To use these add-ons, you'll need to download Firefox.

Log in
Add-on icon

Privacy policy for Gistory

Gistory by Gistory

0 Stars out of 5
5
0
4
0
3
0
2
0
1
0
Privacy policy for Gistory

Privacy Policy
Last updated: February 6, 2026

  1. Introduction
    SPD Services, LLC, operating as Gistory ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, browser extensions, and services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.
  1. Information We Collect
    2.1 Information You Provide
    Account Information: When you create an account, we collect your email address and password (securely hashed). If you sign up via Google or Apple, we receive your name and email from those providers.
    Saved Articles: URLs, titles, and content of articles you save to your reading list.
    User Preferences: Your settings, reading preferences, and customization choices.
    Payment Information: If you subscribe to Premium, our payment processor (Stripe) handles your payment details. We do not store your full credit card number.
    Communications: When you contact us for support, we collect the content of your messages.
    2.2 Information Collected Automatically
    Usage Data: How you interact with the Service, including pages viewed, features used, and time spent.
    Device Information: Device type, operating system, browser type, and version.
    Log Data: IP address, access times, and referring URLs.
    Cookies and Similar Technologies: See our Cookie Policy for details.
  2. Google User Data Practices
    Gistory allows you to create an account and sign in using Google (via OAuth 2.0). This section provides a comprehensive disclosure of how we access, use, store, share, and protect data received from Google APIs, in compliance with the Google API Services User Data Policy.

Google API Services Limited Use Disclosure

Gistory's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3.1 Google User Data Accessed
When you sign in with Google, we request access to the following OAuth 2.0 scopes and receive only the minimum data necessary for account creation and authentication:

OAuth Scopes Requested:

openid — OpenID Connect authentication
email — Access to your email address
profile — Access to your basic profile information
Specific Data Points Collected:

Email address — Your primary Google account email address, used to create and identify your Gistory account
Full name — Your display name as set in your Google profile, used to personalize your experience
Profile picture URL — A link to your Google profile photo, retrieved temporarily for display purposes only (not permanently stored)
Email verification status — Whether Google has verified your email address, used to streamline account verification
Unique Google account identifier — A Google-assigned ID used to securely link your Google account to your Gistory account
Data We Do NOT Access: We do not request or receive access to any other Google services or data. This means we do not access your Google Drive files, Gmail messages, Google Calendar events, Google Contacts, Google Photos, YouTube data, Google Docs, Google Sheets, or any other Google service data.

3.2 Google User Data Usage
We use data received from Google APIs exclusively for the following purposes:

Authentication: To verify your identity and securely sign you into Gistory without requiring a separate password
Account Creation: To create your Gistory user account using your Google-provided name and email address
Profile Display: To display your name within the Gistory application for a personalized experience
Service Communications: To send you essential service-related emails at your Google email address, including account verification, security alerts, and important service updates
Account Linking: To maintain a secure connection between your Google identity and your Gistory account using the unique Google identifier
Prohibited Uses: We do NOT use Google user data for:

Serving advertisements or marketing purposes
Training artificial intelligence or machine learning models
Market research, analytics profiling, or user tracking
Selling or renting to third parties
Any purpose other than providing and improving the Gistory Service as described in this policy
3.3 Google User Data Sharing
We do not sell, rent, or trade your Google user data. Google user data is shared with third parties only in the following limited circumstances:

Essential Service Providers: We may share your email address with our email delivery service provider (for transactional emails only, such as password resets and security alerts) and our cloud hosting provider (where your account data is securely stored). These providers are contractually bound to use your data only to provide services to us and to protect it in accordance with this policy.
Legal Compliance: We may disclose Google user data if required by law, court order, subpoena, or government request, or to protect the rights, property, or safety of Gistory, our users, or the public.
Business Transfers: In the event of a merger, acquisition, bankruptcy, or sale of assets, Google user data may be transferred as part of that transaction. We will provide you with prior notice and the opportunity to delete your account before any such transfer.
Data NOT Shared: We do not share Google user data with:

Advertising networks or advertisers
Data brokers or data aggregators
AI/ML training platforms (including our AI summary providers—they process article content you save, not your Google account data)
Any third party for their own marketing purposes
3.4 Google User Data Storage and Protection
We implement robust security measures to protect your Google user data:

Data Storage:

Your email address, name, and unique Google account identifier are stored in our secure, encrypted database hosted on industry-leading cloud infrastructure
Your Google profile picture URL is retrieved during authentication for display purposes but is not permanently stored in our database
Authentication tokens are stored securely: on web via httpOnly cookies (inaccessible to JavaScript), on mobile via device-native secure storage (iOS Keychain, Android Keystore)
Security Measures:

Encryption in Transit: All data transmission uses TLS 1.2 or higher (HTTPS)
Encryption at Rest: All stored Google user data is encrypted using AES-256 encryption
Access Controls: Employee access to Google user data is strictly limited to those who require it for their job function, and all access is logged
Security Audits: We conduct regular security assessments and vulnerability scans
Secure Development: We follow secure coding practices and conduct code reviews
Human Access Restrictions:

We do not allow humans to read your Google user data unless: (a) we have your affirmative consent, (b) it is necessary for security purposes (e.g., investigating a security incident), (c) it is required to comply with applicable law, or (d) the data has been aggregated and anonymized for our internal operations analysis.

