Privacy
Privacy Policy
What data APN collects, why, how long it stays, and the controls you have over it. Short version: account data only when you sign up, no selling, ask for deletion any time.
1#Who runs APN
APN is operated by All Patch Notes. The service runs at allpatchnotes.com once it launches publicly. Until then it lives at web2.allpatchnotes.com behind a crawl block.
2#What we collect
Only what is needed to run the product.
- Account data when you sign up: email, display name, profile preferences, sign-in identifiers.
- Activity data: what you saved, who you follow, notification settings, theme.
- Usage data: search queries, page views, content interactions. Anonymized at the analytics layer.
- Technical data: IP address, user agent, locale, screen size, Cloudflare request identifiers used for security and rate limiting.
- Messages: whatever you send to contact.
APN is not for children under 13 (or under 16 where local law sets that bar). See section 10.
3#How we use it
The data above is used to:
- Run the feed, search, save, and follow.
- Send account messages (sign-in, password reset, security notices).
- Send optional product email you opted into (digests, breaking patch alerts).
- Improve search ranking and coverage decisions.
- Keep the service secure and meet legal obligations.
4#Legal bases (EEA / UK)
If GDPR or UK GDPR applies to you, we rely on one of these grounds:
- Contract: to deliver the APN service you signed up for.
- Legitimate interests: to operate, secure, and improve the product, balanced against your rights.
- Consent: for optional analytics and any feature that explicitly asks for it.
- Legal obligation: when retention or disclosure is required by law.
5#Sharing and subprocessors
APN does not sell personal data. The providers below run pieces of the service on our behalf under contract.
| Provider | Purpose | Region | Data category |
|---|---|---|---|
| Cloudflare | Edge delivery, DDoS protection, Workers runtime | Global edge | Technical, security |
| Supabase | Authenticated database and identity | EU / US (configurable) | Account, activity |
| Typesense | Search index, self-hosted on APN infrastructure | EU | Usage, content metadata |
| Email provider | Account messages and digests (named at public launch) | EU / US | Account, communications |
| Google Analytics 4 | Aggregated, consent-gated usage measurement (IP anonymized, Consent Mode v2) | US / EU (Standard Contractual Clauses) | Usage, anonymized |
Data goes to law enforcement only when legally compelled, and only the minimum required.
6#International transfers
APN runs on global edge infrastructure. When data crosses borders, the transfer is covered by Standard Contractual Clauses, the UK IDTA, or the equivalent mechanism for your jurisdiction.
7#Retention
Data is kept only as long as it serves the purpose it was collected for.
| Data | Retention |
|---|---|
| Account data | While the account is active. Deleted within 30 days of a deletion request. |
| Activity (saved, follows, preferences) | Tied to your account lifecycle. |
| Anonymized analytics | Up to 24 months in aggregate. |
| Security logs | Up to 90 days unless an incident requires more. |
| Support correspondence | Up to 24 months after the case closes. |
8#Your rights
Your rights, in plain English
Under GDPR, UK GDPR, CCPA/CPRA, LGPD, PIPEDA, and similar laws, you can:
- Ask what personal data APN holds about you.
- Correct it if it is wrong.
- Delete your account and the data tied to it.
- Export your data in a machine-readable format.
- Object to or restrict some processing.
- Withdraw consent at any time, without affecting prior processing.
- Lodge a complaint with your data protection authority.
To use any of these rights, email contact@allpatchnotes.com with subject "Privacy request". APN responds within 30 days and may need to verify who you are for sensitive requests.
9#Security
APN uses TLS for traffic, hashed passwords, scoped service tokens, row-level security on user-owned tables, and least-privilege access for the team. No service is fully secure. If you find a vulnerability, see the Report an issue page for how to disclose it.
10#Children
APN is for general audiences but is not aimed at children under 13 (or under 16 where local law requires that). If you believe a child has signed up, contact us and we will delete the account.
11#Changes to this policy
Material changes get posted here with a new effective date. For significant changes, account holders also get an email or an in-product banner.
★Privacy contact
Email contact@allpatchnotes.com with subject "Privacy request" for data access, correction, deletion, or export.
Privacy · Terms · Cookies · Accessibility · Contact