Tuesday, July 2025 Stories worth returning to.
Subscribe
Legal — Privacy

Privacy Policy

Effective Date: October 24, 2025

What Data We Collect and Why

We collect personal data necessary to operate Refly and provide our services. This includes:

  • Account Information: Name, email address, and payment details (when subscribing) are collected to manage your reader account and billing history.
  • Reading Activity: We use anonymized device identifiers and internal tracking to understand reading patterns, such as time spent on articles and which topics you engage with most. This helps us improve our editorial curation.
  • Communication Data: If you contact us via our support channels, we store your message and metadata (date, IP address) to resolve your inquiry.

Subscriber Data & Personalisation

When you subscribe to Refly, we use your personal data to deliver the content you requested. We do not sell your data to third parties. Instead, we employ your data internally for the following purposes:

Personalisation: Based on your reading history, we may occasionally suggest backlist articles or recommend related essays from our archive, ensuring you discover pieces that align with your intellectual interests.

Billing & Subscription Management: Your financial information is processed securely by Stripe to handle one-time payments and recurring subscriptions. We do not store your full credit card details; Stripe handles the secure transaction, and we only retain a hashed reference for record-keeping.

Third-Party Processors

Refly relies on trusted third-party services to facilitate our operations. These providers have access to your data only to perform specific tasks on our behalf and are obligated by contract to protect your information:

Stripe: Our payment processor. They process credit card transactions and are subject to the Payment Services Directive 2 (PSD2) standards for strong customer authentication and data security.

Google Analytics 4: We use Google Analytics to understand traffic sources and user behavior. This data is anonymized and aggregated; Google does not associate your IP address with your personal profile for reporting purposes.

We do not share your personal data with advertisers or marketing firms. Our revenue comes solely from reader subscriptions.

Cookies & Consent Management

We use cookies and similar tracking technologies to enhance your browsing experience. We categorize them as follows:

  • Essential Cookies: Required for the website to function. Without them, you cannot access the full content or manage your subscription.
  • Analytics Cookies: Help us analyze how visitors use our site, allowing us to improve site performance and content relevance.
  • Preference Cookies: Remember your choices, such as language preferences or display settings.

You can manage your cookie preferences through your browser settings. However, disabling essential cookies may impair the functionality of the site.

Your Rights Under the Law

Under the General Data Protection Regulation (GDPR) and other applicable privacy laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure (Right to be Forgotten): Request the deletion of your data, subject to certain exceptions where retention is required for legal or contractual reasons.
  • Portability: Receive your data in a structured, common format and transfer it to another controller.
  • Objection: Object to the processing of your data, including profiling for personalization purposes.

Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Subscription Records: Retained for the duration of your subscription plus one year thereafter for warranty and support purposes.
  • Financial Records: Retained for seven years in accordance with HMRC guidelines (for UK readers) or IRS regulations (for US readers).
  • Transactional Data: Deleted immediately once the specific interaction (e.g., a support ticket) is resolved.

If you cancel your subscription, your account data will be anonymized or deleted after the retention period expires, unless you choose to reactivate.

Contact: Data Protection Officer

If you have any questions about this Privacy Policy, data security, or would like to exercise your rights, please contact our Data Protection Officer directly:

Alex Mercer
Head of Trust & Safety