← Back to Lion Reader

Privacy Policy

Last updated: February 2026

Overview

Lion Reader is committed to protecting your privacy. We collect only the data necessary to provide our feed reading service. We do not sell, rent, or share your personal information with third parties for marketing purposes.

This policy explains what information we collect, how we use it, what third-party services we use, and your rights regarding your data.

Information We Collect

Account Information

When you create an account, we collect your email address and password. Passwords are securely hashed using argon2 (industry-standard). If you sign in with Google or Apple, we receive only your email address and profile ID from those providers—we do not access any other data from your OAuth accounts.

Session Information

We store session tokens (SHA-256 hashed), IP addresses, and user agent strings to maintain your login sessions and prevent unauthorized access. You can view and revoke active sessions from your account settings.

Feed Data

We store the RSS/Atom feeds you subscribe to, articles from those feeds, and your reading history (read/unread status, starred items, folder organization). This data is used to provide the core feed reading functionality.

Saved Articles

When you save articles using our bookmarklet or save feature, we store the article content and metadata on our servers for your later access.

Email Newsletter Subscriptions

Each account has a unique email address for forwarding newsletters to your feed. If you use this feature, we receive and store the newsletters sent to that address, including sender information and email content.

How We Use Your Data

We use the information we collect to provide, operate, and improve the Lion Reader service. This includes:

  • To maintain your account and authenticate you when you sign in
  • To fetch, store, and display RSS/Atom feeds you subscribe to
  • To track your reading progress (read/unread status, starred items)
  • To enable optional features like audio narration and saved articles
  • To monitor service health, diagnose errors, and improve performance (via Sentry and Grafana)
  • To prevent abuse and maintain security of the service
  • To administer the service, including managing user accounts, monitoring feed health, and managing invite codes (see Administrative Access below)

We do not use your data for advertising, marketing to third parties, or any purpose unrelated to providing the Lion Reader service.

Administrative Access

Lion Reader administrators have access to an internal admin portal used to operate and maintain the service. This portal is protected by a separate secret and is not accessible to regular users. Through the admin portal, administrators can view:

  • User information: Email addresses, account creation dates, linked sign-in providers (e.g., Google, Apple, Discord), number of feed subscriptions, number of entries, and scoring model statistics
  • Feed health data: Feed URLs, titles, fetch error details, subscriber counts, entry counts, and fetch sizes — used to diagnose and resolve feed issues
  • Invite management: Invite codes, their status (pending, used, expired), and which user claimed each invite

Administrative access is used solely for service operation, troubleshooting, and user support.

Data Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We only share data with third-party service providers as necessary to operate the service (see Third-Party Services section below).

We may disclose your information if required by law, such as in response to a valid subpoena or court order, or to protect the security and integrity of our service.

Third-Party Services

We use the following third-party services to operate Lion Reader:

Audio Narration (Groq) — Optional

This feature is optional and disabled by default. When you enable AI text processing in narration settings, article content is sent to Groq (using their Llama 3.1 8B model) to convert it into speakable text. This preprocessing expands abbreviations, formats numbers for speech, and improves pronunciation. The processed text is cached on our servers to avoid repeated processing.

When AI processing is disabled, we use simple HTML-to-text conversion that happens entirely on our servers. Either way, the actual audio generation happens entirely on your device using your browser's built-in text-to-speech. No audio data is sent to external servers.

View Groq's Privacy Policy →

Hosting (Fly.io)

Our application and databases are hosted on Fly.io infrastructure in the United States. All data at rest is encrypted using Fly.io's managed PostgreSQL service. Fly.io has access to server data as part of providing infrastructure services.

Error Tracking (Sentry)

We use Sentry to track application errors and performance issues. Sentry may receive error messages, stack traces, and limited context about the operation that failed (e.g., which page you were on). We do not send article content or feed data to Sentry.

Monitoring (Grafana Cloud)

We use Grafana Cloud for application metrics and logs to monitor service health and performance. This includes anonymized usage metrics (e.g., number of API requests) and system logs. We do not send personal information or article content to Grafana.

Authentication Providers (Google, Apple)

If you choose to sign in with Google or Apple, we use their OAuth services. We only receive your email address and profile ID—we do not access any other data from these providers.

Cookies and Local Storage

We use essential cookies for authentication and session management. We also use browser storage to save your preferences and cached data:

  • localStorage: Narration voice settings, reading preferences (show/hide read items, sort order), and keyboard shortcut preferences
  • IndexedDB: Enhanced narration voices (if you download optional high-quality voices using Piper TTS). These voice files are stored locally on your device and never sent to our servers.

We do not use third-party tracking cookies, analytics, or advertising cookies.

Data Security

We implement industry-standard security measures to protect your data:

  • Encrypted connections: All data transmitted between your device and our servers uses HTTPS encryption
  • Secure password storage: Passwords are hashed using argon2, a memory-hard algorithm resistant to brute-force attacks
  • Session token security: Session tokens are SHA-256 hashed before storage and never stored in plain text
  • Database encryption: All data at rest is encrypted using Fly.io's managed PostgreSQL encryption
  • Regular security updates: We keep our dependencies and infrastructure up to date with security patches

Data Retention

  • Account data: Retained as long as your account is active
  • Sessions: Active sessions remain until you log out or they expire (configurable expiration). Revoked sessions are deleted immediately.
  • Feed content: Shared feed data is retained as long as any user is subscribed to that feed. When you unsubscribe, your personal reading state is retained (soft delete) so you can resubscribe and maintain your history.
  • Saved articles: Retained until you delete them
  • Narration cache: Preprocessed narration text is cached indefinitely to avoid repeated processing
  • Logs and metrics: Application logs and error reports are retained for 30 days for troubleshooting and performance monitoring

Your Rights

You have the following rights regarding your personal data:

  • Access: View all your personal data through your account settings
  • Export: Download your feed subscriptions in OPML format for import into other RSS readers
  • Correct: Update your email address and other account information at any time
  • Revoke access: Disconnect OAuth accounts (Google, Apple) and revoke individual login sessions from your account settings
  • Control features: Disable optional features like AI text processing for narration at any time
  • Delete: Delete your account and all associated data at any time from your account settings. Account deletion is permanent and cannot be undone.

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of any material changes by posting the updated policy on this page with a new "Last updated" date.

Contact

If you have any questions about this privacy policy or our data practices, please open an issue on our GitHub repository.