Privacy & Data Handling
Last updated: February 2026 · Version 1.1
What we collect
| Data | Collected | Purpose |
|---|---|---|
| Email address | Yes | Account and newsletter delivery |
| Name | Yes (optional) | Email personalisation |
| Payment method | No — handled by Dodo Payments | Card data never reaches our servers |
| IP address | No | Not stored anywhere |
| User-agent / browser | No | Not stored anywhere |
| Referrer | No | Not stored anywhere |
| Geolocation | No | Not stored anywhere |
| Newsletter open event | Yes (boolean) | Open rate analytics. Deduped per newsletter. SET NULL on account deletion. |
| Article click event | Yes (boolean) | Click analytics. Rate-limited. SET NULL on account deletion. |
Email open & click tracking
Each newsletter email contains a 1×1 transparent tracking pixel. When your email client loads the image, we record that the newsletter was opened — but we record nothing else. No IP address, no device, no email client, no location.
Article links in the email route through our click-tracking proxy before redirecting you to the original source. We record which article was clicked — but again, no IP address, no browser, no referrer.
Apple Mail Privacy Protection (MPP): Apple pre-loads email images on its proxy servers, which means open events from Apple Mail users may be recorded even when the email was not opened by the user. Our open-rate figures may be inflated for users on iOS Mail, macOS Mail, or iCloud Mail. We display this caveat on the analytics dashboard.
Do Not Track (DNT): If your email client or browser sends DNT: 1, we skip logging entirely. No open or click event is stored — not even anonymously.
Data retention
| Data type | Retention | Notes |
|---|---|---|
| Newsletter open events | 90 days | Automatically hard-deleted daily at 03:00 UTC |
| Article click events | 90 days | Automatically hard-deleted daily at 03:00 UTC |
| Newsletter content | Governed by your plan archive limit | Freemium: none. Starter: 30 days. Pro: 90 days. Premium: unlimited. |
| Account data | Until account deletion | Deleted on request (see below) |
| Payment records | Permanent (audit log) | No card data stored — opaque transaction IDs only |
Your rights
- Right of access (GDPR Art. 15 / CCPA): You can export your account data at any time from your profile page.
- Right to erasure (GDPR Art. 17 / CCPA): Deleting your account removes your email address, name, subscriptions, and newsletters. Analytics rows linked to your account are anonymised (user_id set to NULL) rather than deleted, so aggregate open/click rates remain accurate.
- Right to object to tracking: Send
DNT: 1in your email client or browser and no tracking data will be stored. You can also contact us to disable tracking for your account. - Right to portability: Newsletter content and subscription settings can be exported as JSON on request.
We do not sell your data
We do not sell, rent, or share your personal data with advertisers or data brokers. We do not use third-party analytics (no Mixpanel, no Amplitude, no Google Analytics). Analytics are first-party and kept exclusively on our infrastructure.
This constitutes our "Do Not Sell" confirmation under CCPA § 1798.120.
Contact
For privacy requests, data exports, or erasure requests: privacy@inklessdaily.com