Privacy Policy
Last updated: 2026-03-14
Effective date: 14 March 2026
Controller: Zero Ops Oy (Zero Ops Ltd) · Business ID 3606514-8 · Finland
Contact: privacy@editorinchief.io
1. Introduction and Scope
This Privacy Policy describes how Zero Ops Oy (Zero Ops Ltd), Business ID 3606514-8, a private limited company incorporated in Finland (“We”, “Us”, “Our”), collects, uses, and shares personal data when you use EditorInChief (“the Service”) at editorinchief.io, dashboard.editorinchief.io, api.editorinchief.io, and mcp.editorinchief.io.
This Policy applies to Operators — individuals and organisations who create accounts and use the Service. If you are a reader of a publication produced using EditorInChief and have a privacy question about that publication’s data practices, contact the publication operator directly.
EditorInChief is one of several services operated by Zero Ops Oy. The umbrella Privacy Policy at microcorp.dev/privacy provides additional context on group-wide processing. In the event of conflict between this Policy and the umbrella Policy for EditorInChief-specific processing, this Policy governs.
2. Data Controller
The data controller for all personal data processed by the EditorInChief Service is:
Zero Ops Oy (Zero Ops Ltd)
Business ID: 3606514-8
Incorporated in Finland
Email: privacy@editorinchief.io
A Data Protection Officer is not mandatorily required at our current scale of processing under GDPR Art. 37. All privacy enquiries should be directed to the contact above.
3. Data We Collect
3.1 Account and Identity Data
| Data | Source | Required? |
|---|---|---|
| Email address | You (at registration) | Yes |
| Name | You (optional) | No |
| Password (stored as bcrypt hash via Supabase Auth) | You (at registration) | Yes |
| Account plan and trial status | Derived from subscription events | System-managed |
Terms acceptance timestamp (terms_accepted_at) | Recorded at registration | Yes |
Age confirmation (age_confirmed) | Recorded at registration | Yes |
| Telegram chat ID | You (if you configure approval notifications) | No |
3.2 Service Configuration Data
Sites, Beats, Personas, Sources, editorial voice configurations, and API keys (stored as SHA-256 hashed values; the full key is shown only at creation time). This data is required to operate the editorial pipeline for your account.
3.3 Content Pipeline Data
| Data | Default retention | Notes |
|---|---|---|
| Content item titles and excerpts (≤ 300 words) | 90 days after skip or processed status | Full-text processed in memory only — see §5 |
| Generated article drafts, article targets, article versions | Account lifetime + 30 days | Including sub-editor notes |
| Stage transition audit log | 12 months | Append-only; used for pipeline debugging |
| ContentLog (deduplication ledger: source URLs, content hashes) | Account lifetime + 30 days | Used to prevent duplicate submissions |
3.4 Third-Party Data Encountered in the Pipeline
Source material ingested by the Service may incidentally contain references to real individuals — public figures mentioned in news articles, named individuals in release notes. These references are processed as part of content generation and may appear in:
content_items.excerpt(retained per §3.3)articles.sub_edit_noteswhere the Sub-Editor’s named-individual detection identifies a specific name — stored insub_edit_notesand accessible only via the authenticated article preview endpoint; never transmitted to Telegram or any third partyarticle_versions.generated_body(generation history)
This data is incidental to processing, is not used to profile third parties, and is subject to the same retention schedule as the article records to which it belongs.
3.5 Technical and Usage Data
| Data | Purpose | Retention |
|---|---|---|
| API key identifier (not the key itself), endpoint called, token count, timestamp | Rate limiting, plan enforcement, cost monitoring | 90 days |
| IP address | Security, abuse prevention | 30 days in logs; then anonymised |
| HTTP method, path, response status | Operational monitoring | 30 days |
| Browser User-Agent | Security, compatibility | 30 days |
3.6 Data We Do Not Collect
- Payment card information (handled exclusively by Paddle as Merchant of Record)
- Content from sources you have not configured in the Service
- Reader data from your publications (readers interact with your site, not with EditorInChief)
4. How We Use Your Data
We process personal data only for the purposes listed below. For each purpose we identify the applicable lawful basis under GDPR Art. 6.
