RSScal

Privacy Policy

Lot 49 Labs — RSScal

What we collect

The following data is collected in order for RSScal to function:

  • Email address — used to create and authenticate your account, and to send verification and password reset emails.
  • Password — stored as a salted hash. We cannot recover stored passwords.
  • Feed subscriptions — the RSS/Atom feed URLs you subscribe to, and any associated settings (category, refresh interval, keyword filters) are stored in a database.
  • Auto-save rules — keyword rules you configure, including any associated Slack channel identifiers.
  • Slack OAuth token — stored if you connect RSScal to a Slack workspace. Used only to post messages on your behalf.
  • Session token — stored in an HTTP-only cookie for the duration of your session.
  • Payment information — handled entirely by Stripe. We do not store card numbers or payment details.
  • Anonymous web analytics — collected through Cloudflare.
  • AI API keys — stored encrypted in our database if provided.

What we do not collect

  • We do not track which articles you open or read.
  • We do not share or surface subscription data between users. RSScal does not reveal who has subscribed to a given feed.
  • Notes are stored client-side — they won't sync across devices or browsers. Clearing browser data wipes them. They're not backed up and disappear if you switch browsers or go incognito. This may change if database storage provides a better user experience.

Third-party services

  • Stripe — payment processing. Subject to Stripe's privacy policy.
  • Slack — optional integration for forwarding saved items. Subject to Slack's privacy policy.
  • AI providers — Anthropic, OpenAI, or Google, depending on which you choose. Content you submit for summarization is sent to your chosen provider using your own API key.
  • Supabase / Digital Ocean — infrastructure hosting. Data is stored on servers in the United States.

Data retention

Your data is retained as long as your account exists. You can delete your account from the Settings page, which permanently removes your account and associated data.

Security

Passwords are hashed. Session cookies are HTTPOnly and secure. Communication is over HTTPS.

Contact

For questions, reach us at support at lot49 dot com.