Privacy Policy

Last updated: April 20, 2026

1. Who we are

Zaviye ("we", "us") operates a news intelligence platform at zaviye.news. We monitor press across Farsi, Kurdish, Arabic, Turkish, and English — translating, clustering, and surfacing stories on a web feed, a weekly email Letter, a Glossary, a developer API, and related surfaces. The website is in English; the multilinguality is in the sources we ingest.

This policy explains, in plain language, what data we collect from readers, what we do with it, what we refuse to do with it, and how to exercise your rights over it.

2. Our privacy principles

The commitments below aren't aspirational; they're the operating rules this policy is built on.

No behavioural advertising. We don't run retargeting pixels, programmatic ad networks, or third-party ad trackers on any Zaviye surface.
No hidden personalisation of facts. Region, language, and topics-you-follow affect what we emphasise; they don't change what we publish. Two readers on the same plan reading Zaviye today see the same facts.
Consent-first product analytics. We use PostHog (EU-hosted, first-party-proxied, session-replay with input masking) to understand which stories and features work. It only loads after you explicitly grant consent. If you decline, or your browser signals Do Not Track, PostHog is never initialised in your session. See §9.
Opt-in notifications. We don't push content to you unless you asked us to.
Your reading history is yours. It's visible to you, useful to you, and never used to alter what stories we publish or to sell advertising.
Deletion works. When you delete your account, your personal data is removed. See §11.

3. Data we collect

Account data. Email address and display name. Authentication is handled by Supabase Auth; we never see or store your password.

Reading data. When you open a story while signed in, we record the cluster id and timestamp on your profile. This powers your personal reading history. If you're signed out, no per-user reading data is collected.

Billing data. If you subscribe to a paid tier, Paddle handles payment. We store the Paddle customer id, subscription id, and plan entitlement. We never see your card or bank details.

Preferences. Your region, language, topic follows, and theme (dark/light) are saved on your profile so they persist across devices.

Developer API data. If you generate API keys, we store the key hash (not the plaintext) and your current-period call count for rate-limiting. See §7.

Institutional account data. If you administer a team subscription, we store the institution name, billing contact, seat list, and subscription metadata. Individual team members' reading data remains on their individual profiles; administrators cannot see it.

Technical data. Standard web-server logs: IP address, user-agent, request path, timestamp, response status. Retained for 30 days for security + debugging, then rotated out.

4. How we use your data

To operate the Service (sign you in, serve you the feed, remember your preferences)
To process subscriptions through Paddle
To show you your reading history (only to you)
To enforce per-user rate limits on the API
To send you the Dossier if you subscribed, and to send you account-related mail (billing receipts, security alerts, policy changes)
To detect and prevent abuse (fraud, scraping, credential-stuffing, multi-account circumvention)
To generate aggregate analytics — e.g. "how many readers opened this Letter", not "which readers opened it" — for editorial planning

We do not use your data to build a behavioural-advertising profile, sell to data brokers, train third-party AI models, or alter the facts you see based on who you are.

5. What we personalise (and what we don't)

Personalisation we keep — transparent, under your control, and it affects emphasis only, not facts:

Region and country (a reader in Berlin sees European and MENA stories before Latin American ones)
Source language filters (you can filter the feed to stories from specific language corpora — Farsi, Kurdish, Arabic, Turkish, or English press)
Topics you explicitly follow
Saved stories and reading history (visible to you, used for your convenience)
UX preferences (theme, font size, RTL/LTR, density)

Personalisation we refuse — these would build a hidden behavioural profile or create different factual realities per reader, and we don't do them:

Hidden behavioural scoring that modifies what stories you see based on inferred traits
Different facts or framings of the same story per reader
A/B tests on editorial content for engagement
Recommendation loops that optimise for return-visits rather than relevance
Inferred political or ideological personalisation

The rule: you can see how the page is personalised, change it, or turn it off. If any personalisation we add fails that rule, it doesn't ship.

6. AI processing

We use AI (including local Ollama-hosted models and selective third-party AI APIs) for editorial processing:

Clustering similar articles across languages by embedding similarity
Generating short summaries and framing analysis on public news content
Translating public news headlines and summaries between corpora
Drafting Letter sections (always edited by a human before publication)

AI processing operates on public news content, not on your personal data. Your reading history, preferences, and account data are not sent to any AI model, third-party or local. We do not use your data to train models, either our own or anyone else's.

