Gistlist

Privacy Policy

Gistlist, LLC (“Gistlist,” “Company,” “we,” “us,” or “our”) is committed to maintaining robust privacy protections for our users. This Privacy Policy (“Privacy Policy”) explains how we collect, use, and safeguard information when you use our Service and helps you make informed decisions.

For purposes of this Privacy Policy:

“Site” refers to the website located at https://gistlist.app/.

“Service” refers to the Site and any related apps, browser extensions, APIs, email addresses or routing endpoints, email processing and AI content generation (including digests, reports, and topic extraction), as well as real-time organization tools such as tags, sections, filters, and other generated outputs and features.

The terms “you” and “your” refer to you as a user of the Site or the Service.

By accessing the Site or using the Service, you accept this Privacy Policy and our Terms of Service (available at https://gistlist.app/terms), and you consent to our collection, storage, use, and disclosure of your information as described here.

I. INFORMATION WE COLLECT

We collect Personal Information and Non-Personal Information.

  • Personal Information means information that identifies or can reasonably be linked to an individual. This may include: name, email address, account credentials (hashed/passwordless tokens), connected-account identifiers, message headers and content you import, audio recordings you generate, support communications, and billing information (if you purchase a paid plan, processed by our payment provider).
  • Non-Personal Information means information that does not identify you, such as aggregated usage metrics, generalized location (e.g., country), device/browser data, and interactions with our Service.

1) Information collected via technology

To activate the Service you typically provide only an email address (and any authentication required by a third-party provider you connect, such as Google). As you use the Service, we (and service providers working on our behalf) automatically collect:

  • Device/Log Data: IP address, device type, operating system, browser type, referring/exit pages/URLs, date/time stamps, language, and crash/diagnostic logs.
  • Usage Data: feature usage, pages viewed, session lengths, and interactions (e.g., report generation events).
  • Cookies and Similar Technologies: We use cookies or similar technologies to operate, remember settings, keep you signed in, analyze performance, and improve the Service. Examples include: session authentication, A/B tests, and analytics. We may use both session cookies (expire when you close your browser) and persistent cookies (remain until deleted). You can usually set your browser to refuse cookies; some features may not function properly without them.

2) Information you provide us (accounts, content, support)

  • Account & Profile: email address, display name (if provided), and authentication details.
  • Connected Accounts (e.g., Gmail) & Newsletter Intake: If you connect a third-party account (a “Connected Account”) or forward/route newsletters or similar content to our routing addresses, you instruct us to access and process messages, attachments, headers, and related metadata as reasonably necessary to identify and ingest newsletters and generate your outputs. You can disconnect a Connected Account at any time through the provider’s settings.
  • Content & Outputs: content you submit (e.g., newsletters, emails, RSS items) and outputs we generate (e.g., written summaries, tags, audio files).
  • Communications & Support: information you provide when you contact us (including troubleshooting details and files you share).

3) Children’s Privacy

The Site and Service are not directed to anyone under 13. We do not knowingly collect Personal Information from children under 13. If we learn that we collected Personal Information from a child under 13 without verifiable parental consent, we will delete it. If you believe this happened, contact us at notifications@gistlist.co.

II. HOW WE USE AND SHARE INFORMATION

A. How we use Personal Information

We use Personal Information to:

  • Provide and operate the Service (including identifying newsletters, retrieving full text/media, generating written/audio outputs you request, and delivering them to you).
  • Maintain, protect, and improve the Service (including debugging, analytics, quality assurance, and model and feature improvements).
  • Authenticate and secure accounts, prevent fraud and abuse, and enforce our Terms.
  • Communicate with you (e.g., service notices, security alerts, responses to support requests).
  • Marketing (optional): if you opt in, send product updates, surveys, or promotions. You can opt out at any time (see Section IV).

B. Aggregated/De-identified Data

We may create de-identified and aggregated data derived from Personal Information and Service usage. We use this to analyze trends, improve and develop the Service, and for other lawful purposes. We will not attempt to re-identify such data.

