Privacy Policy

Last updated: June 28, 2026

Our Commitment

OrganicRSS is built on a simple principle: your reading experience is yours alone. We do not track your behavior, sell your data, or use algorithms to manipulate what you see. This policy explains exactly what data we collect, why, and how we protect it.

Data We Collect

Account Information

When you create an account, we store your name, email address, and a securely hashed version of your password. If you sign in with a third-party provider (Google, GitHub, or Microsoft), we store the provider's account identifier and associated email.

Reading Preferences & Subscriptions

We store your feed subscriptions, folder organization, read/saved article status, and display preferences (theme, font size, dark mode).

Session Information

For security purposes, we record the browser type and host of each active login session. This allows you to view and revoke individual sessions from your settings.

Cookies & Local Storage

We only use cookies that are strictly necessary for the application to function. We do not use any tracking, analytics, or advertising cookies.

NamePurposeDurationType
authTokenKeeps you logged in30 minutesEssential
refreshTokenRenews your session automatically30 daysEssential
sidebar:stateRemembers sidebar open/closed preference7 daysFunctional

We also use your browser's local storage to remember your sidebar width preference and whether you've dismissed the cookie notice. No data from local storage is sent to our servers.

How We Protect Your Data

  • Passwords are hashed using bcrypt and never stored in plain text.
  • Authentication cookies are HTTP-only and secure, preventing access from JavaScript and ensuring encrypted transmission.
  • We never sell your data or share it for advertising. We only share data with the service providers needed to operate OrganicRSS, as listed below.
  • All communication between your browser and our servers is encrypted via HTTPS.

Where Your Data Is Stored & Third Parties

Hosting & Storage Location

OrganicRSS is hosted on servers operated by Hetzner Online GmbH in Germany. Your data, including database backups, is stored within the European Union (EU/EEA) and is not transferred outside the EU/EEA by us.

Service Providers (Sub-processors)

We share the minimum data necessary with the following providers to operate the service:

  • Hetzner Online GmbH (Germany, EU) — hosting and encrypted backup storage.
  • Google, GitHub (Microsoft), and Microsoft — only if you choose to sign in with one of these providers. Doing so exchanges your account identifier and email with that provider, and may involve transferring data to the United States under the provider's own safeguards (such as Standard Contractual Clauses or the EU–US Data Privacy Framework). You can avoid this by registering with an email and password instead.

Your Rights

  • Access: You can view all data associated with your account through the application.
  • Export: You can export your feed subscriptions at any time via OPML export.
  • Deletion: You can permanently delete your account and all associated data from the settings page. Deletion takes effect immediately for sign-in purposes; full erasure happens after a 30-day grace period.
  • Sessions: You can view and revoke active login sessions from your settings at any time.

Contact

If you have any questions about this privacy policy or your data, please contact us at hello@organicrss.com.

OrganicRSS - Information on your terms