| Purpose | Data categories | Lawful basis |
|---|---|---|
| Providing and operating the Service | Account data, configuration data, content pipeline data | Art. 6(1)(b) — Contract performance |
| Managing subscriptions and processing payments | Account data, Paddle subscription data | Art. 6(1)(b) — Contract; Art. 6(1)(c) — Legal obligation (Finnish Accounting Act) |
| Delivering Telegram approval notifications | Telegram chat ID, article preview content | Art. 6(1)(b) — Contract performance |
| Enforcing plan and rate limits | API usage metadata, article counts | Art. 6(1)(b) — Contract performance |
| Security monitoring, fraud detection, and abuse prevention | IP address, API usage metadata | Art. 6(1)(f) — Legitimate interests (security) |
| Sending transactional emails (trial warnings, subscription receipts, account notifications) | Account email | Art. 6(1)(b) — Contract performance |
| Debugging pipeline failures and operational monitoring | Stage transition logs, API usage logs | Art. 6(1)(f) — Legitimate interests (service reliability) |
| Complying with legal obligations | Account data, billing data | Art. 6(1)(c) — Legal obligation |
We do not use your Content Data to train AI models. Source material, article drafts, persona configurations, and editorial instructions you provide are processed solely to deliver the Service to you. They are not used to build, fine-tune, or benchmark any machine learning model, whether operated by Zero Ops Oy or any third party. This applies on all plan tiers.
5. Source Content: Full-Text Storage Policy
By default, the Service stores only the title and excerpt (≤ 300 words) of ingested source items. Full text of source articles is processed in memory for LLM evaluation and generation calls and then discarded — it is not written to the database.
Full text is stored persistently only if you set a full_text_license value on a Source record, indicating a legal authorisation basis:
| Value | Authorisation basis |
|---|---|
cc | Source published under a Creative Commons licence permitting storage |
api_terms | Source’s API terms explicitly permit full-text storage by authorised users |
operator_owned | You own or control the source content |
This design limits exposure under EU Copyright Directive Article 15 (press publishers’ right) and applicable laws on unauthorised computer access. The Service also respects robots.txt Disallow directives before fetching any URL.
6. Subprocessors and Data Sharing
We do not sell your personal data. We do not share personal data with third parties for their own marketing or advertising purposes.
We share personal data with the following subprocessors solely to the extent necessary to operate the Service:
| Subprocessor | Role | Data shared | Location |
|---|---|---|---|
| Cloudflare, Inc. | Infrastructure — Workers runtime, D1 database, R2 storage, CDN, DDoS protection | All data transits or is stored on Cloudflare infrastructure | USA (EU-US Data Privacy Framework participant) |
| Supabase, Inc. | User authentication and identity management | Account registration data, session tokens | EU region (eu-central-1) where available; DPF-certified for US-based infrastructure |
| Paddle.com Market Ltd | Merchant of Record — payment processing and subscription management | Account email, billing country, subscription data | United Kingdom (UK adequacy decision in force) |
| Telegram Messenger Inc. | Delivery of approval and notification messages via Telegram Bot API | Telegram chat ID (if configured) and approval message content | UAE / international infrastructure |
| Brevo (Sendinblue SAS) | Transactional email delivery | Account email address and message content | France / EU |
We may also disclose personal data to competent authorities, courts, or regulators where required by applicable law, or where necessary to protect the rights, safety, or property of Us, our Operators, or third parties.
Telegram data minimisation note. Named individuals detected in satire article Sub-Editor notes are stored in sub_edit_notes and accessible via the authenticated article preview only. They are not transmitted to Telegram. The Telegram message carries a category label only (e.g., “⚠️ Named individual detected: executive role”). You may opt out of Telegram notifications at any time in Account → Settings → Notifications, which ceases all personal data transfer to Telegram immediately.
7. International Transfers
Zero Ops Oy is incorporated in Finland and operates within the EEA. Where personal data is transferred to third countries:
- Transfers to Cloudflare and Supabase in the USA: EU-US Data Privacy Framework (Commission Implementing Decision (EU) 2023/1795) where processors are DPF-certified; Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) where DPF is not applicable.
- Transfers to Paddle.com Market Ltd in the UK: Commission adequacy decision for the UK, in force as of the effective date of this Policy.
- Transfers to Telegram: Standard Contractual Clauses.
- Brevo is EU-incorporated; no adequacy decision required for EEA transfers.
8. Data Retention
| Data category | Retention period | Basis |
|---|---|---|
| Account data (email, name, hashed credentials) | Account lifetime + 30 days after deletion | Contract performance |
| Site, Beat, Persona, Source configurations | Account lifetime + 30 days | Contract performance |
| Content item titles and excerpts | 90 days after skip or processed status | Legitimate interests (deduplication, audit) |
Full-text source content (where full_text_license is set) | Same as content items | Contract performance |
| Generated articles, targets, and versions | Account lifetime + 30 days | Contract performance |
| Stage transition audit log | 12 months | Legitimate interests (debugging, dispute resolution) |
| ContentLog (deduplication ledger) | Account lifetime + 30 days | Legitimate interests (deduplication) |
| API usage logs | 90 days (rolling) | Legitimate interests (abuse prevention, billing validation) |
| Security and access logs (IP address) | 30 days; then anonymised and retained 60 further days | Legitimate interests (security) |
| Billing records and transaction data | 7 years from transaction date | Legal obligation — Finnish Accounting Act (Kirjanpitolaki 1336/1997, Ch. 2 § 10) |
| API keys (hashed) | Until revoked or account deletion | Contract performance |
| Support correspondence | 3 years from last communication | Legitimate interests (service quality, legal defence) |
After account deletion: all account data is purged within 30 days. You may export all account data (configuration and articles) at any time, including while in trial-expired read-only state, via the authenticated export endpoint (GET /api/v1/export).
