Last updated: April 12, 2026

Privacy Policy

HushRead ("HushRead", "we", "our", "us")

This Privacy Policy explains how we collect, use, store, and protect information when you visit our website at hushread.app, use our Chrome Extension, use our mobile app, or interact with our backend service (collectively, the "Service").

By using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

Account information

HushRead supports Sign in with Google and Sign in with Apple (on the mobile app). When you sign in, we receive:

Full name (Apple Sign-In may omit this after the first login)
Email address (Apple users may provide a private relay address if they choose to hide their real email)
Profile photo (Google Sign-In only)

We do not store your Google or Apple password.

Article content

When you read or process an article via the Chrome Extension or mobile app, we temporarily process the article text, title, and URL. This content is handled in memory only and immediately discarded after processing. It is never stored persistently, indexed, analyzed, or used for any purpose beyond generating your reading session or EPUB file.

Usage data

We collect operational metadata necessary to run the Service:

Article titles
Processing timestamps
Translation language selections
Job status logs
Error messages

This helps us monitor service health and improve quality.

Automatically collected data

We collect:

IP address (anonymized)
Browser type and version
Operating system
Pages visited
Referral source

We use Google Analytics (GA4) for website analytics and PostHog for in-app product analytics on the mobile app.

2. Chrome Extension — Permissions & Data Handling

What the extension does

The HushRead Chrome Extension adds a button to your browser toolbar. When you click the button on a web page, the extension:

Reads the content of the current tab (article text, title, and URL)
Sends that content over HTTPS to the HushRead backend for processing
Returns a confirmation once processing is complete

Permissions requested

activeTab

Access the content of the tab you are currently viewing, only when you click the HushRead button. No access to background tabs or tabs you haven't activated.

storage

Store your API key and user preferences locally on your device so you remain authenticated between sessions. This data never leaves your device except to authenticate requests to hushread.app.

Authentication — API key, not cookies

The extension authenticates using a personal API key generated from your HushRead account dashboard. It is stored in Chrome's local extension storage and sent with requests to hushread.app over HTTPS. The extension does not read or set browser cookies from any site.

What the extension does NOT do

No background monitoring — the extension is completely inactive until you click it
No browsing history tracking — we never log which pages you visit
No script injection into pages you browse
No cross-tab access — only the active tab at the moment you click
No cookie access — no cookies are read from any website
No data collection from websites other than what you explicitly send

Extension updates

The extension auto-updates via the Chrome Web Store. Any changes to permissions will be noted in our Changelog before the update is published.

3. Mobile App — Data Handling

What the mobile app does

The HushRead mobile app is available on iOS. It provides in-app reading with tap-to-reveal paragraph translation and an AI contextual glossary — allowing you to read articles in your target language and get help exactly when you need it.

Authentication — tokens, not cookies

The mobile app authenticates via Sign in with Google or Sign in with Apple. Sessions are maintained using a secure token stored in the device's local storage. No browser cookies are used.

Data the mobile app accesses

The mobile app accesses only the data you explicitly share with it — article URLs you choose to read. It does not access your contacts, camera, microphone, or location.

Subscription management

Subscriptions are managed through RevenueCat, which processes your subscription status and purchase events via Apple's App Store. RevenueCat receives anonymized purchase data necessary to validate and manage your plan. No payment card details are processed by HushRead or RevenueCat directly — all payment handling is done by Apple.

Apple EULA

By downloading and using the HushRead iOS app from the App Store, you are also subject to Apple's Standard End User License Agreement (EULA): apple.com/legal/internet-services/itunes/dev/stdeula.

Account deletion on mobile

You can request account deletion directly from the mobile app settings. When you submit a deletion request, your account is flagged and will be permanently deleted within 30 days. If you log back in before the 30 days expire, the deletion request is automatically cancelled and your account continues normally. See also sections 7 and 10.

4. Information We Do NOT Collect

The following data is never stored, sold, or shared:

Reading history

No persistent log of articles you have read
Job records store only metadata (titles, timestamps)
Automatically deleted after 30 days

Translation content

Discarded after processing
Not used to train AI models

Browsing activity

The Chrome Extension activates only when you click it
No background page monitoring, history tracking, or script injection
No data collected from any website other than what you explicitly send to us

5. How We Use Your Information

Operate the Service: process articles, provide translations and glossary, manage accounts and quotas
Communicate: account notifications, service updates, support responses
Improve the product: analyze aggregate, anonymized usage patterns
Enforce terms: detect abuse, enforce rate limits, prevent misuse

6. Third-Party Services

We use the following third-party services:

OpenAI

AI-powered translation and article analysis. Article text is sent temporarily for processing and discarded. Data is not used to train OpenAI models.

