Privacy Policy
We value your privacy and are committed to protecting your personal information.
Last updated: 30 October 2025
Welcome to Actualia ("Actualia", "we", "us", or "our"). We provide a mobile app and website that generate a daily news brief tailored to your interests and preferred sources. This Privacy Policy explains what personal data we collect, how we use it, and the choices you have. It applies to our mobile applications, website at actualia.app (including /privacy), and related services (together, the "Services").
We are based in Switzerland and process personal data in accordance with the Swiss Federal Act on Data Protection (FADP). Where we offer our Services to people in the EEA/UK, we also consider the EU/UK GDPR as applicable.
If you have any questions or requests, contact us at [email protected].
1) Who is the controller?
Actualia acts as the data controller for personal data processed through the Services. We may use carefully selected processors (service providers) to process data on our behalf (see Section 9).
2) What data we collect
We collect the minimum data needed to operate and improve Actualia.
Account & identity
- Email address (required to create an account and log in via one‑time passcode/OTP)
- First name (if you choose to provide it)
Personalization & preferences
- News interests/topics you select or interact with
- Preferred language
- Favorite sources you select
- In‑app settings and notification preferences
Usage & device data
- Technical logs and diagnostics (e.g., timestamps, app version, OS version, crash/error logs)
- Device identifiers (e.g., device ID/advertising identifiers where enabled by your OS, push notification token)
- Approximate location derived from IP address for language/region defaults (we do not collect precise GPS location unless you explicitly enable a feature that needs it)
- Interaction data (e.g., screens viewed, buttons tapped, session duration)
Content you provide
- Feedback and support requests (including any free‑text you choose to send us)
We do not intentionally collect special category/sensitive data. Please don't share sensitive information in free‑text fields.
3) How we obtain data
- Directly from you when you sign up, set preferences, use the app, or contact us.
- Automatically via SDKs and server logs when you interact with the Services.
- From third‑party content providers to fetch and display public news content and metadata based on your preferences. When you save an article, we store a reference (e.g., URL or ID) and related metadata; we do not receive your personal data from these providers.
4) Why we process your data (purposes) and legal bases
We process personal data for the following purposes under FADP and, where applicable, GDPR legal bases:
| Purpose | Examples | Legal basis (GDPR, if applicable) |
|---|---|---|
| Provide and operate the Services | Account creation via email+OTP, generating your daily news brief, syncing preferences, sending push notifications you opt into | Contract necessity; Consent (push notifications); Legitimate interests (basic app operation) |
| Personalization | Tailoring news topics and sources to your stated interests and in‑app behavior | Contract necessity or Legitimate interests; Consent where required |
| Analytics & performance | Aggregated usage metrics, crash/error diagnostics, A/B testing to improve features and reliability | Legitimate interests (improving and securing services) |
| Security & abuse prevention | Detecting misuse, preventing fraud, protecting accounts and our infrastructure | Legitimate interests; Legal obligation where applicable |
| Communications | Service messages (e.g., OTP codes), replies to support requests, product updates where permitted | Contract necessity (service emails); Legitimate interests; Consent for marketing |
| Compliance | Meeting legal/accounting obligations, responding to lawful requests | Legal obligation |
We do not make decisions producing legal or similarly significant effects based solely on automated processing. Personalization helps select content for you but does not have such effects.
5) Optional consents and your choices
- Notifications: You can enable/disable push notifications in app and in your device settings.
- Analytics/marketing SDKs: Where required, we will ask for your consent before enabling advertising/attribution SDKs.
- Emails: You can unsubscribe from non‑essential emails via the footer link or by contacting us.
- Device identifiers: You can limit ad tracking or reset your advertising ID in your device settings.
6) Data retention
We keep personal data only as long as needed for the purposes above, then delete or anonymize it.
- Account & preferences: retained while your account is active. If you delete your account, we delete or irreversibly anonymize associated personal data within a reasonable period, subject to legal retention requirements.
- Technical logs (incl. Sentry): retained for a short period (typically up to 90 days) to investigate issues, unless we need more time for a specific incident.
- Analytics events: retained in aggregated or pseudonymous form for up to 14 months unless a shorter/longer period is configured to meet our needs and legal obligations.
- Support communications: retained as needed to manage your request and for record‑keeping.
7) International transfers
We are based in Switzerland. Some providers process data in other countries (including the United States). When transferring personal data internationally, we use appropriate safeguards, such as adequacy decisions (e.g., EU adequate protection for Switzerland) and/or Standard Contractual Clauses (SCCs) with supplementary measures as needed.
