← Back to home

Privacy Policy

Last updated: March 27, 2026

1. Who we are

NewsNook (“NewsNook,” “we,” “us,” or “our”) operates an AI-assisted reading application that helps users organize and consume newsletters and similar content.

  • Operator: Trevillyan Labs, Inc., 210 Easy Street, APT 14, Mountain View, CA 94043, U.S.A
  • Contact: privacy@trevillyanlabs.io

This Privacy Policy describes how we collect, use, disclose, and protect information when you use our websites, applications, and related services (collectively, the “Services”).

2. Scope

This policy applies to personal information we process in connection with the Services. It does not apply to third-party websites, integrations, or services that we do not control.

3. Information we collect

3.1 Information you provide

  • Account and profile: Name, email address, password or authentication credentials (when you create or sign in to an account), and preferences you set in the product.
  • Payment information: Billing details are processed by our payment provider (Stripe). We receive limited payment metadata (for example, subscription status) rather than full card numbers.
  • User-generated content: Notes, tags, highlights or excerpts you save in the app, and similar content you choose to store.
  • Communications: Messages you send to support or feedback channels.

3.2 Information we collect automatically

  • Device and usage data: IP address, browser type, device identifiers, general location derived from IP, pages or screens viewed, timestamps, and diagnostic or performance data.
  • Cookies and similar technologies: We and our analytics or security partners may use cookies, local storage, or similar technologies as described in our cookie notice or in-product settings (if provided).

3.3 Information from connected email (Gmail and similar)

When you choose to connect a Google account, we access Gmail data only as needed to provide the Services you request—for example, to identify and sync messages that constitute newsletters or similar reading material, to display them in NewsNook, and to keep your reading state in sync.

We request access through Google OAuth and in line with the scopes you approve. We do not use Gmail data for serving third-party ads, and we do not sell your email content.

Google API Services User Data Policy: Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3.4 Information from other sources

We may receive information from authentication providers, payment processors, or analytics partners as described in this policy.

4. How we use information

We use personal information to:

  • Provide, operate, and improve the Services (including sync, search, reading workflows, and account management).
  • Generate AI-assisted summaries and in-app assistance based on content you have synced and related product context, using subprocessors listed in Section 7.
  • Process subscriptions and payments, send transactional messages, and provide customer support.
  • Maintain security, prevent abuse, enforce our terms, and comply with legal obligations.
  • Understand usage in aggregate or de-identified form to improve the product (for example, via analytics tools).

We do not sell your personal information as “sale” is commonly defined under U.S. state privacy laws. We do not use Gmail content for advertising personalization for unrelated third parties.

5. Legal bases (where applicable)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on one or more of the following:

  • Contract: Processing necessary to provide the Services you request.
  • Legitimate interests: For example, securing the Services, improving features, and fraud prevention, balanced against your rights.
  • Consent: Where required (for example, certain cookies or marketing communications, if offered).
  • Legal obligation: Where we must comply with law.

6. How we share information

We share personal information only as needed:

  • Service providers (subprocessors): Vendors that host infrastructure, process payments, run background jobs, provide error monitoring, analytics, email delivery, or AI inference, subject to contractual obligations. See Section 7.
  • Legal and safety: When required by law, legal process, or to protect rights, safety, and security.
  • Business transfers: In connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.
  • With your direction: When you ask us to share information or connect integrations.

We may share aggregated or de-identified information that cannot reasonably identify you.

7. Subprocessors and categories (illustrative)

Our stack may include providers such as:

Category Examples (verify your actual vendors)
Hosting / edge [e.g., Vercel]
Database / auth [e.g., Supabase]
Payments Stripe
Caching / queues [e.g., Upstash]
AI / ML [e.g., Anthropic, OpenAI]
Monitoring / analytics [e.g., Sentry, Vercel Analytics, PostHog]

Replace the bracketed examples with the vendors you actually use and keep this list current. You may also maintain a separate subprocessor page linked from here.

8. International transfers

If you access the Services from outside the country where we operate, your information may be processed in the United States or other countries where we or our subprocessors maintain facilities. Where required, we use appropriate safeguards (such as Standard Contractual Clauses).

9. Retention

We retain personal information for as long as needed to provide the Services, comply with law, resolve disputes, and enforce agreements. When you delete your account or request deletion where applicable, we will delete or anonymize your personal information within a reasonable period, subject to legal retention requirements.

Content synced from email is retained so the product can function (reading, search, archives) unless you delete it or delete your account, consistent with our product design and your choices in the app.

10. Security

We implement technical and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

11. Your rights and choices

Depending on where you live, you may have the right to:

  • Access, correct, or delete your personal information.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is consent-based.
  • Port your data in a machine-readable format (where applicable).
  • Opt out of certain “sales” or “sharing” for cross-context behavioral advertising (we do not sell Gmail content; adjust if your analytics practices change).
  • Lodge a complaint with a supervisory authority.

To exercise these rights, contact privacy@trevillyanlabs.io. We may need to verify your identity. If you use Google sign-in, you may also manage permissions in your Google account.

California residents: You may have additional rights under the CCPA/CPRA. We do not knowingly “sell” or “share” personal information of minors under 16 for behavioral advertising in ways that trigger opt-out rights beyond what this policy describes—update this section after legal review.

12. Children

The Services are not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps to delete it.

13. Third-party links and integrations

The Services may link to third-party sites or allow integrations. Their privacy practices are governed by their own policies.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date and, where appropriate, provide additional notice (for example, by email or in-app message).

15. Contact

Trevillyan Labs, Inc.

210 Easy Street, APT 14

Mountain View, CA 94043, U.S.A

Email: privacy@trevillyanlabs.io

Appendix: Gmail / Google user data (summary for reviewers)

  • What we access: Gmail content and metadata necessary to sync and display newsletters and similar messages you choose to read in NewsNook, as authorized by you via OAuth.
  • Why: To provide the core reading and organization features of the Services.
  • Limited use: We comply with Google’s Limited Use requirements; we do not use Gmail data for unauthorized advertising or resale.
  • Storage: Data may be stored in our application database and related storage as needed to operate the Services.
  • Sharing: We do not sell Gmail data. AI subprocessors may process content you have synced only to provide features you use (for example, summarization), under our agreements and this policy.

See also Terms of Service.