1. Who We Are
CPHN is operated by Winvestour LLC, a Wyoming limited liability company. This Privacy Policy explains how we collect, use, and protect your personal information when you use CPHN at cphn.app. By using the Service, you agree to the practices described below.
2. Information We Collect
2a. Account & Identity Data
- Name and email address — provided when you register with an email/password or sign in with Google.
- Profile picture — provided by Google OAuth if you sign in with Google; otherwise no profile image is stored.
- Password hash — for email/password accounts only. Passwords are stored as irreversible bcrypt hashes; we never store plaintext passwords.
- Email verification status — whether your email address has been confirmed.
2b. Preferences & Settings
- Selected country — the country whose international news coverage you follow.
- Interface language — your chosen display language (Turkish, English, German, Spanish, French, or Russian).
- News translation preference — whether articles are automatically translated into your chosen language (PRO feature).
- AI personality — your preferred news-ranking style (apolitical / oppositional), which affects how AI-sorted feeds are ordered.
- Theme — light or dark mode selection.
- Notification preferences — whether push notifications and email notifications are enabled.
2c. Location Data
- City and district — if you grant browser location permission, your approximate city is detected via the browser Geolocation API and resolved to a place name using the OpenStreetMap Nominatim service. This is stored in your profile to power the City News feature. You can deny or revoke location permission at any time in your browser settings.
- Country (IP-based) — your approximate country is inferred from your IP address via Vercel edge infrastructure headers. This is stored in a browser cookie to pre-fill country selection and is not linked to your identity.
2d. Engagement & Content Data
- Article likes and saves — which articles you have liked or bookmarked.
- Comments and replies — text content of comments and replies you post on articles.
- Comment likes — which comments you have liked.
- Wall posts — public posts you share on your profile wall.
- Direct messages — private messages exchanged with other users.
2e. Subscription & Payment Data
- Stripe customer ID — a reference identifier linking your account to Stripe's payment system. We store this ID only; we never receive or store card numbers, bank details, or billing addresses. All payment data is processed and held exclusively by Stripe.
- Subscription tier and billing interval — whether you are on the Free or PRO plan and whether you are billed monthly or annually.
2f. Push Notification Token
If you enable push notifications, a Firebase Cloud Messaging (FCM) device token is stored in your profile. This token is used solely to deliver push notifications and is cleared if it becomes invalid or if you disable notifications.
2g. Scroll Usage (Free Plan)
Free-plan users are limited to 200 articles per 12-hour window. This counter is stored exclusively in your browser's localStorage and is never transmitted to our servers.
3. How We Use Your Information
- To provide, operate, and improve the CPHN service
- To personalise your news feed ranking based on your AI personality preference
- To translate articles into your chosen language (PRO feature, via Google Cloud Translation API)
- To power City News by matching articles to your detected city
- To generate AI news analysis using article titles and summaries (PRO feature, via Anthropic Claude API)
- To process subscription payments and manage billing via Stripe
- To deliver push and email notifications when you have enabled them
- To send transactional emails (email verification, password reset, notification alerts)
- We do not send marketing emails without your explicit opt-in consent
4. Third-Party Services
- Google OAuth: Used for sign-in authentication. Governed by Google's Privacy Policy. We receive your name, email, and profile image from Google upon sign-in.
- Stripe: Payment processing for PRO subscriptions. Governed by Stripe's Privacy Policy. We share only what is necessary for billing (email address, plan selection).
- Anthropic Claude API: Powers AI news analysis. Article titles and descriptions are sent to the API. No personally identifiable user data is included. Content is processed per Anthropic's API usage policies and is not used to train AI models.
- Google Cloud Translation API: Used to translate article titles and descriptions for PRO subscribers. Article text is sent; no personal user data is included.
- Firebase Cloud Messaging (FCM): Used to deliver push notifications to devices that have opted in. Governed by Google's Privacy Policy.
- OpenStreetMap / Nominatim: Used for reverse geocoding browser location coordinates into a city name. Your coordinates are sent to a public Nominatim endpoint. No account data is included in this request.
- News APIs (The Guardian, GNews, NewsAPI, NY Times, and RSS feeds): Used to fetch news articles. No personal user data is sent to these providers.
- Vercel: Application hosting and edge infrastructure. Infrastructure operated in the United States. Governed by Vercel's Privacy Policy.
- Neon PostgreSQL: Database hosting for all user and article data. Operated in the United States.
- Vercel Blob: File storage used for uploaded profile images. Operated in the United States.
5. Data Retention
We retain your data for as long as your account is active. You may request deletion of your account and all associated data at any time by using the account deletion option in Settings. Upon deletion, your profile, preferences, likes, saves, comments, and messages are permanently removed within 30 days. News articles sourced from third-party publishers are not considered personal data and are retained for operational purposes.
6. Security
All data is transmitted over encrypted HTTPS connections. Passwords are stored as bcrypt hashes and never in plaintext. Database access is restricted by role-based controls. No system is 100% secure; we recommend using a strong, unique password and enabling two-factor authentication on your Google account if you use Google sign-in.
7. Your Rights
You may access, correct, export, or delete your personal data at any time. To exercise these rights, use the account settings in the app or contact us at the email below. Users in the European Economic Area (EEA) and California may have additional rights under the GDPR and CCPA respectively; we honour those requests equally regardless of your location.
8. Children's Privacy
CPHN is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
9. Governing Law
This Privacy Policy is governed by the laws of the State of Wyoming and applicable United States federal law, including applicable provisions of the California Consumer Privacy Act (CCPA) where relevant.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "last updated" date above and, where appropriate, by email. Continued use of the Service after changes constitutes acceptance of the updated policy.