We take your privacy very seriously. We are not in the business of selling or monetizing your data in any way.
1. Feed Services
In order to do its job, Unread needs to interact with your feed service account. That interaction is subject to the privacy policies of your feed services:
Unread stores your feed service account credentials securely in the iOS Keychain. With the exception of Fever, Unread uses HTTPS exclusively to communicate with feed services. Unread will use HTTPS exclusively to communicate with Fever unless the customer adds the account with an HTTP URL.
1a. Web-based Login
Feedly, Inoreader, and NewsBlur have OAuth 2.0 web-based login processes.
Unread facilitates each web-based login process by opening a Safari View Controller. Unread ensures that the initial URL for the Safari View Controller is an HTTPS URL. Beyond that, Unread has no way to ensure that the entire login process happens via HTTPS.
The Unread Redirect URLs for Inoreader and NewsBlur point to a web site under our control. This can result in an authorization code being transmitted to our web server at the end of the login process, but Unread uses Universal Links to avoid this under most circumstances. Our web servers only use the authorization code to send it back to the Unread app. Our web servers are configured to exclude OAuth redirect requests from access logs.
Feedly supports Redirect URLs with custom URL schemes. Therefore Feedly authorization codes are never transmitted to our web servers.
2. The Unread Web Service
We maintain an Unread web service in order to send important announcements to our customers and to gather anonymized analytics. Communication with this web service takes place exclusively via HTTPS. Unread uses public key pinning to validate the authenticity of this web service.
Unread checks the web service no more than once every 24 hours to look for important announcements related to the app. Unread does not transmit any information about the user or the user's use of the app when checking for announcements.
Unread sends anonymous usage information to the Unread Web Service for the sole purpose of prioritizing improvements to the app. Usage information that Unread sends includes:
- Settings, such as whether “Mark Read on Open” is enabled
- Whether you use certain features of the app
- Which feed services you use
- The volume of data that Unread is storing on the device such as the number of accounts, number of articles, and number of feeds
Unread does not send any of the following information:
- Account credentials or any account information except for which feed services you use
- The URL of your self-hosted feed service
- Information about feeds to which you subscribe or articles that you read
The Unread Web Service only stores aggregated analytics report data. It does not store individual analytics reports from devices.
3. Crash Reporting
4. Email Exchanged with Golden Hill Software
5. Beyond this Product
We log all requests to our company website. We may use third party analytics services and third party content delivery services on our website.
6. Sharing of Data
We are a United States company. When legally required to do so, we will provide information to government authorities. Beyond that, we will never share your data. We make a point of minimizing the amount of customer information we have.
7. Changes to this Policy
Future versions of Unread may require an update to this policy. Any changes will be noted on the Golden Hill Software blog.
- First version: August 2, 2017
- Added the Crash Reporting section when incorporating HockeyApp: November 7, 2017
- Added support for Inoreader: February 21, 2018