Privacy Policy

Last updated: May 20, 2026

The Harold ("Harold," "we," "us," or "our") is a subscription audio news briefing service. We deliver your daily briefing by email, by SMS, or both — your choice. SMS is entirely optional and is not required to use The Harold. You can sign up and use the Service without ever providing a phone number, and you can opt out of SMS at any time. Consent to receive SMS is not a condition of purchase or of receiving the Service. We take your privacy seriously. This policy explains what information we collect, why, how we protect it, and — just as importantly — what we will never do with it.

1. Information We Collect

When you sign up:

Phone number (optional — only collected if you choose to receive your daily briefing by SMS. You can sign up email-only and skip this field entirely, or add a number later from your account. Providing a phone number, and consenting to SMS, is never a condition of using the Service.)
ZIP code (used to determine your metro area for local news and weather)
First name (optional, used for the personalized greeting on Premium)
Content preferences (which segments and topics you want to hear)

When you pay:

Stripe processes the payment. We never see or store your card number.
Stripe shares your email address with us at checkout. We store that email so we can send you your daily Harold briefing, billing receipts, and account messages. You can turn email delivery off in your account at any time.
Stripe may collect billing address and payment-method details under its own privacy policy.

When you listen to a briefing:

Episode access logs: which episode you opened, the time, your IP address, and your browser's user agent. We use these for delivery confirmation, fraud prevention on shared links, and debugging.
Your playback-speed preference (saved on your subscriber record so it persists across devices).

When someone listens to a briefing you've shared:

Visitor logs for the recipient: IP address, user agent, and an anonymous visitor cookie used purely to rate-limit free listens on shared links. No profiling, and the cookie is not used for advertising.

When you text us:

Inbound SMS keywords (STOP, START, CANCEL, etc.) and timestamps, so we can honor opt-outs and resumes.
Twilio message delivery metadata (status, error codes, attempt counts) for the messages we send you.

When you use the contact form:

Name, email address, phone (optional), and the message you send us.

Cookies and local storage in your browser:

harold_visitor cookie: anonymous ID used to rate-limit free listens on shared briefing links.
harold_phone and harold_signup_state in localStorage: used to keep you signed in to your account page and to resume signup if you navigate away mid-flow.
We do not use third-party advertising or analytics cookies.

Automatically (server logs):

Our hosting provider (Render) keeps standard request logs (IP, timestamp, request path) for security and debugging, with retention controlled by Render's platform defaults (typically about 7 days on our plan). Application-level access logs we store in our own database (playback log, share-listen log) are kept while your account is active and deleted with the rest of your data per the retention rules below.

2. How We Use Your Information

To deliver your daily audio briefing link by email (Resend) on every plan, and additionally by SMS (Twilio) on Premium.
To assemble your personalized briefing (Premium): your first-name greeting, your metro-local news segment, your selected topic segments.
To process your subscription, free trial, and any plan changes (Stripe).
To respond to support requests and to honor STOP/START keywords.
To monitor service quality, debug delivery issues, and prevent abuse of shared links.

We do not use your data to train AI models. We do not build advertising profiles. We do not sell, rent, lease, or trade your personal information to anyone, ever.

3. SMS Delivery (Optional)

SMS is optional and is not required to use The Harold. You can sign up and receive your daily briefing by email only, without ever providing a phone number. Consent to receive SMS is not a condition of purchase or of receiving the Service, and is collected through a separate, unchecked-by-default checkbox at signup that is independent of your acceptance of these Terms or the Privacy Policy.

If — and only if — you provide your phone number and tick the SMS consent checkbox at signup, you consent to receive automated SMS messages from The Harold via Twilio, including your daily briefing link and subscription-related messages (trial reminders, renewal notices, and occasional plan-upgrade or feature messages). Typical frequency: approximately 1 message per day. Standard message and data rates may apply. Reply STOP at any time to pause SMS delivery (your subscription remains active and email delivery continues); reply HELP for help. You can also disable SMS from your account page at any time without affecting your subscription.

4. Third Parties Who Process Your Data

We do not sell, rent, share, or trade your personal information to third parties for their own use. The only third parties who touch your data are service providers acting on our behalf, listed in full below:

