We take your privacy very seriously. We are not in the business of selling or monetizing your data in any way.
1. Feed Services
In order to do its job, Unread needs to interact with your feed service accounts. That interaction is subject to the privacy policies of your feed services:
Unread stores your feed service account credentials securely in the iOS Keychain. With the exception of Fever and with the exception of ad images from Inoreader, Unread uses HTTPS exclusively to communicate with feed services. Unread will use HTTPS exclusively to communicate with Fever unless the customer adds the account with an HTTP URL.
1a. Web-based Login
Feedly, Inoreader, and NewsBlur have OAuth 2.0 web-based login processes.
Unread facilitates each web-based login process by opening a Safari View Controller. Unread ensures that the initial URL for the Safari View Controller is an HTTPS URL. Beyond that, Unread has no way to ensure that the entire login process happens via HTTPS.
The Unread Redirect URLs for Inoreader and NewsBlur point to a web server under our control. This can result in an authorization code being transmitted to our web server at the end of the login process, but Unread uses Universal Links to avoid this under most circumstances. Our web servers only use the authorization code to send it back to Unread. Our web servers do not log OAuth redirect requests.
Feedly supports Redirect URLs with custom URL schemes. Therefore Feedly authorization codes are never transmitted to our web servers.
2. Unread Web Service
We maintain an Unread Web Service in order to send important announcements to our customers, to gather anonymized analytics, and to provide customer support. Communication with this web service takes place exclusively via HTTPS. Unread uses public key pinning to validate the authenticity of this web service.
Unread checks the web service no more than once every 24 hours to look for important announcements related to Unread. Unread does not transmit any information about the customer or the customer’s use of Unread when checking for announcements.
Unread sends anonymous usage information to the Unread Web Service. Golden Hill Software needs and uses this information for the sole purpose of improving Unread. Usage information that Unread sends includes:
- Settings, such as whether “Mark Read on Open” is enabled
- Whether you use certain features of Unread
- Which feed services you use
- The volume of data that Unread is storing on the device such as the number of accounts, number of articles, and number of feeds
Unread does not send any of the following information:
- Account credentials or any account information except for which feed services you use
- The URL of your self-hosted feed service
- Information about feeds to which you subscribe or articles that you read
The Unread Web Service only stores aggregated analytics report data. It does not store individual analytics reports from devices.
2c. Support File Uploads
In an effort to troubleshoot a customer support issue Golden Hill Software may ask a customer for his or her Unread log files and database files, and provide a way for the customer to submit them. That submission will happen via the Unread API. Those files contain information about feeds to which the customer subscribes and articles that the customer reads with Unread. Golden Hill Software will treat these files as confidential information, will use them for no purpose beyond addressing the issue at hand, and will delete these files once the issue is resolved. This will only ever happen after we request those support files and the customer explicitly agrees to provide them.
When necessary for maintenance and security purposes, we may log requests to the Unread Web Service. Information logged may include client IP addresses. That information will be used for the sole purpose of maintaining the web service and will be stored for no longer than necessary.
Occasionally, either at the request of a customer or at the request of Golden Hill Software and with consent of the customer, a customer might beta test an unreleased version of Unread. When that happens, Golden Hill Software will provide the customer’s name and email address to Apple. That process is subject to the TestFlight Terms and Conditions.
Displaying readability views and displaying articles with embedded objects such as images requires making HTTP and HTTPS requests to third party websites. In the same way that a website can track direct visitors, a website may be able to track Unread customers when retrieving embedded objects and readability view content, when opening a link from an article, and when opening an article on the web.
5. Email Exchanged with Golden Hill Software
Unread contains the ability to email a customer support request to Golden Hill Software. Unread adds a small bit of information about the device and installation to customer support messages by default. This helps to provide context around customer inquiries. If desired the customer can remove that information before sending the message.
6. Beyond this Product
We may use third party content delivery services on our website.
When necessary for maintenance and security purposes, we may log requests to our website. Information logged may include visitor IP addresses. That information will be used for the sole purpose of maintaining the web site and will be stored for no longer than necessary.
7. Sharing of Data
We are a United States company. When legally required to do so, we will provide information to government authorities. Beyond that, we will never share customer data. We make a point of minimizing the customer information we have.
8. Personal Data
The personal data Golden Hill Software has about Unread customers is limited to email received from customers and subscriptions to the company mailing list.
Upon written request from a customer to firstname.lastname@example.org, Golden Hill Software will supply the personal information we have about the inquiring customer. Similarly, we will delete our copy of said data upon written request.
Any such request must include all email addresses from which that customer sent us email or subscribed to our mailing list in order for us to find that information.
10. Changes to this Policy
Future versions of Unread may require an update to this policy. Any changes will be noted on the Golden Hill Software blog.
- First version: August 2, 2017
- Added the Crash Reporting section when incorporating HockeyApp: November 7, 2017
- Added support for Inoreader: February 21, 2018
- Updated June, 11, 2018:
- Updated to account for ad images from Inoreader.
- Added section “2c. Logging” to describe logging of requests behind the Unread Web Service.
- Added section “3. Apple” to account for Apple’s role in distributing Unread.
- Added section “4. Websites” to describe Unread’s interaction with feed and article publishers.
- In section “5. Email Exchanged with Golden Hill Software”, changed the email retention policy.
- In section “6. Beyond this Product”, noted that correspondences made via social network are outside the scope of this document. Also limited the extent of logging on our website.
- Added section “8. Personal Data”.
- Added section “9. Contact”.
- Updated to reflect the removal of HockeyApp for crash reporting.
- Other wording changes that do not change the meaning.
- Updated July, 16, 2018: Updated to handle the addition of database and log file transmission to the Unread API in order to handle specific customer support issues.