Privacy Policy for Kiwi News

Last updated: 2025-03-31

1. Introduction

This Privacy Policy outlines how Kiwi News collects, uses, and protects your information when you use our service. We are committed to protecting your privacy in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Data Controller

Kiwi News is operated by Tim Daubenschütz, who serves as the Data Controller for your personal data.

Contact: tim@daubenschuetz.de

3. Information We Collect

3.1. Analytics Data

We use the following analytics services:

  • Google Analytics: We collect data such as browsing patterns, device information, and location data to analyze usage and improve our service. For details, seeGoogle's privacy policy.
  • PostHog: We use PostHog to track user interactions with our platform. For details, seePostHog's privacy policy.

3.2. Blockchain and Web3 Data

  • Ethereum Addresses: We process wallet addresses to enable blockchain-related features and provide access to certain content.
  • ENS Data: We retrieve and cache Ethereum Name Service (ENS) data including names, avatars, and profile information.
  • Farcaster Data: We fetch Farcaster profile information through ENS data integration to enhance user profiles.
  • Lens Protocol Data: We retrieve Lens Protocol profile data to display in our user interface.
  • NFT Data: We record NFT minting information through our built-in minting functionality to grant access to features.

3.3. Technical Data

  • Cookies: We use cookies to store user identity and track update timestamps. These are necessary for the proper functioning of our service.
  • Local Storage Data: We store authentication information and user preferences in your browser's local storage.
  • Usage Fingerprinting: We use a privacy-preserving method to count unique interactions with content (such as clicks and impressions). This helps us measure content performance and prevent manipulation of rankings. This method is designed to maintain anonymity—we cannot identify which specific user interacted with which content, and we only store anonymized aggregate statistics.

3.4. Communication Data

  • Transactional Emails: We use Postmark to send transactional emails, such as notifications and account-related messages. Postmark retains email content and metadata for 45 days, after which it is removed from their system. For more information, seePostmark's privacy policy.
  • Marketing Emails: If you subscribe to email notifications, we collect your email address. We use Paragraph for managing certain communications. See theirprivacy policyfor details.
  • Push Notifications: We store subscription information to send web push notifications if you opt in.
  • Telegram Integration: If you choose to connect with Telegram, we process authentication data to generate invitation links.

3.5. Image Data

We use Cloudflare Images for image uploads and storage. When you upload images to our platform, they are stored on Cloudflare's infrastructure. See Cloudflare'sprivacy policyfor details.

3.6. Mobile App Data

Our iOS app may collect additional device information required for app functionality. Apple's App Store and TestFlight may collect usage data according toApple's privacy policy.

4. Peer-to-Peer Network and Content Distribution

Content submitted to our platform is distributed through a peer-to-peer network as cryptographically signed messages. Please be aware that:

  • Content posted on the platform is public by design
  • Messages are cryptographically signed with your wallet
  • Content is distributed across a network of nodes
  • Due to the decentralized nature of the system, complete deletion of this content may not be technically possible

5. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide you with our service.
  • Consent: Where you have given explicit consent, such as for analytics or newsletters.
  • Legitimate Interest: Where we have a legitimate interest in processing data to operate, improve and secure our service.

6. Data Retention

We retain different types of data for different periods:

  • P2P Network Content: Messages in our p2p network are potentially available indefinitely due to the distributed nature of the system.
  • Cached Profile Data: ENS, Farcaster, and Lens profile data is cached temporarily to improve performance.
  • Email Data: Transactional emails sent through Postmark are retained for 45 days, after which content and metadata are removed from their system.
  • Analytics Data: Retained according to our analytics providers' retention policies.
  • Local Device Data: Stored until you clear your browser storage or uninstall our mobile app.

7. Data Sharing

We use the following service providers who may have access to parts of your data:

  • Hetzner: Our hosting provider for server infrastructure.
  • Google Analytics and PostHog: For analytics processing.
  • Cloudflare: For content delivery network (CDN) services and image hosting.
  • Postmark: For sending transactional emails.
  • Paragraph: For certain email communications.
  • Apple: For iOS app distribution and TestFlight beta testing.

8. International Data Transfers

Some of our service providers may process your data outside the European Economic Area (EEA). When you use our service, you acknowledge that your information may be transferred to and processed in countries where data protection laws may differ from those in your country of residence.

9. Your Rights Under GDPR

Under the GDPR, you have rights including:

  • The right to access your personal data
  • The right to rectification of inaccurate data
  • The right to erasure (with limitations regarding content in the p2p network)
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing based on legitimate interest
  • The right to withdraw consent where processing is based on consent

To exercise these rights, please contact us at tim@daubenschuetz.de. We will respond to your request within one month as required by GDPR.

Please note that for content published through our p2p network, complete deletion may not be technically possible due to the decentralized nature of the system.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Secure hosting infrastructure
  • Encryption of sensitive data in transit and at rest
  • Regular security reviews and updates
  • Access controls and authentication systems
  • Secure development practices

11. Children's Privacy

Our service is not intended for individuals under 16 years of age, and we do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting the new policy on this page with an updated revision date.

13. Complaints

If you have concerns about our data practices, please contact us first. You also have the right to lodge a complaint with your local data protection authority.

14. Contact Information

For questions or concerns regarding this privacy policy, please contact:
Tim Daubenschütz
Email: tim@daubenschuetz.de

HomeNewSubmit