// Privacy Policy

Privacy Policy

Last updated: March 10, 2026

1. Data We Collect

We collect the following categories of data:

  • Account information — email address, name, and hashed password when you create an account
  • Subscription & billing — plan type and Stripe customer ID. Payment details (card numbers) are handled entirely by Stripe and never stored on our servers
  • Usage analytics — page views, brief reads, dwell time, and interaction events via Google Analytics and first-party analytics
  • API usage — request counts, endpoints accessed, API key identifiers, and per-key usage metrics for rate limiting and billing
  • Generated content — briefs you generate on demand, bookmarks you save, and your dashboard activity
  • Reading history & personalization — briefs you read, categories you follow, and engagement patterns used to power your personalized “For You” feed
  • Curated lists — lists you create (public or private), including list names, descriptions, and the briefs you add to them
  • Topic alerts — keywords and category filters you configure for in-app notifications
  • Comments & reactions — content you post on briefs, including the author name you provide
  • Webhook configurations — endpoint URLs, event subscriptions, and delivery format preferences you configure for real-time notifications
  • Email digest preferences — frequency (daily or weekly), delivery time, and category filters for your email digest subscription

2. How We Use Your Data

We use the data we collect to:

  • Authenticate your account and manage your subscription
  • Deliver personalized feeds based on your reading history and preferences
  • Trigger topic alerts and in-app notifications when matching briefs are published
  • Send email digests at your configured frequency and category filters
  • Deliver webhook payloads to your configured endpoints
  • Enforce API rate limits, brief generation limits, and plan-tier quotas
  • Display per-key API usage metrics on your developer dashboard
  • Improve the platform through aggregated analytics and engagement patterns
  • Detect and prevent abuse, fraud, and unauthorized access

3. Analytics

We use Google Analytics to understand how visitors use our site (page views, traffic sources, general engagement). Google Analytics uses cookies and collects anonymized usage data. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on. We also collect first-party analytics (page views, dwell time, interaction events) for service improvement. We do not sell analytics data to third parties.

4. API Usage Data

When you use the Polaris Report API, we log request metadata (endpoint, timestamp, API key identifier, response status) for rate limiting, abuse prevention, and service improvement. Per-key usage is tracked and visible on your developer dashboard. We do not log request bodies or the content of your queries beyond what is necessary for debugging and billing.

5. Email & Communications

Your email address is used for account authentication, transactional emails (password resets, email verification), daily or weekly intelligence digests, and occasional service announcements. Transactional and digest emails are delivered via Resend. You can configure digest frequency, delivery time, and category filters from your dashboard. We do not sell, rent, or share your email address with third parties for marketing purposes. You may unsubscribe from digests at any time via the link in each email or from your dashboard settings.

6. Caching & Content Delivery

We use server-side caching and CDN edge caching to improve performance and reduce load times. Cached data includes public feed responses and brief metadata. Cached data does not include personal information and is automatically invalidated on a regular cycle. No personal data is stored in cache layers.

7. AI-Generated Content & Third-Party AI Services

Our content is generated by a proprietary multi-stage AI verification pipeline. Source articles are processed by our AI systems to produce briefs. The AI pipeline processes publicly available news content — it does not process your personal data, reading history, or account information.

AI content disclaimer: AI-generated content may contain inaccuracies, errors, omissions, or hallucinations. Briefs are produced by machine-learning models that can generate plausible but incorrect information. Confidence scores, bias analysis, and source attribution are provided for transparency but do not guarantee accuracy. You should independently verify any information before relying on it.

8. Webhooks & Integrations

When you configure webhooks, we store your endpoint URLs and deliver signed payloads (HMAC-SHA256) to those endpoints when subscribed events occur. Webhook secrets are stored securely and used only for payload signing. We log delivery status (success/failure) for debugging but do not log the full payload content.

