Privacy Policy

Effective Date: April 16, 2026

1. Introduction

The Masthead (“we,” “us,” or “our”) is operated by Dmytro Bohdanov, sole proprietor (Jednoosobowa Działalność Gospodarcza), NIP: 8992981145, registered in Poland.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use The Masthead mobile application and website (collectively, the “Service”). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.

2. What Data We Collect

2.1 Account Information

When you create an account, we collect your email address and authentication credentials. You may also sign in via Apple or Google, in which case we receive the information you authorize those services to share.

2.2 Preferences

We store your chosen language, timezone, summary style preference, and selected news categories and sources to personalize your experience.

2.3 Interaction Data

We record your interactions with articles, including likes, dislikes, reads, and content engagement. This data is used to compute your interest profile — a set of weighted topic tags that helps us personalize your news feed.

2.4 Subscription Information

If you subscribe to Premium, your subscription status and billing period are managed by RevenueCat through the Apple App Store or Google Play Store. We do not directly collect or store payment card information.

2.5 Device Information

We collect your device platform (iOS or Android) via the RevenueCat SDK for subscription management purposes only.

3. How We Use Your Data

We use the data we collect for the following purposes:

  • Personalization: to curate your news feed and daily digest based on your interests, preferences, and reading history.
  • AI Processing: to generate article summaries, translations, and categorizations using artificial intelligence.
  • Text-to-Speech: to convert articles into audio narration when you use the listen feature.
  • Subscription Management: to verify your subscription status and provide access to Premium features.
  • Service Improvement: to understand usage patterns and improve the Service.

Legal basis (GDPR): We process your account and subscription data on the basis of contractual necessity (to provide the Service). We process interaction and preference data on the basis of legitimate interest (to personalize your experience), which we have balanced against your rights and freedoms.

4. Third-Party Services

We use the following third-party services to operate The Masthead:

  • Anthropic (Claude API) — for AI-powered article summarization, translation, and categorization. Article text is sent to Anthropic for processing.
  • ElevenLabs — for text-to-speech audio generation. Article text is sent to ElevenLabs when you use the listen feature.
  • RevenueCat — for subscription and in-app purchase management.
  • Amazon Web Services (AWS) — for cloud infrastructure, including compute (Lambda), storage (S3), and message queuing (SQS). Data is hosted in the EU (eu-central-1, Frankfurt).
  • Neon — for PostgreSQL database hosting in the EU.

We do not sell your personal data. We do not display advertisements. We do not share your data with third parties for marketing purposes.

5. International Data Transfers

Your data is primarily stored in the European Union (AWS eu-central-1, Frankfurt, Germany). However, when you use features powered by AI (summaries, translations) or text-to-speech, article text may be processed by Anthropic and ElevenLabs, whose servers may be located in the United States.

These transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection in accordance with GDPR requirements.

6. Data Retention

We retain your personal data for as long as your account is active and as necessary to provide the Service. Specifically:

  • Account and preference data is retained until you delete your account.
  • Article data is automatically cleaned up after 7 days. Your interaction history with those articles is removed accordingly.
  • Audio cache files are retained for performance and automatically expire.

When you delete your account, all associated personal data — including preferences, interactions, interest profiles, and feed subscriptions — is permanently deleted.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Right of Access: request a copy of the personal data we hold about you.
  • Right to Rectification: request correction of inaccurate or incomplete data.
  • Right to Erasure: request deletion of your personal data (you can also delete your account directly in the app).
  • Right to Restrict Processing: request that we limit how we use your data.
  • Right to Data Portability: request your data in a structured, machine-readable format.
  • Right to Object: object to processing based on legitimate interest, including AI-powered personalization.

Automated Decision-Making: The Masthead uses AI to personalize your news feed and generate article summaries. This automated processing affects the content you see but does not produce legal effects or similarly significantly affect you. You may object to this processing at any time.

To exercise any of these rights, contact us at privacy@themasthead.app. We will respond within 30 days.

You also have the right to lodge a complaint with the Polish supervisory authority: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data in transit is encrypted using HTTPS/TLS.
  • Data at rest is encrypted using AWS and Neon default encryption.
  • Authentication sessions expire after 7 days.
  • Access to production systems is restricted to authorized personnel.

9. Children's Privacy

The Masthead is not intended for children under the age of 13 (or 16 in certain EU member states). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@themasthead.app and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and, where appropriate, through in-app notification or email. The “Effective Date” at the top of this page indicates when the policy was last revised.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, contact us:

  • Data Controller: Dmytro Bohdanov
  • Business: Jednoosobowa Działalność Gospodarcza, NIP: 8992981145
  • Country: Poland
  • Email: privacy@themasthead.app
The Masthead

AI-powered news, delivered daily — the speed of algorithms with the depth of a great newspaper.

© 2026 The Masthead. All rights reserved.

Article summaries are generated by AI from publicly-available RSS feeds. Copyright of underlying reporting remains with the original publishers. See our Editorial Standards.