C. How we share Personal Information

We do not sell your Personal Information and we do not share it for cross-context behavioral advertising. We share Personal Information only with:

  • Service Providers/Subprocessors: vendors that host, process, or support the Service (e.g., cloud hosting, email routing, AI inference, text-to-speech, analytics, payments). They may access Personal Information to perform services for us and under confidentiality obligations.
  • Affiliates/Corporate Transactions: to our corporate affiliates, or to a successor entity in connection with a merger, acquisition, or sale of assets.
  • Legal/Compliance: to comply with law, regulation, legal process, or enforceable governmental requests; to enforce our Terms; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of Gistlist, our users, or the public.
  • With Your Direction or Consent: for example, when you connect a third-party integration or explicitly request we share or publish certain outputs.

III. SPECIAL TERMS FOR GMAIL/GOOGLE DATA

If you connect Gmail, Gistlist’s access to and use of Gmail data will comply with the Google API Services User Data Policy (including the “Limited Use” requirements). In particular:

  • We do not use Gmail data to serve ads or to create advertising profiles.
  • We do not allow human access to Gmail data except as necessary to resolve a support or security issue, to comply with applicable law, or where you expressly consent.
  • We do not transfer Gmail data to third parties except as necessary to provide and improve the Service, to comply with law, or with your consent.
  • You can revoke our access to Gmail at any time via your Google account settings. Disconnecting prevents new access; it does not automatically delete already-imported content (see Data Retention & Deletion below).

IV. HOW WE PROTECT INFORMATION

We implement administrative, technical, and physical safeguards designed to protect your information against unauthorized access, disclosure, alteration, or destruction. These include access controls, encryption in transit, firewalls, and monitoring. No security program can guarantee 100% protection. You are responsible for safeguarding your account credentials and for logging out or revoking access when appropriate.

V. YOUR CHOICES AND RIGHTS

  • Disconnect Gmail / Manage Connected Accounts: revoke our access at any time in your Google account (or other provider) settings. Doing so may disable related features.
  • Access, Correction, Deletion: subject to applicable law, you may request access to, correction of, or deletion of your Personal Information. We will honor verifiable requests as required by law.
  • Marketing Opt-Out: you can opt out of marketing emails by using the unsubscribe link in each message or by adjusting your account settings. We may still send transactional or service messages (e.g., security alerts, policy updates).
  • Cookies/Tracking Controls: most browsers let you refuse or remove cookies; some features may not function properly without them.
  • Regional Rights: If you are in a jurisdiction with specific privacy rights (e.g., EEA/UK, certain U.S. states), you may have additional rights (access, deletion, correction, portability, restriction/objection). Contact notifications@gistlist.co to exercise these rights.

VI. DATA RETENTION & DELETION

  • Account & Service Data: we retain Personal Information for as long as needed to provide the Service and for legitimate business purposes (e.g., security, fraud prevention, legal compliance).
  • Imported Content (e.g., newsletters/emails) & Outputs: upon account deletion or Connected Account disconnection, we will cease accessing that Connected Account and will delete or de-identify imported content and related outputs from active systems within a reasonable time, subject to backup and legal retention obligations.
  • Backups: offline/backups are kept for a limited period and then purged on a rolling basis.
  • Aggregated/De-identified Data: we may retain and use de-identified/aggregated data as described above.

VII. LINKS & THIRD-PARTY SITES

The Service may contain links to third-party websites or services. Their privacy practices are governed by their own policies, not this Privacy Policy. We encourage you to review their privacy statements.

VIII. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Material changes will be notified via email (if available) and/or a prominent notice within the Service and will take effect 30 days after notice unless we specify a later date. Non-material changes take effect when posted. Please review this page periodically.

IX. CONTACT US

Questions or requests regarding this Privacy Policy or our data practices:

Email: notifications@gistlist.co

Mail: Gistlist, LLC, 2825 NW Shields Dr, Bend, OR 97703 USA

 

Last updated: October 24, 2025