Privacy Policy
The Hard Copy ("we", "us") operates the subscription service at thehardcopy.org that aggregates articles you read online into a regularly printed book. This policy explains what data we collect, how we use it, and which third parties process it on our behalf.
Data we collect
- Account data — your email address, name, and authentication identifiers from any OAuth provider you sign in with.
- Subscription and billing data — plan selection, billing status, and payment metadata. We do not store full card numbers; payment instruments are held by Stripe.
- Shipping data — the postal address you provide for book delivery.
- Content sources you connect — RSS feeds you add, and, if you connect a Gmail account, message metadata and message bodies needed to extract newsletter content for your book.
- Operational logs — minimal request and error logs needed to run the service.
How we use your data
We use your data only to operate the service: authenticating you, building and printing your monthly book, charging your subscription, shipping the book, and providing customer support. We do not sell your data, and we do not use it for advertising.
Google user data — Limited Use disclosure
If you connect a Google account, The Hard Copy's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
- Scopes requested. We request the narrowest Gmail scopes necessary to read newsletter messages you have chosen to include in your book. We do not request send, modify, or delete scopes.
- Use limited to user-facing features. Gmail data is used solely to fetch and lay out the newsletter content that appears in your printed book and the corresponding previews in your account.
- No transfer to third parties. We do not transfer Gmail data to third parties except as necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
- No advertising. We do not use Gmail data for serving advertisements, including retargeting, personalized, or interest-based advertising.
- No human reading. We do not allow humans to read Gmail data except with your explicit consent for specific messages, as necessary for security purposes (such as investigating abuse), to comply with applicable law, or where the data has been aggregated and anonymized.
- No ML training. We do not use Gmail data to develop, improve, or train generalized machine learning models.
- Encryption. Gmail data is encrypted in transit (TLS) and at rest.
- Retention and deletion. You can disconnect your Google account at any time from your account settings, which revokes our access and deletes the cached Gmail content associated with your account. You can also revoke access directly at myaccount.google.com/permissions.
Third-party data processors
We rely on the following sub-processors to operate the service. Each one receives only the data it needs for its specific function.
- Google — OAuth sign-in and the Gmail API, used to authenticate you and to fetch newsletter content from accounts you connect.
- Stripe — payment processing and subscription billing. Stripe receives your name, email, billing address, and payment instrument details.
- Lulu — print-on-demand manufacturing and shipping. Lulu receives your shipping name and address along with the rendered book PDF for each order.
- Cloudflare — application hosting, including Cloudflare Workers and the D1 database where account, subscription, and fetched newsletter content are stored. Cloudflare encrypts D1 data at rest.
Security
Data is encrypted in transit using TLS and at rest in our hosting and database providers. Access to production systems is restricted to the operators of the service.
Your rights
You can access, export, correct, or delete your account data at any time from your account settings, or by emailing us. Deleting your account removes your account record, cached content, and OAuth tokens; billing records may be retained as required by law.
Changes
We will update the lastUpdated date above when this policy changes. Material
changes will be communicated by email to active subscribers.
Contact
Questions about this policy: cooper@thehardcopy.org.