3.5 Google User Data Retention and Deletion
Retention Period:

Your Google user data (email, name, unique identifier) is retained for as long as your Gistory account remains active
If you do not use your account for 24 consecutive months, we may send you a reminder email before deactivating your account
How to Delete Your Data:

You have the right to request deletion of your Google user data at any time. You can delete your account and all associated Google user data by:

Self-Service Deletion: Navigate to Settings → Account → Delete Account within the Gistory app. You will be prompted to confirm by typing "DELETE." Upon confirmation, your account and all Google user data will be permanently deleted.
Email Request: Send an email to privacy@gistory.ai with the subject line "Delete My Account" from the email address associated with your account. We will process your request within 30 days.
Google Account Permissions: You can also revoke Gistory's access to your Google account at any time by visiting your Google Account Permissions page. Note that this prevents future sign-ins but does not automatically delete data already stored; please also request account deletion as described above.
What Happens Upon Deletion:

All Google user data (email, name, unique identifier) is permanently removed from our active databases
Backup copies are purged within 30 days of deletion
Aggregated, anonymized analytics data that cannot be used to identify you may be retained
4. Apple Sign In Data Practices
Gistory also allows you to sign in using Apple (via Sign in with Apple). When you sign in with Apple, we receive:

Email address — Your Apple ID email address (or an Apple Private Relay address if you choose to hide your email)
Full name — Your name, if provided during the initial sign-in (Apple only shares your name the first time you authorize the app)
Email verification status — Apple pre-verifies all email addresses
Unique account identifier — An Apple-assigned ID used to link your Apple account to your Gistory account
Apple Sign In data is handled with the same care and protections as described for Google user data above. We do not access your iCloud data, Apple Health data, or any other Apple service. Apple does not provide a profile picture, so none is retrieved.
  1. How We Use Your Information
    We use the information we collect to:

Provide, operate, and maintain the Service
Generate AI summaries of your saved articles
Sync your reading list across your devices
Process transactions and manage your subscription
Send you service-related communications (account verification, security alerts, updates)
Respond to your comments, questions, and support requests
Analyze usage patterns to improve our Service
Display contextual advertisements on free-tier accounts based on article topics (not personal information)
Detect, prevent, and address technical issues and security vulnerabilities
Comply with legal obligations
6. How We Share Your Information
We do not sell your personal information. We may share your information only in the following circumstances:

Service Providers: We share data with third-party vendors who help us operate the Service (hosting, payment processing, analytics). These providers are contractually bound to protect your data.
Advertising Partners: If you use a free-tier account, we may display contextual advertisements based on article topics (e.g., an article about cooking may show a cooking-related ad). We do NOT share your personal information, reading history, or saved articles with advertisers. Premium subscribers do not see ads.
AI Processing: Article content is processed by third-party AI service providers (including Anthropic, OpenAI, and xAI) to generate summaries. Your article content is transmitted to these providers solely for summary generation and is not used by Gistory to train AI models. These providers' use of data is governed by their respective privacy policies.
Content Reports: If you report an AI-generated summary, we collect the report reason, optional description, and associate it with the summary in question for review by our team.
Legal Requirements: We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
With Your Consent: We may share information for any other purpose with your explicit consent.
7. Advertising
We may display advertisements on the Service for users on free-tier accounts. Our advertising is contextual only, meaning ads are based on the topic of the article you are currently viewing, not on your personal information or behavior.

What we do:

Display ads related to the topic of the article you are reading (e.g., an article about travel may show travel-related ads)
Use third-party advertising networks to serve contextual ads
Provide an ad-free experience for Premium subscribers
What we do NOT do:

Share your personal information with advertisers
Share your saved articles or reading history with advertisers
Build advertising profiles based on your behavior
Use your Google account data for advertising purposes
Target ads based on your personal characteristics or browsing history
8. Data Security
We implement industry-standard security measures to protect your information, including:

Encryption of data in transit (TLS/SSL) and at rest
Secure password hashing using modern algorithms
Regular security audits and vulnerability assessments
Access controls limiting employee access to personal data
Secure cloud infrastructure with redundancy and backups
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
  1. Data Retention
    We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specifically:

Account Data: Retained until you delete your account
Saved Articles: Retained until you delete them or your account
Usage Logs: Retained for up to 90 days
Payment Records: Retained as required by tax and accounting laws (typically 7 years)
10. Your Rights and Choices
Depending on your location, you may have the following rights:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate personal information
Deletion: Request deletion of your personal information
Portability: Request your data in a portable format
Objection: Object to processing of your personal information
Restriction: Request restriction of processing in certain circumstances
Ad-Free Experience: Upgrade to Premium for an ad-free experience
To exercise these rights, please contact us at privacy@gistory.ai. We will respond to your request within 30 days.
  1. International Data Transfers
    Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from your country. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy, including standard contractual clauses approved by relevant authorities.
  2. Children's Privacy
    The Service is not intended for children under 13 years of age (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@gistory.ai, and we will delete such information.
  3. Third-Party Links
    The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.
  4. Changes to This Privacy Policy
    We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.
  5. Contact Us
    If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@gistory.ai
General Support: support@gistory.ai