Skip to content
Skip to content
ShiftReadBack to home

Legal

Privacy Policy

This Privacy Policy explains what personal data ShiftRead processes, why we process it, how long we keep it, and the rights available to you under laws including the GDPR.

Quick facts

  • ShiftRead is the controller for the personal data described in this policy.
  • We do not sell your personal data.
  • If the GDPR applies, you may request access, correction, deletion, restriction, objection, or portability.
  • ShiftRead may rely on lawful safeguards when personal data is transferred internationally.
Last updatedMarch 22, 2026
On this page

1. Who controls your information

ShiftRead is the controller for the personal data described in this Privacy Policy when we decide how and why that data is processed for the service.

If you have privacy questions, GDPR requests, or complaints about how your data is handled, contact ShiftRead at [email protected].

2. Personal data we collect

We collect personal data you provide directly, data created as you use the service, and limited technical data needed to keep the service secure and reliable.

  • Account data, such as your email address, password hash, email-verification status, and optional Google profile details used for sign-in.
  • Service data, such as imported URLs, saved articles, normalized article content, library state, reader preferences, and reading-progress session data.
  • Security and device data, such as session identifiers, browser metadata, locale preference, request IP information used for abuse prevention, and operational logs.
  • Communication data, such as password-reset or verification requests and support messages you send us.

3. How we use personal data

We use personal data only for product, security, and operational purposes related to ShiftRead.

  • Create and manage your account, authenticate sign-in, and maintain active sessions.
  • Import, normalize, store, and render reading content inside your private library and reader workspace.
  • Remember preferences such as language, theme, and reading defaults.
  • Send transactional emails for verification, password recovery, and important account notices.
  • Prevent abuse, investigate incidents, enforce our Terms, and protect the service and other users.
  • Debug, maintain, back up, and improve ShiftRead.

4. GDPR legal bases

If the GDPR or similar laws apply to your data, we rely on the following legal bases depending on the context.

  • Performance of a contract: to provide the ShiftRead service you request, including accounts, imports, library access, and reader functionality.
  • Legitimate interests: to secure the service, prevent fraud, maintain backups, troubleshoot bugs, and improve reliability and product quality.
  • Legal obligation: where we must keep, disclose, or use data to comply with law, lawful requests, or regulatory requirements.
  • Consent: where a feature specifically asks for consent and applicable law requires it. You can withdraw consent for that feature going forward.

5. Cookies and similar technologies

ShiftRead currently uses a small set of first-party cookies and similar storage for core product functionality.

  • shiftread-session: an essential authentication cookie used to keep signed-in users logged in and protect private routes.
  • NEXT_LOCALE: a preference cookie used to remember whether you prefer English or Indonesian.
  • We do not currently use third-party advertising cookies on the ShiftRead product.

6. When we share personal data

We do not sell your personal data. We share personal data only with processors and recipients that need it to help us operate ShiftRead or when disclosure is legally required.

  • Google, if you choose Google sign-in, to authenticate your identity and retrieve basic profile data needed for login.
  • Resend, to deliver verification emails, password-reset emails, and other transactional account messages.
  • Infrastructure, hosting, database, and security providers that process data on our behalf under confidentiality and security obligations.
  • Courts, regulators, law enforcement, or other parties when we reasonably believe disclosure is required to comply with law or protect rights, safety, and security.

7. International transfers

ShiftRead and some of our service providers may process data in countries other than the country where you live. Those countries may have data-protection laws that differ from your local laws.

When we transfer personal data internationally, we aim to use appropriate safeguards, such as contractual commitments, provider security commitments, and other lawful transfer mechanisms available under applicable law.

8. Data retention

We keep personal data only for as long as it is reasonably needed for the purposes described in this policy, unless a longer period is required by law.

  • Account, library, and reader data are generally kept while your account remains active and for a limited period afterward as needed for backups, legal compliance, or dispute resolution.
  • Session cookies may remain active for up to 30 days unless you sign out sooner or the session is revoked.
  • Email verification codes expire after about 15 minutes, and password-reset links expire after about 60 minutes.
  • Associated request records, security logs, and cooldown data may be retained longer where reasonably necessary for fraud prevention, abuse detection, and system integrity.

9. Your privacy rights

Depending on where you live, you may have rights over your personal data.

For GDPR and similar requests, contact us at [email protected]. We may need to verify your identity before acting on a request, and we aim to respond within the time required by applicable law.

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data, subject to legal or security exceptions.
  • Object to or request restriction of certain processing.
  • Request a portable copy of data you provided where the law grants that right.
  • Withdraw consent for consent-based processing going forward.
  • Lodge a complaint with your local data-protection authority if you believe your rights have been violated.

10. Security

We use reasonable administrative, technical, and organizational measures designed to protect personal data, including access controls, hashing for sensitive authentication secrets, and security-focused operational safeguards.

No service is perfectly secure, so we cannot guarantee absolute security. You should also help protect your account by using a strong password and safeguarding your devices.

11. Automated decision-making

ShiftRead does not use solely automated decision-making or profiling that produces legal effects or similarly significant effects about you.

12. Children's privacy

ShiftRead is not directed to children under 16, and we do not knowingly collect personal data from children under 16.

If you believe a child under 16 provided personal data to ShiftRead without appropriate authorization, contact us and we will investigate and take appropriate action, including deleting the data.

13. Data breach notification

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours.

If the breach is likely to result in a high risk to you, we will also notify you directly, unless doing so would require disproportionate effort, in which case we will use a public communication or similar measure.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the product, legal requirements, or our processing practices.

When we update it, we will post the revised version here and update the last updated date. If the changes are material, we may also provide additional notice inside the product or by email.