Privacy Policy

1. Introduction

Nowline ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our website, APIs, RSS feeds, and related services (collectively, the "Service").

2. Information We Collect

We collect the following information:

• Account Information: Email address, name, and profile image via Google Sign-In (OAuth).
• API Keys: Cryptographic keys generated at your request for RSS feed access. Keys are stored as SHA-256 hashes; the original key is shown only once at creation.
• Usage Data: Pages visited, features used, API key usage timestamps, and other service usage information collected via Google Analytics.
• Settings: Notification preferences, interested categories, and keywords.

3. How We Use Your Information

We use the collected information for:

• Providing and improving our trend intelligence service
• Authenticating your identity and managing your account
• Enabling API key-based access to RSS feeds
• Sending onboarding emails (welcome email upon sign-up, one follow-up email 3 days later)
• Sending administrative notifications about new sign-ups to service administrators
• Analyzing usage patterns to enhance user experience
• Communicating important service updates

4. Third-Party Services

We use the following third-party services that may process your data:

• Google OAuth: For authentication (email, name, profile image)
• Google Analytics: For anonymized usage analytics
• Google Gemini: For AI embeddings and content analysis (no personal data sent)
• Groq: For AI content generation and summarization (no personal data sent)
• Cloudflare: For hosting (Workers), content delivery (CDN), data storage (KV, R2), and email routing
• Turso: For user account and API key storage (SQLite-based cloud database)
• Resend: For transactional email delivery (welcome, onboarding, admin notifications)

5. Data Storage and Retention

Account data is stored in Turso (cloud SQLite database). API keys are stored as irreversible SHA-256 hashes. Session data uses JWT tokens stored in browser cookies. We retain your account data until you delete your account. You may delete your account and all associated data (including API keys) at any time through the Settings page.

6. Data Security

We implement appropriate security measures to prevent unauthorized access, alteration, disclosure, or destruction of your personal data. API keys are hashed before storage. Authentication uses industry-standard OAuth 2.0 and JWT tokens. However, no data transmission over the internet can be guaranteed to be 100% secure.

7. AI Processing

Our AI features (trend analysis, content summarization, viral prediction, style recommendations) process publicly available news and social media data. We do not send your personal information to AI services. AI-generated content is derived from public data sources and does not contain or reference user personal data.

8. Your Rights

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Delete your account and all associated data via the Settings page
• Revoke API keys at any time
• Withdraw your consent by deleting your account

9. Cookies

We use essential cookies for authentication (session JWT token) and session management. We also use Google Analytics cookies to understand website usage patterns. No advertising or tracking cookies are used beyond Google Analytics.

10. Email Communications

We send a maximum of two automated emails: a welcome email upon your first sign-in, and one follow-up email 3 days later if you have not yet created an API key. We do not send marketing emails, newsletters, or promotional content. Service administrators receive notifications about new user registrations.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. Material changes will be communicated through the Service or via email.