TLexDR

Privacy Policy

Last updated: 2026-05-22

TLexDR ("we", "us", "our") operates the TLexDR newsletter and website at tlexdr.com. This Privacy Policy explains what personal information we collect, how we use it, and what choices you have.

1. Information we collect

You give us directly

  • Email address — required to subscribe to the newsletter or create an account.
  • Name — optional, used to personalize emails.
  • Password — for account holders only, stored hashed using industry-standard bcrypt-style hashing.
  • Payment information — when you subscribe to a paid plan, payment details are collected and processed by our payment provider (Stripe). We never see or store full card numbers.

Collected automatically

  • Usage analytics — page views and feature use, captured via Plausible Analytics, which is privacy-friendly: no cookies, no cross-site tracking, no personal identifiers.
  • Episode viewing history — to enforce the free-tier monthly limit and personalize recommendations.
  • Server logs — request IPs and timestamps, retained for operational debugging and security (≤30 days).

2. How we use your information

  • Deliver the newsletter and recommended episodes to your inbox.
  • Provide account features, including the paid Premium tier.
  • Process payments and prevent fraud.
  • Send transactional emails (verification, password reset, billing receipts).
  • Improve TLexDR — what works, what doesn't, where users drop off.
  • Comply with legal obligations.

3. How we store your information

Subscriber and account data is stored in our database hosted on Supabase (Postgres, encrypted at rest). Payment data is stored by Stripe under their PCI-DSS-compliant infrastructure; we keep only references (customer ID, subscription ID, last 4 digits of the card).

Backups are encrypted, retained for up to 30 days, and stored within the same region as our primary database.

4. Third-party services

We share data with the following providers, only to the minimum extent needed to operate the service:

  • Supabase — database, authentication, and file storage hosting.
  • Stripe — payment processing and billing.
  • Our email service provider — delivery of transactional and newsletter email.
  • OpenAI — generation of summaries from public podcast transcripts. We do not send subscriber personal information to OpenAI.
  • Plausible — anonymized usage analytics.
  • YouTube / yt-dlp — public episode metadata fetching. No subscriber data is sent.

We do not sell your personal information.

5. Your rights

Whether or not GDPR or CCPA technically applies, we extend the following rights to all users:

  • Access — request a copy of all data we hold about you (available from your account page).
  • Deletion — request permanent deletion of your account and all associated personal data.
  • Portability — the data-export download is JSON and machine-readable.
  • Correction — update your email, name, or other profile fields from your account page.
  • Withdraw consent — unsubscribe from the newsletter at any time via the link in every email; no questions asked.

To exercise any of these rights, use the controls in your account page or contact us at privacy@tlexdr.com. Requests are honored within 30 days.

6. Retention

We keep your data for as long as you maintain an active subscription or account, plus an additional 30 days after deletion to allow operational backups to expire. Invoice and tax records are retained for the period required by applicable law (typically 7 years).

7. Cookies

We use a single first-party session cookie (signed, HttpOnly, Secure) to keep you logged in. We do not use third-party tracking cookies. Plausible Analytics is cookie-less.

8. Security

Passwords are never stored in plaintext. All data is transmitted over TLS. We follow standard industry practices for vulnerability management and access control, but no system is perfectly secure — please report any suspected security issue to security@tlexdr.com.

9. Children

TLexDR is not directed at children under 13 (16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. International transfers

TLexDR is operated from the United States. If you are using the service from outside this jurisdiction, your data may be transferred to and processed in that jurisdiction. By using TLexDR, you consent to this transfer.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced via email to registered users at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

12. Contact

Questions or requests about this policy: privacy@tlexdr.com.