1. What we collect
We collect only what's needed to run DevFeed:
- Account info — email address, name (if provided), and hashed password. If you sign in via GitHub or Google, we receive your public profile information and email from the OAuth provider.
- Usage data — which blogs you follow, articles you've read or bookmarked, and digest preferences.
- Billing data — subscription status, Stripe customer identifiers, checkout, invoice, refund, and dispute event identifiers, cancellation state, and support context needed to manage paid accounts. We do not store full card numbers.
- Technical, usage, and security data — IP address, browser type, request timestamps, sign-in events, admin actions, product usage events such as opened articles, followed feeds, bookmarks, digest emails, error details, and security flags for monitoring, abuse prevention, fraud prevention, billing support, and dispute handling.
2. How we use your data
- Providing the feed, bookmarks, and digest features
- Generating personalized AI digests based on your subscriptions
- Sending digest emails (you can opt out in settings)
- Security monitoring and detecting suspicious login activity
- Processing payments, cancellations, refunds, fraud reviews, and payment disputes, including documenting whether paid features were used
- Debugging production errors and maintaining service reliability
3. Third-party services
DevFeed uses the following third-party services that may process your data:
- Google Gemini via the OpenAI-compatible API — article content and summaries are sent to generate article summaries and digest insights. We avoid including account identifiers in these requests.
- Tracery — AI request/response observability for debugging summary quality, latency, and failures.
- Stripe — checkout, subscription billing, invoices, tax calculation when enabled, billing portal, fraud review, and dispute handling. We do not store full card details.
- Resend — delivery of magic links, password resets, account emails, and digest emails.
- Sentry — production error monitoring and diagnostics.
- GitHub / Google — OAuth authentication. We request basic profile and email scopes.
- Google Fonts — font and icon stylesheet delivery for the public web interface.
4. Data retention
Your account data is retained for as long as your account is active. When you delete your account, account profile, subscriptions, bookmarks, and read history are removed from the active product database within 30 days where technically and legally possible. Billing, security, fraud-prevention, backup, and dispute records, including the minimum product usage evidence needed to answer chargebacks, may be retained longer when needed for legal, accounting, security, or payment-network reasons. Aggregated, anonymized usage statistics may be retained.
5. Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Export your data in a portable format
- Object to processing of your data
To exercise any of these rights, email us at [email protected]. You can also delete your account directly from the settings page.
6. Security
We use industry-standard measures to protect your data: encrypted connections (TLS), hashed passwords, and security logging. No system is perfectly secure—if you discover a vulnerability, please report it to us responsibly.
7. Changes to this policy
We may update this policy as DevFeed evolves. Significant changes will be communicated through the platform. Continued use after changes constitutes acceptance.