9. Your Rights
9.1 Rights Under GDPR (EEA and UK)
If you are located in the EEA or the United Kingdom, you have the following rights:
- Right of access (Art. 15): confirmation of processing and a copy of your personal data.
- Right to rectification (Art. 16): correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): deletion where the legal basis for processing no longer applies.
- Right to restriction (Art. 18): restriction of processing in specified circumstances.
- Right to data portability (Art. 20): your personal data in a structured, machine-readable format where processing is based on contract or consent.
- Right to object (Art. 21): to processing based on legitimate interests; we will cease unless we demonstrate compelling legitimate grounds.
- Right to withdraw consent (Art. 7(3)): where processing is consent-based, withdrawal at any time without affecting prior lawful processing.
- Right to lodge a complaint (Art. 77): with the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), PO Box 800, FI-00531 Helsinki, Finland, tietosuoja.fi — or with the supervisory authority of your country of habitual residence.
To exercise any of the above: email privacy@editorinchief.io. We respond within 30 days. We may need to verify your identity before fulfilling your request.
9.2 Rights for California Residents (CCPA / CPRA)
If you are a California consumer, you have the following additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:
- Right to know: categories of personal information collected, sources, purposes, and categories of third parties to whom it is disclosed.
- Right to delete: personal information we have collected, subject to certain exceptions.
- Right to correct: inaccurate personal information.
- Right to opt out of sale or sharing: We do not sell or share personal information for cross-context behavioural advertising. No opt-out mechanism is required.
- Right to limit use of sensitive personal information: we do not collect sensitive personal information beyond what is strictly necessary for account authentication.
- Right to non-discrimination: we will not discriminate for exercising any CCPA/CPRA right.
To exercise California rights: email privacy@editorinchief.io with “California Privacy Request” in the subject. We respond within 45 days.
10. Children’s Privacy
The Service is not directed to individuals under 16. We do not knowingly collect personal data from children under 16. Account creation requires affirmative confirmation of minimum age (age_confirmed checkbox — not pre-checked).
If you believe a child under 16 has created an account, contact privacy@editorinchief.io and we will delete the account promptly.
11. Security
We implement the following technical and organisational measures:
- TLS 1.3 for all data in transit.
- Encryption at rest for all data stored in Cloudflare D1 and R2.
- API keys stored as SHA-256 hashed values; full values displayed only at generation time.
- Passwords stored as bcrypt hashes via Supabase Auth; we never store plaintext passwords.
- Row-level user isolation in all database queries — no query returns data belonging to another operator’s account.
- Cloudflare Zero Trust protecting all internal administrative interfaces.
- Least-privilege principle applied to all service-to-service bindings.
- HMAC-SHA256 or token verification required on all inbound webhooks before any request processing.
If you discover a security vulnerability, contact privacy@editorinchief.io immediately.
12. Cookies and Tracking
The EditorInChief dashboard (dashboard.editorinchief.io) uses:
| Cookie | Purpose | Duration | Required? |
|---|---|---|---|
| Session authentication cookie (HttpOnly, Secure) | Authenticated dashboard session via Supabase Auth | Session / 7 days | Yes — functional |
| CSRF token cookie | Cross-site request forgery protection | Session | Yes — functional |
Cloudflare cookies (_cf_bm, cf_clearance) | Bot management and DDoS protection | 30 min / 24h | Yes — functional |
We do not use advertising cookies, analytics pixels, or cross-site tracking. The marketing site (editorinchief.io) does not set any cookies unless you initiate an authenticated session.
13. Changes to This Policy
We may update this Policy at any time. For material changes — those that affect how we process your personal data in a manner adverse to you — we will provide at least 30 days’ advance notice via email to the address associated with your account before the change takes effect. Continued use after the notice period constitutes acceptance.
14. Contact and Supervisory Authority
Privacy Contact
Zero Ops Oy (Zero Ops Ltd)
Business ID: 3606514-8
Email: privacy@editorinchief.io
Finnish Supervisory Authority
Office of the Data Protection Ombudsman
(Tietosuojavaltuutetun toimisto)
PO Box 800, FI-00531 Helsinki, Finland
tietosuoja.fi
This Privacy Policy was last updated on 14 March 2026.