If you use The Polaris Report via an OpenClaw skill package or embeddable widget, the same API rate limits and data handling policies apply. Third-party platforms integrating with our API are responsible for their own privacy practices.

9. Data Retention

  • Account data — retained until you delete your account. Upon deletion, your profile, API keys, bookmarks, reading history, curated lists, topic alerts, notifications, webhook configurations, and personal data are permanently removed. Anonymized usage records may be retained
  • Subscription data — billing history is retained by Stripe per their retention policy. We retain your plan status while your account is active
  • Reading history — retained while your account is active and deleted upon account deletion
  • Curated lists — retained while your account is active. Public lists are removed from discovery upon account deletion
  • Analytics data — aggregated data retained indefinitely; raw event logs deleted after 90 days
  • API logs — retained for 90 days for debugging and billing, then purged
  • Comments & reactions — retained as long as the associated brief exists
  • Webhook delivery logs — retained for 30 days for debugging, then purged

10. Third-Party Services

We use the following third-party services to operate the platform:

  • Cloud hosting providers — frontend hosting, backend API servers, and CDN delivery
  • Database providers — managed database services for data storage
  • Stripe — payment processing and subscription management. Stripe processes your payment details directly; we never store card numbers
  • Email service providers — transactional and digest email delivery (processes email addresses only)
  • Google Analytics — website usage analytics
  • AI model providers — AI language models powering our content pipeline. Source articles are processed by third-party AI APIs; no user personal data is sent to AI providers
  • Third-party market data providers — stock prices, crypto prices, and sports scores displayed on vertical pages are sourced from external APIs and may be delayed or inaccurate

We do not sell personal data to any third party. We do not use advertising networks or retargeting services.

11. Disclaimer of Liability & Assumption of Risk

The Polaris Report is an informational platform only. All content — including AI-generated briefs, bias analysis, confidence scores, counter-arguments, trending indicators, market data, and any other information provided through the Service, API, webhooks, email digests, OpenClaw integrations, or embeddable widgets — is provided strictly for general informational and research purposes.

Content on The Polaris Report does not constitute and shall not be construed as:

  • Financial, investment, or trading advice
  • Legal advice or legal opinion
  • Medical, health, or clinical advice
  • Tax, accounting, or regulatory guidance
  • Professional advice of any kind
  • A recommendation to buy, sell, or hold any security, cryptocurrency, or asset
  • A substitute for consultation with qualified professionals

AI-generated content may be inaccurate. Our content is produced by artificial intelligence systems that may hallucinate, fabricate facts, misattribute sources, misinterpret data, produce outdated information, or generate plausible-sounding but entirely false statements. Confidence scores and bias analysis are machine-generated estimates, not guarantees of accuracy. Market data (stock prices, crypto prices, sports scores) may be delayed, incomplete, or incorrect.

You assume all risk. By using The Polaris Report, you acknowledge and agree that: (a) you are solely responsible for any decisions or actions taken based on information obtained from the Service; (b) you will independently verify any information before relying on it for financial, legal, medical, or other consequential decisions; (c) we bear no responsibility for losses, damages, or harm of any kind resulting from your use of or reliance on our content; and (d) the Service is not a substitute for professional advice from qualified financial advisors, attorneys, physicians, or other licensed professionals.

Waiver and release. To the maximum extent permitted by applicable law, you hereby waive, release, and discharge The Polaris Report, its owners, operators, employees, agents, and affiliates from any and all claims, demands, causes of action, damages, losses, costs, or expenses (including attorneys’ fees) arising out of or relating to: (a) inaccuracies, errors, omissions, or hallucinations in AI-generated content; (b) reliance on any information provided through the Service; (c) financial losses resulting from trading, investment, or other decisions influenced by our content; (d) actions taken or not taken based on briefs, alerts, notifications, market data, or any other Service output; and (e) third-party content, data, or services accessed through or referenced by the Service.

