We take customer privacy seriously. We do not sell or monetize customer data.
1. Feed Service Accounts
Unread works with Unread Cloud accounts, Local accounts, and external feed service accounts.
1a. Unread Cloud Accounts and Local Accounts
We maintain web services to efficiently retrieve articles ahead of time for Unread Cloud accounts and Local accounts.
We store the following information for each Local account and each Unread Cloud account:
- A list of subscribed feeds with subscription-specific webpage text options and subscription-specific settings such as the customer-specified title.
- Tag names and the set of subscriptions associated with each tag.
- The date and time at which the customer subscribed to each feed.
- Articles and other content from feeds to which customers subscribe. Under some circumstances article content will be augmented by additional content from the website publishing the article.
In addition we store the following for each Unread Cloud account:
- An Apple-generated anonymous Apple account identifier.
- Which articles have been read or marked read, and the history of when articles are marked read and unread.
- Article-specific webpage text options, and the history of when article-specific webpage text options are set.
- Which articles are saved, and the history of when an article is saved or unsaved.
- Articles saved from webpages via either the Add to Saved Articles menu item or the Save to Unread share sheet extension.
Unread always interacts with our servers via HTTPS.
Customers log into Unread Cloud accounts via Sign in with Apple.
When removing an Unread Cloud account from Unread on a device, Unread will ask the customer whether to just remove the account from the device or to destroy the account. If the account is destroyed we will delete all traces of the account from our servers as soon as possible. Syncing to that account will then stop working from any other device logged into it. Similarly after deleting a Local account from Unread on a device, we will destroy that account on our servers as soon as possible.
We may continue to store a feed’s URL, articles, or other feed content after all customers have unsubscribed from a feed or after accounts with subscriptions to that feed have been destroyed. We may build a public directory of feeds. We reserve the right to incorporate feeds that we discover based on customer subscriptions into such a directory. We will not release information about who has subscribed to what feeds.
1b. External Feed Service Accounts
Unread stores your feed service account credentials securely in the Keychain.
It is possible for a feed service to inject links or embedded objects such as images into articles. Such embedded objects may be served via HTTP. Any content injected by a feed service is subject to the terms of Section 8: Websites.
2. Webpage Text
Unread’s webpage text features require our servers. Specifically:
- Our servers are used to determine whether specific feeds serve truncated articles or full article content.
- Our servers provide webpage text content for truncated articles.
- When a customer changes the default setting for a feed from feed text to webpage text or vice-versa, we may store that information to improve our detection of feeds that contain only summaries.
- Under most circumstances our servers provide webpage text content for articles saved from links in other articles and for articles saved using the Save to Unread share sheet extension.
In some cases our log files will reflect that a user from a specific IP address requested feed information for a specific feed URL or requested webpage text for a specific webpage URL. Requests related to the webpage text feature do not include account identifiers or personal identifiable information.
We collect some anonymous usage information and use it for the sole purpose of improving Unread. Usage information that we collect includes:
- Settings, such as whether “Mark Read on Open” is enabled.
- Whether certain features of Unread are used.
- Which feed services are used.
- The volume of data that Unread is storing such as the number of accounts, number of articles, and number of feed subscriptions.
We do not collect any of the following information:
- Account identifiers or credentials for external feed service accounts.
- URLs of external self-hosted feed service accounts.
4. Support File Uploads
In an effort to troubleshoot a customer support issue we may ask a customer for their Unread log files and database files, and provide a way for the customer to submit them. That submission will happen via our servers because the files can be too big to reliably send via email. Those files contain information about feeds to which the customer subscribes and articles that the customer reads with Unread. We will treat these files as confidential information, will use them for no purpose beyond addressing the customer support issue, and will delete these files once the issue is resolved. This will only ever happen after we request those support files and the customer explicitly agrees to provide them.
Unread may retrieve configuration information from our servers such as:
- Application-wide authentication keys for feed services.
- In-app purchase availability.
- Announcements that should be presented to customers.
- Lists of suggested feeds for new Unread Cloud accounts and Local accounts.
6. Article Actions
Instapaper has the concept of a private bookmark. Unread does not make bookmarks it saves to Instapaper accounts private.
Pinboard bookmarks saved by Unread are shared unless the Pinboard “save all bookmarks as private” setting is enabled.
Displaying webpage text and displaying articles with embedded objects such as images requires making HTTP and HTTPS requests to third party websites. In the same way that a website can track direct visitors, a website may be able to track Unread customers when retrieving embedded objects and webpage text, when opening a link from an article, and when opening an article on the web.
9. Web-Based Login Processes
Some feed services and article action services have web-based login processes. Unread allows you to log into those services with an in-app Safari view. Unread has no ability to ensure that the entire login process happens via HTTPS. Under some circumstances the login process will end with a temporary account authorization code being sent to our servers. Our servers just send the authorization code back to Unread. Our servers do not log or otherwise use these authorization codes.
10. Customer Support Email
Unread contains the ability to email a customer support request to us. Unread adds information about the device and installation to customer support messages by default. On a device that uses standalone (Unread Cloud or Local) accounts, this includes account identifiers. We can use an account identifier to locate account information described in Section 1a and associate that with the message sender. This helps to provide context around customer inquiries. We treat that as confidential information. If desired the customer can remove that information before sending a message.
11. Beyond this Product
We may use third party content delivery services on our website.
When necessary for maintenance and security purposes, we may log requests to our website. Information logged may include visitor IP addresses. That information will be used for the sole purpose of maintaining the website and will be stored for no longer than necessary.
12. Sharing of Data
We are a United States company. When legally required to do so, we will provide information to government authorities. Beyond that, we will never share customer data. We make a point of minimizing the customer information we have.
13. Changes to this Policy
Future versions of Unread may require an update to this policy. Any changes will be noted on the Golden Hill Software blog.