8) Security
We apply administrative, technical, and organizational measures to protect personal data, including encryption in transit, access controls, and least‑privilege practices. No system is perfectly secure; if we learn of a breach affecting your data, we will notify you and regulators where required.
9) Our processors (service providers)
We use reputable processors to provide parts of the Services. They process personal data only on our instructions and for the purposes listed below.
- Supabase (backend database, authentication, storage)
- Data: email, first name (if provided), preferences, saved items, hashed identifiers, server logs
- Purpose: host our backend and store your account and app data
- Location/transfers: EU/US (depending on selected region) with contractual safeguards
- Firebase by Google (analytics, cloud messaging/notifications)
- Data: event and device data, advertising identifiers where enabled, IP‑derived region, push tokens
- Purpose: analytics to improve the app; delivering push notifications
- Location/transfers: global infrastructure with appropriate safeguards
- Sentry (error/crash monitoring)
- Data: technical diagnostics, stack traces, device/app metadata, IP address; we configure to avoid collecting content fields where possible
- Purpose: detect and fix crashes and reliability issues
- Retention: short‑term, typically up to 90 days
- RudderStack (event routing; connectors to marketing/attribution SDKs such as Facebook)
- Data: event metadata, device identifiers, limited profile fields (e.g., email hash) where configured
- Purpose: attribution and performance measurement of campaigns; routing events to downstream tools
- Controls: we minimize payloads and disable sensitive fields by default
- OpenRouter (LLM API gateway)
- Data: prompts and parameters needed to generate summaries; may include your selected interests/sources and non‑identifying context
- Purpose: generate AI‑assisted news summaries
- Note: OpenRouter may route to underlying model providers; we instruct providers not to use data for training where such controls exist, but cannot guarantee each provider's independent practices
- Inworld (AI audio generation — text‑to‑speech only)
- Data: text prompts/strings needed to synthesize audio; generated audio output; minimal device metadata for delivery
- Purpose: generate spoken versions of summaries
We maintain a current list of subprocessors and will update this Privacy Policy if material changes occur.
10) Cookies, SDKs, and similar technologies
- Website (actualia.app): We use essential cookies for security and to remember your settings. Where we use analytics cookies, we will request consent where required.
- Mobile app: We use SDKs (e.g., Firebase, Sentry, RudderStack connectors) for analytics, diagnostics, notifications, and—only with your consent—marketing/attribution. You can manage preferences in the app and your device settings.
- Do Not Track: Because there is no common DNT standard, we currently do not respond to DNT signals. We honor applicable consent requirements and your in‑app choices.
11) Your rights
Under the FADP (and GDPR where applicable), you have rights which may include:
- Access to your personal data and information about processing
- Portability of data you provided to us, where processed by automated means and based on consent or contract
- Deletion of your personal data (subject to legal exceptions)
- Correction of inaccurate data
- Restriction/objection to certain processing (e.g., analytics or marketing) where provided by law
- Withdraw consent at any time (this does not affect prior processing)
To exercise your rights, email [email protected]. We may need to verify your identity. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, where GDPR applies, your local data protection authority.
12) Children
Our Services are not directed to children under 16. If you are under the minimum age required by your local law to consent to online services, you may use Actualia only with verifiable parental/guardian consent. If we learn we have collected personal data from a child without appropriate consent, we will delete it.
13) No sale or third‑party marketing use
We do not sell your personal data. We do not share your personal data with third parties for their own independent marketing or advertising purposes. We may disclose data to competent authorities if required by law or to protect our rights and users' safety.
14) How account creation via email + OTP works
We use a passwordless flow: you provide your email, we send a one‑time passcode to verify it, and you enter that code to sign in. For security, verification codes expire quickly. We do not store your email password.
15) Managing your data
In the app, you can review and update your preferences and notification settings. You can request a data export or account deletion by contacting [email protected]. Deleting your account removes your profile and preferences from our active systems within a reasonable period, subject to necessary backups and legal retention.
16) Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version at actualia.app/privacy and adjust the "Last updated" date above. If changes are material, we will provide additional notice (e.g., in‑app notice or email).
17) Contact
If you have questions, concerns, or requests about this Privacy Policy or our data practices, contact:
Email: [email protected]
Region: Switzerland
We'll do our best to respond promptly and within the timeframes required by applicable law.
© 2025 Actualia. All rights reserved.