Privacy Policy

Last Updated: October 17, 2025

At GistNow, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service. We are committed to transparency and giving you control over your data.

1. Information We Collect

1.1 Account Information

When you sign up for GistNow using Google OAuth, we collect:

• Google ID: A unique identifier from your Google account
• Email address: Used for account identification, authentication, and sending you weekly digests (if enabled)
• Account timestamps: When your account was created and last updated

1.2 Chrome Extension Data Collection

If you install the GistNow Chrome extension, it collects and sends the following data to our servers:

• URLs of web pages: The addresses of articles and web pages you visit or explicitly save
• Page content: The text content and structure of web pages you capture
• Your authentication token: To associate saved content with your account

Browser Permissions: The Chrome extension requires certain permissions to function:

• activeTab: To access the current tab's URL and content when you click the extension icon
• storage: To securely store your authentication token locally in your browser

Important: The extension ONLY sends data to GistNow servers when you explicitly capture an article. We do NOT track your browsing history, monitor all websites you visit, or share your data with third parties. The extension only accesses pages you actively save.

1.3 Content You Save

When you capture articles using GistNow (via the Chrome extension, manual URL entry, or API), we store:

• Article URLs: The web addresses of articles you save
• Article titles and full text: Extracted from the web pages you capture
• AI-generated summaries: Concise summaries created by our AI service
• Search embeddings: Mathematical representations of your content to enable semantic search
• Capture timestamps: When each article was saved

1.4 Usage Information

• Subscription plan: Whether you're on a free or pro plan
• Monthly usage counts: To enforce plan limits and prevent abuse
• Email preferences: Whether you've opted in to weekly digest emails

1.5 Payment Information

If you subscribe to our Pro plan, we collect:

• Razorpay customer and subscription IDs: To manage your subscription
• Payment information: Processed securely by Razorpay (we do NOT store credit card details)

1.6 Analytics Data

We use Google Analytics 4 to understand how users interact with GistNow. This includes:

• Page views and navigation patterns
• General device and browser information
• Anonymized usage statistics

Google Analytics uses cookies to collect this data. You can opt out using browser extensions or your browser's privacy settings.

2. How We Use Your Information

We use your information solely to provide, maintain, and improve GistNow:

• Authentication: To verify your identity and secure your account
• Core functionality: To extract, summarize, store, and enable searching of your saved articles
• Weekly digests: To send you email summaries of your recent activity (only if you've opted in)
• Payment processing: To manage subscriptions and billing for Pro users
• Service improvement: To understand usage patterns and improve our features
• Security: To detect and prevent fraud, abuse, and security incidents
• Legal compliance: To comply with applicable laws and regulations

3. How We Share Your Information

We only share your data with trusted third-party services that are essential to GistNow's functionality:

3.1 Google Services

• Google OAuth: For secure authentication (processes your Google ID and email)
• Google Generative AI (Gemini): For generating article summaries and embeddings (processes article content only, not your personal information)

3.2 Razorpay

• Purpose: Payment processing for Pro subscriptions
• Data shared: Email address, subscription details, and payment information
• Privacy: Razorpay is PCI DSS compliant and handles all sensitive payment data

3.3 Resend

• Purpose: Sending weekly digest emails
• Data shared: Your email address and digest content
• Control: You can opt out anytime from your dashboard or via unsubscribe links

3.4 Vercel

• Purpose: Hosting and infrastructure
• Data: Server logs and technical data for service reliability

3.5 Google Analytics

• Purpose: Understanding aggregate usage patterns
• Data: Anonymized analytics and behavior data
• Control: You can opt out using browser settings or extensions

4. Data Storage & Security

4.1 Where We Store Your Data

Your data is stored securely in a PostgreSQL database hosted on cloud infrastructure. We use industry-standard security practices to protect your information.

4.2 Security Measures

• Encryption in transit: All data transmitted to and from GistNow uses HTTPS/TLS encryption
• Encryption at rest: Database connections are encrypted
• Authentication: JWT tokens with short expiration times (15 minutes) to minimize risk
• Secure password handling: We never store passwords (Google OAuth handles authentication)
• Security headers: Content Security Policy, X-Frame-Options, and other headers to prevent attacks
• Input validation: All user inputs are validated and sanitized using Zod schemas
• Rate limiting: Protection against brute force attacks and abuse
• Parameterized queries: Protection against SQL injection attacks

4.3 Access Controls

Access to your data is strictly controlled. Only authorized personnel have access to production systems, and all access is logged for security auditing purposes.

5. Your Rights & Choices

5.1 Access Your Data

You can view all your saved articles and account information anytime from your dashboard.

5.2 Delete Your Data

You have the right to delete your data:

• Individual articles: Delete any article from your dashboard
• Your entire account: Contact us to permanently delete your account and all associated data

5.3 Email Preferences

• Opt out: Disable weekly digests from your dashboard or click "unsubscribe" in any digest email
• Opt in: Re-enable digests anytime from your preferences

5.4 Export Your Data

While we don't currently offer an automated export feature, you can request a copy of your data by contacting us. We'll provide your data in a machine-readable format.

5.5 Correct Your Data

If any of your account information is incorrect, you can update your email preferences or contact us for assistance.

6. Data Retention

• Active accounts: We retain your data for as long as your account is active
• Deleted articles: Permanently removed from our systems immediately
• Deleted accounts: All data associated with deleted accounts is permanently removed within 30 days
• Backups: Data may persist in encrypted backups for up to 30 days for disaster recovery purposes
• Legal requirements: We may retain certain information if required by law or to resolve disputes

7. Cookies & Tracking Technologies

7.1 Essential Cookies

We use JWT tokens stored in httpOnly, secure cookies for authentication. These are necessary for the service to function and cannot be disabled.

7.2 Analytics Cookies

Google Analytics uses cookies to track usage. You can disable these through browser settings or extensions without affecting GistNow functionality.

7.3 No Third-Party Advertising Cookies

We do not use cookies for advertising or marketing purposes.

8. Children's Privacy

GistNow is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information from our systems.

9. International Users & Data Transfers

GistNow is operated from and our servers are located in cloud infrastructure that may be distributed globally. If you are accessing GistNow from outside the region where our servers are located, your information may be transferred to, stored, and processed in different countries.

By using GistNow, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

9.1 GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

To exercise these rights, please contact us using the information below.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will notify you via email or a notice on our website
• Your continued use of GistNow after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

11. Third-Party Links & Services

GistNow allows you to save and access articles from third-party websites. This Privacy Policy applies only to GistNow. We are not responsible for the privacy practices of websites you access through saved links. We encourage you to review the privacy policies of those sites.

Chrome Web Store: If you download our Chrome extension from the Chrome Web Store, Google's privacy policies and terms of service also apply to that download and installation process. Once installed, the extension operates according to this Privacy Policy.

12. Business Transfers

If GistNow is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal information, as well as any choices you may have regarding your information.

13. Legal Disclosure

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or subpoena), or to:

• Comply with legal obligations
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users or the public
• Protect against legal liability

14. Your California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we've collected
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights

To exercise these rights, please contact us using the information below.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: gistnaavnow@gmail.com
Website: https://gistnow.app

We will respond to your inquiry within 30 days.