7. Developer API and MCP

If you generate an API key or connect via our MCP (Model Context Protocol) server:

We store only the SHA-256 hash of your key; the plaintext is shown to you once at creation and never stored server-side.
We log per-key call counts for rate limiting and abuse detection.
We record the timestamp of your key's last use.
We do not log the content of your API requests beyond the endpoint called and a request id.
If you use MCP via Claude Desktop or a similar client, the client handles OAuth between itself and Zaviye; we do not receive or store your Claude conversation content.

9. Analytics and cookies

We use the minimum cookies necessary to run the site:

Authentication session cookies — set by Supabase so you stay signed in.
Preference cookies — theme, language direction.
CSRF tokens — a small cookie used to protect login and subscription forms against cross-site request forgery.
Consent preference — a single localStorage entry (zv_analytics_consent) recording whether you granted or declined analytics consent. Not a cookie; stored in your browser only.
PostHog cookies — set only after you explicitly grant consent via the banner. See details below.

Product analytics (PostHog, consent-gated). We use PostHog, EU-hosted in Frankfurt, to understand which stories and features work. Specifically:

PostHog is never loaded until you grant consent in the banner. Decline, and the tracker script isn't even downloaded.
If your browser signals Do Not Track, we automatically treat that as a decline without showing the banner at all.
Events go through our own domain (/ingest) before reaching PostHog — no third-party requests originate directly from your browser.
Session replay is enabled with all input fields masked (passwords, credit card, anything you type into a form is recorded as ***). Only interactive DOM state (clicks, scrolls, page navigation) is captured.
We collect: your anonymous PostHog id, visited URLs, click targets on buttons and links, browser + device type, approximate geographic region (country-level, from IP).
We don't collect: your keystrokes, form inputs, the content of stories you read, your email address (unless you are signed in, in which case we associate it with your PostHog id for support purposes).
You can revoke consent any time from your account settings (coming soon) or by clearing zv_analytics_consent from your browser's local storage.

Server-side aggregate metrics (page view counts, Letter open rates via Resend, subscriber counts by plan) are also collected without per-user identifiers and used for editorial planning. These aren't covered by the PostHog consent gate because they don't involve client-side tracking.

We do not use marketing cookies, advertising cookies, retargeting pixels, web beacons, or fingerprinting scripts.

10. Data retention

We keep account data and reading history for as long as your account is active. If you delete your account:

Your account enters a 30-day soft-delete window during which you can recover it.
After 30 days your personal data is permanently removed.
Billing records required for tax and accounting purposes are retained for the period your jurisdiction requires (typically 7 years), but detached from your profile.
Aggregated, anonymised metrics (e.g. per-Letter open rate) may be retained indefinitely; these contain no personally identifying information.

Server logs are retained for 30 days. API usage records are retained for 90 days. Published content you posted under institutional admin capacity is retained for institutional continuity; personal reading data is not.

11. Your rights

Under GDPR and equivalent privacy laws you can:

Access (Art. 15) — download a machine-readable copy of your data from your account settings or by email.
Rectification (Art. 16) — update inaccurate data in your account settings; for anything not editable in the UI, contact us.
Erasure (Art. 17) — delete your account from settings; the 30-day soft-delete window gives you a way back if you change your mind.
Portability (Art. 20) — the data export in account settings is JSON + CSV, suitable for moving to another service.
Restriction (Art. 18) / Objection (Art. 21) — contact [email protected] and we'll respond within 30 days.
Withdraw consent — for anything consent-based (e.g. Letter subscription), the unsubscribe mechanism is in every email.
Lodge a complaint with your local data protection authority (e.g. the Irish DPC, given our EU processors).

Requests are free. We may ask you to verify your identity before acting on access or deletion requests.

12. Security

We encrypt data in transit (TLS 1.2+) and at rest (Supabase-managed encryption). Passwords are never stored by us. API keys are stored only as SHA-256 hashes. Admin access is gated by email allowlist and, progressively, by TOTP. We review security practices regularly.

No system is perfectly secure. If we experience a personal-data breach that creates a risk to your rights, we will notify affected users and the relevant data-protection authority within 72 hours of becoming aware, per GDPR Art. 33–34.

13. Children

Zaviye is not intended for users under 16. We don't knowingly collect data from children. If we discover that a child has created an account, we will delete it and any associated data promptly.

14. Changes to this policy

We may update this policy. Material changes (new processors, new data categories, altered legal basis, changes to retention) will be announced to registered readers by email at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision. An older version of the policy is always available on request.

15. Contact

For anything related to this policy:

Privacy / data-subject rights: [email protected]
General: [email protected]

We respond within five working days for general enquiries, within 30 days for formal rights requests (GDPR Art. 12 timeline).