Privacy policy

Recap.at is a free archive. We collect as little personal data as the site can reasonably function with. Most of what reaches our servers is technical - request logs, anonymized analytics, aggregate reaction counts. This page explains what's collected, why, and how to opt out.

Who we are

Recap.at is the publisher of this website and the operator of the Recap.at REST API + MCP server. For any privacy question, contact privacy@recap.at.

What we collect

1. Server access logs

When you visit a page or call the API, our hosting provider logs the request (IP address, user agent, URL, HTTP status, response time, timestamp). These logs are retained for up to 30 days for security, abuse-prevention, and basic operational visibility. They are not joined with any account-level identifier on this site.

2. Privacy-first reactions

On each recap chapter you can click a small emoji to react. Your individual choice is stored only in your browser (localStorage) - we never see which emoji you, specifically, picked. The site sends a single anonymous aggregate increment to the server (e.g. "+1 to ❤️ on this chapter"), accompanied by your country as derived from your IP at the edge. Country is the only attribute we retain about a reaction; no IP, no session, no fingerprint.

3. Journey progress (your device only)

If you scroll a recap or complete a journey, the page records that on your device via localStorage. Achievement unlocks + "where you've been" overlays run entirely in your browser. We never see this data unless you explicitly share it (e.g. by pasting it into a support ticket).

4. Newsletter signups (opt-in)

If you submit your email to the newsletter, we store your address + the source (which page invited you) and a confirmation timestamp. You can unsubscribe with one click from any newsletter we send. We never sell or share your email.

5. API key + billing data

If you create a Recap.at API key, we store the key, your email, your chosen tier, your per-day call counts, and (when on a paid tier) your subscription identifier from our payment processor (Polar.sh). Credit card details are stored by the payment processor, never by Recap.at.

6. Analytics (Google Analytics)

We use Google Analytics 4 to understand which recaps are being read, which paths visitors take, and where pages can be improved. GA4 receives a pseudonymous client identifier from your browser, the URL of the page, the referring URL if any, device characteristics (e.g. mobile vs desktop), and an IP-derived region. We've disabled GA's user-data signals + Ads-related features by default. Reactions, journey progress, and content of forms are NOT forwarded to GA.

If you do not want to be measured this way, GA4 honors the standard opt-out browser add-on and Google's data deletion request flow.

7. Advertising (future, conditional)

Recap.at currently shows no third-party advertising. To sustain the archive's growth, we may, in the future, introduce non-intrusive contextual or display advertising on free pages. If we do:

• ·We will update this policy with the specific ad networks involved, the data those networks may receive, and any cookies they place.
• ·A clear consent banner will appear for EU / UK / EEA / Brazil visitors before any tracking cookie or ad-network request fires, in line with GDPR / UK DPA / LGPD.
• ·Paid API tiers will remain ad-free; ads (when present) will be confined to the free reader-facing surface.
• ·Personal data (newsletter address, API key email, journey state) will never be shared with ad networks.

What we don't collect

• We never sell your data.
• We never store the specific emoji you picked on a reaction.
• We never sync journey progress to the server - it stays on your device.
• We never attempt to fingerprint your browser beyond what the user-agent header tells us.
• We don't run social-share trackers (Facebook Pixel, LinkedIn Insight, etc.). Sharing happens via plain `Web Share API` or copy-link.

Cookies

The site uses a small number of first-party cookies + similar local-storage entries for: dark-mode preference, journey progress, achievement state, newsletter dismissal memory. Google Analytics sets pseudonymous identifiers.

When (and only when) we add advertising or any third-party tracking, you'll see a consent banner that lets you allow / deny non-essential cookies. Until that ships, no consent banner is shown because none is needed under the relevant laws.

Your rights

Depending on where you live, you have rights to access, correct, delete, or export your personal data. For Recap.at, this applies in practice to:

• Your newsletter email (deletion = unsubscribe link).
• Your API key data (deletion = email privacy@recap.at from the address tied to the key).
• Your GA4 client identifier (use Google's deletion request flow linked above).

Reaction aggregates + journey progress can't be deleted because there's nothing to look up - those are anonymous / local-only.

Children

Recap.at is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, email privacy@recap.at and we'll delete it.

International transfers

Recap.at is hosted on infrastructure that may process your data in the United States, the European Union, or other jurisdictions. We rely on Standard Contractual Clauses + the EU-U.S. Data Privacy Framework (where applicable) for cross-border transfers.

Changes to this policy

We may update this policy as the service evolves (new sources, new ad networks, new tiers). The "Last updated" timestamp at the top of this page reflects the most recent change. Material changes - anything that materially expands data collection - will be announced via the homepage banner for 30 days before they take effect.

Related: our Terms of Service, the Developer docs, and the API pricing page.