Google Sign-In

Authentication only. We receive your name, email, and profile photo from Google when you sign in. Governed by Google's Privacy Policy.

Apple Sign-In

Authentication on the mobile app. We receive your name and email address (or a private relay address if you choose) from Apple when you sign in. Governed by Apple's Privacy Policy.

RevenueCat

Subscription management for the iOS app. RevenueCat processes anonymized purchase events and subscription status via Apple's App Store. No payment card data is handled by RevenueCat or HushRead directly. Governed by RevenueCat's Privacy Policy.

PostHog

Product analytics for the mobile app. Collects anonymized in-app usage events (e.g. screens visited, features used) to help us understand how the app is being used and improve the product. No article content or personal reading data is sent to PostHog. Governed by PostHog's Privacy Policy.

Google Analytics (GA4)

Anonymous, aggregated usage analytics for the hushread.app website.

Sentry

Error monitoring and crash reporting. Receives error logs and stack traces — no article content or personal reading data.

We do not sell or share personal data for advertising or marketing.

7. Data Retention

Data type	Retention
Article content	Deleted immediately after processing
Job metadata (titles, timestamps)	30 days, then automatically deleted
Account data	Kept while account is active
PostHog analytics events	Up to 12 months
GA4 analytics data	Up to 14 months (GA4 default)

Account deletion: When you request deletion (via the mobile app or by contacting us), your account is flagged and data is permanently removed within 30 days. If you log back in during this 30-day window, the deletion is automatically cancelled and your account is fully restored.

8. Data Security

We implement reasonable safeguards:

TLS/HTTPS encryption for all data in transit
API keys hashed with industry-standard algorithms — never stored in plaintext
Restricted database access with least-privilege principles
Isolated processing for article handling
No persistent storage of article content

No system is 100% secure. Absolute security cannot be guaranteed.

9. Cookies

Website (hushread.app)

We use only:

Essential cookies — session management for authenticated users
Analytics cookies — Google Analytics (GA4) for anonymous, aggregated traffic data

We do not use advertising cookies, retargeting cookies, tracking pixels, or cross-site trackers.

You can opt out of Google Analytics via Google's browser add-on.

Chrome Extension

The extension does not use or access cookies from any website. It authenticates exclusively via an API key stored in Chrome's local extension storage.

Mobile App

The mobile app does not use browser cookies. Authentication is handled via a secure session token stored in the device's local storage.

10. Your Rights

You have the right to:

Access your data
Correct inaccurate information
Delete your account and data — request this in the mobile app settings, or by contacting us
Export your data
Withdraw consent at any time

Contact: [email protected] — we respond within 30 days.

11. Children's Privacy

HushRead is not intended for users under 13. We do not knowingly collect data from children. If we detect an account belonging to a child under 13, the data will be deleted promptly.

12. International Data Transfers & GDPR

Data transfers

HushRead is a global service. Your data may be processed in countries where our servers or third-party service providers (OpenAI, Google, Apple, RevenueCat, PostHog, Sentry) operate. When data is transferred outside the European Economic Area (EEA) or United Kingdom, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission.

Legal bases for processing (EEA & UK users)

Under the General Data Protection Regulation (GDPR) and UK GDPR, we process your personal data on the following legal bases:

Contract performance (Art. 6(1)(b)) — processing necessary to provide the Service you signed up for: account management, article translation, and in-app reading
Legitimate interests (Art. 6(1)(f)) — service security, error monitoring, abuse prevention, and aggregate usage analytics; these interests do not override your fundamental rights
Consent (Art. 6(1)(a)) — analytics cookies (Google Analytics GA4) and PostHog product analytics; you may withdraw consent at any time without affecting the lawfulness of prior processing

Your rights under GDPR / UK GDPR

If you are located in the EEA or UK, you have the right to:

Access (Art. 15) — request a copy of your personal data
Rectification (Art. 16) — correct inaccurate or incomplete data
Erasure (Art. 17) — request deletion of your data ("right to be forgotten")
Restriction (Art. 18) — request that we limit how we process your data
Portability (Art. 20) — receive your data in a structured, machine-readable format
Objection (Art. 21) — object to processing based on legitimate interests
Withdraw consent — at any time, where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local Data Protection Authority.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or the Service. The "Last updated" date at the top of this page reflects the latest revision.

14. Contact

Email: [email protected]
Website: hushread.app