Privacy Policy
KernelBrief is a first-party-only, no-tracking operation. This page explains what data we handle, how we store it, and your rights.
Data we collect
KernelBrief collects only the data you choose to provide. We do not run third-party tracking scripts, analytics embeds, ad pixels, fingerprinters, or social-media buttons that phone home.
| Interaction | Data collected | Purpose |
|---|---|---|
| Newsletter signup | Email address, chosen brief tracks (Daily, Weekly, Security Watch, Jobs) | Deliver the email briefs you requested |
| Story submission | URL, topic, submitter note, optional contact email | Review and potentially publish submitted stories |
| Correction submission | Story reference, correction detail, optional contact email | Verify and publish corrections to editorial content |
| Comment submission | Comment text, story reference, optional display name | Review queue for future public comment threads |
| Bookmark (save story) | Story ID, anonymous session key, and local fallback cache | Persist your saved stories across visits |
| Vote | Story ID, vote direction, anonymous session key, and local fallback cache | Ranking and thread signal |
| Project watch | Project slug, optional email, selected alert preferences, anonymous session key | Register interest in project-watch updates |
| Search query | Query text, timestamp | Improve topic coverage and understand reader interests |
| Sponsor / employer lead | Contact name, email, company, interest detail | Respond to commercial inquiries |
How data is stored
Production persistent data uses Cloudflare D1 (SQLite-compatible) databases operated by KernelBrief, with Cloudflare Workers as the application layer. During beta, some interactions may use local fallback behavior if the API is unavailable. No data is shared with or processed by third-party analytics, ad networks, or data brokers.
Reader state such as bookmarks, votes, and project
watches is server-backed when the API is reachable
and stored under an anonymous session key. The site
also keeps a local fallback cache in your browser's
localStorage under the
kernelbrief_* key namespace so the UI
can stay honest when the API is unavailable.
Email delivery will use a named first-party-configured provider before the public newsletter launch. We do not upload subscriber lists to third-party marketing platforms.
No third-party tracking
KernelBrief does not use:
- Google Analytics, Adobe Analytics, or any third-party analytics
- Facebook Pixel, Twitter Pixel, LinkedIn Insight Tag, or any ad retargeting
- Third-party cookie-based tracking of any kind
- Fingerprinting scripts or device identification
- Embedded third-party content that leaks reader data (no YouTube embeds, no social embeds)
We measure what matters using first-party signals only, and disclose collected fields here before adding new tracking behavior.
Data retention
| Data type | Retention period | Notes |
|---|---|---|
| Newsletter subscriptions | Until you unsubscribe or 12 months of inactivity | Unsubscribed addresses are permanently removed within 30 days |
| Submissions and corrections | Indefinitely (editorial record) | Contact email fields deleted on request |
| Comment submissions | Until published or 12 months in review queue | Unpublished comments are purged after 12 months |
| Search queries | Aggregated and anonymized after 90 days | Raw query text deleted after aggregation |
| Sponsor / employer leads | Duration of commercial relationship + 24 months | Deleted on request if no active relationship |
| Server-backed anonymous reader state | Until stale-data cleanup or deletion request with the matching session key | Covers bookmarks, story votes, and project watch intent |
| localStorage fallback cache | Until you clear your browser data | Used only to restore local UI state when the API is unavailable |
Your rights
You have the right to:
- Access — request a copy of any personal data we hold about you.
- Deletion — request that we delete your personal data. We will comply within 30 days.
- Correction — request that we fix inaccurate personal data we hold about you.
- Unsubscribe — every newsletter email includes a one-click unsubscribe link. Unsubscribed addresses are removed from all lists.
- Export — request a portable copy of your data in a machine-readable format.
To exercise any of these rights, email [email protected] with the subject line indicating your request (e.g., "Data access request", "Data deletion request").
Cookie policy
KernelBrief does not set HTTP cookies for tracking
or advertising. The only client-side storage we use
is localStorage for session-scoped
keys:
| Key | Purpose | Lifetime |
|---|---|---|
kernelbrief_saved_story_ids
|
Your bookmarked stories | Until cleared |
kernelbrief_story_votes
|
Your story votes | Until cleared |
kernelbrief_subscribers
|
Locally cached signup status (fallback) | Until cleared |
kernelbrief_submissions
|
Locally cached submission status (fallback) | Until cleared |
kernelbrief_corrections
|
Locally cached correction status (fallback) | Until cleared |
kernelbrief_sponsor_leads
|
Locally cached sponsor lead status (fallback) | Until cleared |
kernelbrief_employer_leads
|
Locally cached employer lead status (fallback) | Until cleared |
These keys are used exclusively to provide the features you interact with. None of them are read by third-party scripts, and none are used for cross-site tracking.
Changes to this policy
If this policy changes, we will publish the updated version at this URL and note the change in the next newsletter issue. Material changes (new data collection, new processors) will be announced at least 14 days before they take effect.
Last updated: 2026-05-20
Contact
For privacy-related questions or to exercise your data rights:
- Email: [email protected]
- Response time: within 5 business days
If you believe your privacy concern has not been adequately addressed, you have the right to contact the data protection authority in your jurisdiction.