Privacy Policy
Effective date: July 3, 2026
Rovatrove exists to let you follow content without handing out your identity. This policy explains what we collect, why, how long we keep it, and how to delete it. The short version: we collect the minimum needed to run the service, we never sell your data, and the most sensitive things you store with us are encrypted so that we cannot read them.
What we collect
- Account information. Your email address and a password (stored only as a one-way Argon2id hash; we never store or see your actual password). If you sign in with Google, we store your Google account identifier and email instead. We never receive your Google password and we request no access to your Gmail or other Google data.
- Your subscriptions. The services, newsletters, feeds, and channels you follow, and the private forwarding addresses we create for them.
- Subscription content. Newsletter issues and feed items delivered to your subscriptions are stored (with active/executable content removed) so they can appear in your feed. Incoming raw email is processed and discarded within seconds; we keep only the cleaned content shown to you.
- Vault data, which we cannot read. If you use the credential vault, its contents are encrypted on your device before they ever reach us. We store only opaque ciphertext. We hold no key, and there is no recovery backdoor: we could not read your vault even if compelled to try.
What we don’t do
- We do not sell or rent your data to anyone. Ever.
- We do not show ads or share data with advertisers or data brokers.
- We do not read your personal inbox. Rovatrove requires no access to your existing email account.
- This website sets no cookies and runs no third-party trackers or analytics.
- The app currently includes no analytics. Before public launch we may add privacy-respecting crash reporting and product analytics to keep the app reliable; if we do, this policy will be updated to name the provider.
How the private addresses work
Each email subscription gets its own unique forwarding address. Senders see only that address, never your real one. When you remove a subscription, its address is retired: mail sent to it is dropped without being stored or forwarded. Retired addresses are held in reserve (never reassigned to anyone else) for the life of your account plus a short closure window, then purged. The mapping between addresses and your subscriptions is stored encrypted (AES-256-GCM) on our servers.
Retention and deletion
- Feed content is retained for a limited window that depends on your plan (30 days on the free tier), then automatically purged.
- Raw incoming email is never stored. It is classified and discarded within seconds of arrival.
- Account deletion is immediate and irreversible.Deleting your account (Account → Delete account, or by emailing us; see Account Deletion) permanently removes your profile, subscriptions, addresses, stored content, vault ciphertext, and sessions.
Service providers
We use a small number of infrastructure providers to run Rovatrove. Each processes data only on our instructions, only to provide the service:
- Amazon Web Services (SES): receives mail sent to your subscription addresses and sends our transactional email (e.g. password resets).
- Supabase: database and file storage (encrypted at rest).
- Railway: application hosting.
- Google: optional “Sign in with Google.”
- Anthropic: automated classification of incoming subscription mail (e.g. “newsletter issue” vs. “receipt”). Content is processed transiently and not used to train models.
- Google Play / Apple App Store: payment processing for paid plans; we never see your card details.
Your rights
Depending on where you live (including under GDPR and CCPA), you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can exercise deletion yourself in the app at any time; for anything else, email support@rovatrove.com and we will respond within 30 days. We do not discriminate against you for exercising your rights.
Children
Rovatrove is not directed at children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect data from them. If you believe a child has created an account, contact us and we will delete it.
Changes
If we make material changes to this policy, we will update the effective date above and notify you in the app before the changes take effect.
Contact
Privacy questions: support@rovatrove.com
This policy is provided for transparency about how Rovatrove works; it is not legal advice to you.