Privacy
Last updated: July 11, 2026 · About Feeder →
Short version
Feeder is an RSS reader. It pulls feeds you chose, stores them in a database we host, and ranks / triages them for you. There are no ad networks, no third-party analytics, no behavioural tracking pixels, and no sale of your data to anyone. Your account is identified by a username and a passkey — we never ask for your email, real name, phone number, or location.
What we store
- Account — the username you chose (3-20 chars), an optional display name, and the WebAuthn public keys of every passkey you registered. Passkey private keys never leave your device; the server only stores the public half + a usage counter to detect cloned credentials.
- Recovery codes — ten one-time codes generated at signup, stored as HMAC-SHA256 hashes (the plaintext is shown to you once and never persisted by us).
- Your subscriptions — every feed URL you added, your topic preferences, your mute rules (authors / keywords / feeds), your tags.
- Your reading state — which articles you've read, bookmarked, thumbs-upped, thumbs-downed, or had Claude summarise.
- Articles you pulled — RSS / Atom feed entries you subscribed to. The body, title, and metadata are stored so we can rank them. Articles older than the retention window (default 7 days) are automatically pruned unless you bookmarked them.
- Sports follows — the teams / players you starred, plus league schedules + standings we sync from public ESPN endpoints.
- HTTP request log — one structured JSON line per request (method, path, status code, latency, anonymised IP, user-agent) for ~30 days. Used for operational debugging, never tied to behavioural profiles.
What we don't store
- Your email address — Feeder doesn't ask for one.
- Your phone number, real name, or location.
- Behavioural analytics events ("user clicked X at time Y") beyond what's strictly needed for the For-You ranker (your bookmarks + thumbs-up/down).
- Cross-site tracking cookies, fingerprinting hashes, or device IDs.
- Anything we send to advertisers or data brokers — there are none.
Cookies
We set exactly one cookie: tfr.session. It's a signed, HttpOnly,
SameSite=Lax session cookie used to keep you signed in. No third-party
cookies. No tracking pixels.
Third parties we send data to
- Anthropic (Claude API) — when you click Summarize with Claude on a digest, or when the nightly triage runs, the article text + a small sample of your bookmarked / voted articles is sent to Anthropic to compute the summary or triage classification. Anthropic publishes its own privacy policy; per their commercial terms, API inputs are not used to train their models.
- DigitalOcean — hosts the app server, the managed PostgreSQL database, and the off-site backup bucket. Your data lives in their NYC3 region.
- The publishers of the feeds you subscribed to — we make HTTP GET requests to their public RSS / Atom URLs on your behalf. They see the request, not your identity.
- ESPN's public API — for sports scores, standings, schedules. No personal data is sent; only league / team identifiers.
- iTunes Search API — to back-fill podcast cover art when the feed doesn't carry one. Same shape as ESPN: no personal data sent.
- Picsum — for the rotating nature background images. Image URLs are public; no account info crosses the network.
No data is sold or rented to anyone, ever.
Retention
- Articles you didn't bookmark: automatically pruned after the retention window (default 7 days).
- Bookmarked articles: kept until you remove the bookmark or delete your account.
- Your account, subscriptions, follows, summaries, and recovery codes: kept until you delete your account.
- HTTP request logs: ~30 days, then rotated out.
Your rights
- Delete your account at any time — go to /account, scroll to "Delete account", type your username to confirm. Cascade-deletes every per-user table in one transaction. The username is freed for re-use.
- Add or revoke passkeys — same page. Revoking the last passkey requires un-used recovery codes (we won't lock you out by accident).
- Regenerate recovery codes — invalidates the previous ten; shown once.
- Export your data — visit /account → "Export your data" for a JSON dump of every per-user row we hold (subscriptions, reading state, tags, mute rules, sports follows, passkey + recovery-code metadata, support submissions). Article bodies excluded (publisher content, not yours).
Children
Feeder isn't directed at children under 13 and we don't knowingly accept signups from them. If you believe a child has created an account, contact us and we'll delete it.
Changes to this policy
We'll update the "Last updated" date at the top whenever this page changes. Material changes (new data we collect, new third parties we share with) will be called out in the app's release notes.
Contact
Questions about this policy, or a request to export / delete data outside the in-app flows: use the contact form (signed-in or anonymous; include a reply-to address if you'd like a response).