This Privacy Policy explains how BarbieBrief ("we," "us," or "our") collects, uses, and protects information about you when you visit barbiebrief.com or interact with our newsletter and related services (the "Service"). We are based in California, United States.
We collect three categories of information:
When you subscribe to the daily brief, you provide your email address, optionally a first name, and the timezone your browser reports. When you contact us, we collect whatever you choose to send.
| Category | What it is | Why |
|---|---|---|
| IP address | Your device's network address at time of visit | Geolocation, fraud prevention, rate limiting |
| Visit data | Pages visited, timestamps, referrer URL, UTM tags | Understanding what content readers find valuable |
| Browser & device | User agent (browser type, OS), screen size class | Compatibility, debugging, mobile vs desktop layout |
| Approximate location | Country, region, city derived from IP | Knowing where readers are without precise tracking |
| Visit cookie | A randomly-generated identifier stored in your browser | Linking page views from the same visit |
Currently, none. We do not buy email lists, scrape contact information, or import data from external sources. If this changes (for example, if we add social login at some point), we will update this policy and notify subscribers.
We use the information we collect to:
We do not use your information to:
We use a single first-party cookie, bb_visit, to link page views from the same visitor session. The cookie expires after one year. We do not use third-party advertising cookies or cross-site tracking pixels.
Most browsers let you control cookies. If you block our visit cookie, the Service still works — you'll just appear as a new visitor on each page load.
We rely on a small number of third-party services to operate the Service. Each only sees the data necessary for its function. We have agreements requiring them to protect your information.
| Provider | Function | Data shared |
|---|---|---|
| Cloudflare | Hosting, edge compute, database (D1), DDoS protection | All Service data (encrypted at rest) |
| Resend | Email delivery (planned, when daily brief launches) | Email address, first name, send/open metadata |
| Substack | Source feed for the Articles page (RSS only, no data sent) | None |
| AI providers | Brief assembly (Anthropic, OpenAI, Cloudflare AI — planned) | Public source content; no subscriber data |
We keep different types of information for different periods:
Depending on where you live, you have rights regarding your information. Regardless of jurisdiction, we extend the following rights to all readers:
California residents have the right to know what personal information we collect, to request deletion, to opt out of any "sale" or "sharing" of personal information, and to limit use of sensitive personal information. We do not sell or share personal information as those terms are defined under California law. To exercise any rights, contact us at the address below.
If you are in the EEA or UK, your information is processed based on your consent (for the email subscription) and our legitimate interest in operating and improving the Service (for visit data). You have the right to withdraw consent, lodge a complaint with your local data protection authority, and exercise the access, correction, deletion, and portability rights above.
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it. If you believe a child has provided us information, contact us immediately.
Some browsers send a "Do Not Track" signal. Because there is no industry consensus on how to interpret this signal, we do not currently change our behavior in response. We do not engage in cross-site tracking regardless.
We use industry-standard technical and organizational safeguards: TLS encryption in transit, encryption at rest in Cloudflare D1, access controls, and least-privilege practices for any operator with database access. No system is perfectly secure. If we discover a breach affecting your information, we will notify you and applicable authorities as required by law.
The Service is operated from the United States and our service providers may store data in the United States and other countries. If you access the Service from outside the United States, your information may be transferred to and processed in the United States. By using the Service, you consent to this transfer.
We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date above. For material changes, we will notify subscribers by email or via a prominent notice on the Service.
Privacy questions, requests, or concerns? Email privacy@barbiebrief.com or use the form at /contact. We'll respond within thirty (30) days, often much sooner.