No warranty. The Service is provided “as is” and “as available” without warranties of any kind, whether express, implied, statutory, or otherwise, including but not limited to implied warranties of merchantability, fitness for a particular purpose, accuracy, completeness, reliability, non-infringement, or uninterrupted availability. We do not warrant that any content is current, correct, or complete.

Limitation of damages. In no event shall The Polaris Report be liable for any indirect, incidental, special, consequential, punitive, or exemplary damages, including but not limited to damages for loss of profits, data, goodwill, or other intangible losses, regardless of whether we have been advised of the possibility of such damages. Our total aggregate liability for all claims arising out of or relating to the Service shall not exceed the total amount you paid us in the twelve (12) months immediately preceding the event giving rise to the claim, or fifty dollars ($50), whichever is greater.

Indemnification. You agree to indemnify, defend, and hold harmless The Polaris Report, its owners, operators, employees, and affiliates from and against any claims, liabilities, damages, losses, and expenses (including reasonable attorneys’ fees) arising out of or in any way connected with: (a) your use of the Service; (b) your reliance on any content provided through the Service; (c) your violation of these terms; or (d) your violation of any rights of any third party.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information:

  • Right to know — you may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purpose, and the categories of third parties with whom we share it
  • Right to delete — you may request deletion of your personal information, subject to certain exceptions
  • Right to correct — you may request correction of inaccurate personal information
  • Right to opt out of sale/sharing — we do not sell or share your personal information for cross-context behavioral advertising. We have not sold personal information in the preceding 12 months
  • Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA/CPRA rights
  • Right to limit use of sensitive data — we do not collect sensitive personal information as defined by the CPRA

To exercise these rights, contact us at polarisreport@proton.me. We will verify your identity before processing your request and respond within the timeframe required by applicable law. You may also designate an authorized agent to make a request on your behalf.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent local laws provide you with additional rights:

  • Right of access — obtain confirmation of whether we process your data and receive a copy of it
  • Right to rectification — correct inaccurate or incomplete personal data
  • Right to erasure — request deletion of your data (“right to be forgotten”)
  • Right to restrict processing — limit how we use your data in certain circumstances
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests, including profiling
  • Right to withdraw consent — withdraw consent at any time without affecting the lawfulness of prior processing

Legal basis for processing: We process your data based on consent, contractual necessity, legitimate interests (analytics, security, service improvement), and legal obligations as applicable.

International transfers: Your data may be transferred to and processed in countries outside your jurisdiction, including the United States. By using the Service, you consent to such transfers. We implement appropriate safeguards as required by applicable law.

To exercise these rights, contact us at polarisreport@proton.me. We will respond within a reasonable timeframe as required by applicable law. You may also have the right to lodge a complaint with your local data protection authority.

14. Managing Your Data

You can update your profile, change your password, manage your reading history, curated lists, topic alerts, notification preferences, or delete your account directly from your dashboard settings. Account deletion is permanent and removes all associated personal data as described in our data retention section above.

15. Children's Privacy

The Polaris Report is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

16. Security

We implement industry-standard security measures to protect your data, including encrypted connections (TLS), hashed passwords, HMAC-signed webhook payloads, scoped API key permissions, and access controls on our infrastructure. API keys can be rotated instantly from your developer dashboard. No system is 100% secure — if you discover a vulnerability, please report it to polarisreport@proton.me.

17. Governing Law & Dispute Resolution

This Privacy Policy and any disputes arising from your use of the Service shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law provisions. Any dispute that cannot be resolved informally shall be submitted to binding arbitration in accordance with the rules of the American Arbitration Association, conducted in the State of Delaware. You agree to waive any right to participate in a class action lawsuit or class-wide arbitration against The Polaris Report.

18. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date. Continued use of the Service after changes constitutes acceptance.

19. Contact

The data controller for The Polaris Report is Prime Marketing & Management Group, Ltd. For privacy-related questions, contact us at polarisreport@proton.me.

For general inquiries, see our Terms of Service.