Skip to content

Privacy policy

Effective date: June 2026 (updated)

Your privacy matters to us. What you listen to is yours. We built HearLore with that principle at the center. This policy explains what data we collect, why, and what we do with it. It covers both the HearLore website and the HearLore mobile apps for iOS and Android.

Where our stories come from

HearLore entries are adapted from publicly-licensed source articles under the Creative Commons Attribution-ShareAlike 4.0 license. Per-entry attribution, including a link to the source article, appears at the bottom of each entry's sources panel. The full license terms are covered in our terms of service.

What data we collect

Account data

When you create an account, we store your email address and a securely hashed password through Supabase Auth. If you sign in with Google or Apple, we receive and store your email address and, optionally, the display name provided by your OAuth provider. We also store a profile record with your chosen display name.

Usage data

For authenticated users, we store listening history, bookmarks, playlists, and library items in Supabase. This data powers your personal library and lets you pick up where you left off.

Local storage data

HearLore stores several items in your browser's local storage. This data never leaves your device and is not transmitted to our servers. These items include your theme preference (hearlore-color-mode), player settings (hearlore-player-settings), audio playback state (hearlore_audio_state), play queue and history (hearlore_play_queue, hearlore_play_history, hearlore_recently_played), and cached copies of your library and playlists (hearlore_library, hearlore_playlists).

Cookies

We use essential cookies only. Supabase session cookies (prefixed with sb-) maintain your authenticated session. A UX gate cookie (hearlore-unauth-blocked) tracks whether you have been shown the sign-up prompt. We do not use advertising cookies or cross-site tracking cookies.

Analytics

On the website, we use Google Analytics 4 to collect aggregate usage metrics and page views. We also use Ahrefs for SEO analytics, which does not collect user-level data.

In the HearLore mobile apps for iOS and Android, we use Google Analytics for Firebase to understand how the app is used. This collects product-interaction events (such as which screens you view and what you play), an app-instance device identifier, and an approximate location derived from your IP address. If you are signed in, this data is associated with your account. We use it to understand usage in aggregate and improve the experience. We do not use it to track you across other companies' apps or websites.

Advertising measurement (iOS app)

We run advertising campaigns to help new listeners discover HearLore. On iOS, to measure which campaigns work, the app can use Apple's Advertising Identifier (IDFA) and share limited install and sign-up events with Meta (Facebook), which hosts some of those campaigns.

This only happens with your permission. The first time you open a topic, iOS asks whether HearLore may track you. If you decline, the app does not use the advertising identifier and does not enable advertiser tracking, and the app works exactly the same. You can change your choice at any time in iOS Settings under Privacy & Security, then Tracking. We never sell what you listen to, and we do not use this data to build a profile of you.

Bot detection

During signup, we use BotID for browser fingerprinting to prevent automated bot registrations. This data is used only for bot prevention and is not stored beyond the signup verification step.

Rate limiting

We use Upstash Redis for IP-based rate limit counters to protect the service from abuse. No personal data is stored in this system. Only request counts associated with IP addresses are tracked, and these counters expire automatically.

How we use your data

We use the data we collect to provide and improve the service, authenticate your sessions, remember your preferences, and analyze aggregate usage patterns. We do not use your data for any purpose other than operating and improving HearLore.

Third-party services

HearLore relies on the following third-party services, each of which receives only the data necessary for its function:

  • Supabase (authentication and database): stores your account data, playlists, bookmarks, and listening history.
  • Google Cloud (OAuth): receives your email address for authentication when you choose to sign in with Google.
  • Apple (OAuth): receives your email address and optional name for authentication when you choose to sign in with Apple.
  • Cloudflare R2 and Backblaze B2 (audio CDN): serve audio files to your browser. No user data is transmitted to these services.
  • Google Analytics 4 (website analytics): receives aggregate page views and usage events.
  • Google Analytics for Firebase (app analytics): receives product-interaction events, an app-instance device identifier, and an approximate location derived from IP address from the iOS and Android apps.
  • Meta (advertising measurement, iOS app only): with your App Tracking Transparency permission, receives limited install and sign-up events so we can measure how well our advertising brings new listeners. This is disabled unless you grant tracking.
  • Ahrefs: receives SEO crawl analytics. No user-level data is collected.
  • Vercel (hosting): maintains standard web server logs including IP addresses and user agent strings.
  • IndexNow: receives search engine indexing notifications. No user data is transmitted.

What we do not do

We do not sell or trade your personal data. We do not use your listening history to serve you ads, and we do not build behavioral profiles to target ads at you. The only advertising-related data we share is limited install and sign-up measurement sent to Meta on iOS, and only when you grant tracking permission, so we can tell which of our own campaigns bring new listeners. What you listen to is yours.

Data retention

Account data is retained while your account is active. Usage data such as listening history, bookmarks, and playlists is retained while your account is active. Analytics data is retained per the default retention policies of Google Analytics, Google Analytics for Firebase, and Ahrefs. Advertising-measurement events shared with Meta are retained per Meta's policies. Local storage data is controlled entirely by your browser and can be cleared at any time.

Your rights

You may request a full export of your data or request that your account and all associated data be permanently deleted. To make either request, contact us at legal@hearlore.com.

Children

HearLore is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact us and we will delete it promptly.

Changes to this policy

We may update this privacy policy from time to time. When changes are made, the effective date at the top of this page will be updated. Your continued use of HearLore after any changes constitutes your acceptance of the updated policy.

Contact

If you have questions about this privacy policy, please contact us at legal@hearlore.com.