US state where applicable) at page load via our own edge endpoint /api/geo and apply the framework that matches your jurisdiction:
- EU / EEA, United Kingdom, Switzerland, Brazil, Canada, South Africa, China. Opt-in model under GDPR, UK-GDPR, FADP, LGPD, PIPEDA, POPIA, and PIPL respectively. The Analytics, Targeted Advertising, and Personalization categories all start off; Google Analytics runs in Consent Mode v2 with every storage category denied until you opt in via the banner.
- United States — states with comprehensive consumer privacy laws (CCPA/CPRA in California; VCDPA in Virginia; and the equivalent laws of Colorado, Connecticut, Delaware, Florida, Iowa, Idaho, Indiana, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, and Utah). Opt-out model: Analytics and Personalization are on by default; you can opt out at any time. A Do Not Sell or Share My Personal Information link is shown in the bottom-left of every page; clicking it disables the Targeted Advertising category on this device. We also honour the Global Privacy Control signal as an automatic Do Not Sell / Share opt-out.
- Rest of world. Where no comprehensive data protection law applies, all categories are enabled by default. You can still manage your preferences from the Cookies link.
- Location undetermined. We fall back to the EU opt-in model — the strictest, safest default.
8.2 Your rights under US state laws
If you are a resident of a US state listed above, you have the right to: (i) know what personal information we have collected about you; (ii) request deletion of that information; (iii) correct inaccurate information; (iv) opt out of "sale" or "sharing" of personal information for cross-context behavioural advertising; (v) limit the use of sensitive personal information; and (vi) not be discriminated against for exercising any of these rights. Submit any request to hello@nwsly.co; we will respond within the statutory window applicable to your state (45 days in most cases).
9. Children
nwsly is intended for users 13 and older. We do not knowingly collect information from children under 13. If you believe we have, contact us and we'll delete it.
10. Retention
- Waitlist emails: kept until you unsubscribe or request deletion.
- In-app swipe history: kept while your account is active. Aggregated stats may be retained after account deletion in anonymized form.
- Server logs: 30 days.
11. Changes to this policy
We'll update this page when our practices change. Material changes will be announced in the app or via email to the waitlist. The "Last updated" date at the top reflects the current version.
12. Contact
Questions, requests, or complaints: hello@nwsly.co. We read every email.