Stripe — payment processing and subscription billing. Receives card details directly from you (we never see them), plus the email and billing information you provide at checkout.
Twilio — SMS delivery. Receives your phone number and the message content we send you.
Render — application hosting. Sees data in transit as it serves the site and runs our database.
Bunny.net (CDN) — delivers the audio MP3 files to your browser. Sees the IP address and user agent of listeners as a normal part of CDN operation. The audio files themselves are anonymous: the same segment MP3 is served to every listener, and any personalization (your name greeting, your metro local segment) is assembled in your browser at playback time.
Google (Gemini TTS via the Generative Language API) — receives anonymous news scripts and first names to generate audio. We do not send phone numbers, emails, IPs, or subscriber identifiers. Generated audio is automatically watermarked with Google's SynthID to identify it as AI-generated.
xAI (Grok) — receives anonymous prompts containing news context to generate the briefing scripts. No subscriber identity, phone, or email is sent. (We do not send any data to OpenAI. Although the xAI Chat Completions API uses the OpenAI wire format, all traffic is routed exclusively to xAI.)
GNews — receives our category search queries (e.g. "general," "business") to surface today's top headlines as input context for the briefing. No subscriber data is sent.
OpenWeatherMap — receives the representative ZIP code for each metro area to fetch daily weather. We do not send your personal ZIP code.
Ticketmaster — receives metro-area names to fetch upcoming local events. No subscriber data is sent.

We may disclose your information if compelled by valid legal process or to investigate threats to the safety, integrity, or security of our service.

5. What We Will Never Do

No advertising. There are no ads, sponsorships, sponsored segments, native advertising, affiliate links, or paid placements in The Harold — not in briefings, not on the website, not in SMS. We do not accept money to mention products, companies, or stories. Your subscription is our only revenue source.
No data sales. We do not sell or rent your information to anyone for any reason, including for monetary or other valuable consideration. This also serves as our "do not sell" notice under the California Consumer Privacy Act.
No cross-context behavioral advertising. We do not share your data with ad networks, data brokers, or marketing platforms, and we do not use your data to target advertising on other sites or services.
No AI training on your data. We do not use your personal data, listening history, or messages to train AI models — ours or anyone else's.
No marketing emails or texts beyond your subscription. The only messages you receive are your daily briefing link and account-related notifications. We don't run promotional blasts.

6. How We Source the News

This isn't strictly a privacy matter, but it's a core part of what we do with information, so we want to be transparent.

We do not employ reporters. We read coverage of today's news from a curated, politically-balanced set of outlets: wire services (AP, Reuters), centrist outlets (NPR, BBC, PBS NewsHour, ABC, CBS, NBC, USA Today), center-left (NYT, Washington Post, CNN, ProPublica, The Guardian), center-right (WSJ, Bloomberg, The Dispatch), right (Fox News, Washington Examiner, Free Beacon), and independents (Axios, RealClearPolitics, Tangle, Christian Science Monitor).
Our AI extracts what happened — the facts, the named sources, the verifiable record — and strips outlet-specific framing, emotional adjectives, and editorial commentary. We follow an explicit no-spin policy: neutral verbs, no loaded language, no taking sides on disputed facts, no editorializing.
When credible sources disagree, we present both positions rather than picking a winner.
We are not affiliated with, endorsed by, or sponsored by any news outlet. Original reporting belongs to its publishers; The Harold provides a transformative, fact-only audio summary.
AI generates the briefing scripts and AI generates the audio. We label our briefings as AI-generated, and where the TTS provider supports it (e.g., Google SynthID) the audio carries an embedded AI-generated watermark. Errors can occur; corrections are issued in the following day's briefing.

7. Data Retention

We retain your subscriber record while your account is active. After cancellation, we retain it for up to 90 days for customer service, billing-dispute resolution, and re-subscription purposes, after which we delete it.

Texting STOP pauses SMS delivery only. Your account, email delivery, and billing are unaffected — to cancel your subscription, use the contact form or your account page. Replying STOP does not delete your data; for immediate deletion, use the contact form and we will honor the request within 30 days.

8. Your Rights

Regardless of where you live, you may request access to, correction of, or deletion of your personal data at any time via the contact form. We will respond within 30 days.

California residents (CCPA/CPRA): You have the right to know what we collect, the right to delete, the right to correct, the right to opt out of "sale" or "sharing" of personal information (we do not engage in either — so there is nothing to opt out of), and the right not to be discriminated against for exercising these rights.

EU/UK residents (GDPR): You may exercise the rights of access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing is performance of our subscription contract with you, plus our legitimate interest in operating and securing the service.

9. Security

We use industry-standard security practices: HTTPS-only serving, encrypted database connections, parameterized SQL queries, signature-verified webhooks (Stripe and Twilio), and least-privilege API keys. Payment data is handled entirely by Stripe and never touches our servers.

10. Children's Privacy

The Harold is intended for adults and is not directed to children. We do not knowingly collect information from children under 13. If you believe a child has provided us information, contact us and we will delete it.

11. Changes to This Policy

We may update this policy from time to time. We'll post the updated version at this URL and update the "Last updated" date. Material changes will be flagged at the top of the page for 30 days. Continued use of the service after changes constitutes acceptance.

12. Contact

Questions about this policy, or want to exercise a data right? Use the contact form.