This Privacy Policy explains what information Drift (the “Service”), operated by Drift (“we,” “us”), collects, how we use it, and the choices you have. Drift is a calm RSS reader; we collect only what we need to run it.
1. Information We Collect
We collect the following, and nothing more than what the Service needs to function:
- Account information. Your email address and your password. Your password is never stored in readable form — we keep only a one-way cryptographic hash of it.
- Session and device information. When you sign in, we record a session for each device, including your IP address, your browser’s user-agent string, and the time of access. This keeps you logged in and helps us detect abuse.
- Your subscriptions. The RSS/Atom feeds you add and any custom titles you give them.
- Reading activity. Which entries you have read or starred, and when, so the Service can show your unread counts, stars, and activity.
We do not use third-party advertising or analytics trackers, and we do not sell your personal information.
2. Cookies
Drift uses only the cookies it needs to work:
- Session cookie — a signed, HttpOnly cookie that keeps you signed in. It is strictly necessary for the Service.
- Theme cookie — remembers whether you prefer the light or dark reading theme.
We do not use cookies for advertising or cross-site tracking.
3. How We Use Your Information
- to provide, maintain, and secure the Service;
- to authenticate you and keep your session active;
- to fetch the feeds you subscribe to and present their entries to you;
- to send you essential account emails, such as password-reset messages; and
- to detect, prevent, and respond to fraud, abuse, or security incidents.
4. Feed Fetching and Third Parties
To deliver your feeds, our servers periodically request content directly from the feed publishers you choose. These requests are made by Drift’s servers, not from your browser, so your personal IP address is not shared with those publishers.
Some pages load the IBM Plex Mono webfont from Google Fonts
(fonts.googleapis.com and fonts.gstatic.com). When a
page loads, your browser contacts Google to retrieve the font, which means your
IP address and request headers are shared with Google for that purpose.
We also rely on infrastructure providers — Resend (email delivery), Cloudflare (DNS), and our server hosting provider — to host the Service and deliver email. These providers process data only on our behalf and under appropriate safeguards.
5. Data Retention
We keep your account information and the data above for as long as your account is active. Session records are retained until they expire or you sign out. When your account is deleted, we delete or anonymize the associated personal information, except where we must retain it to comply with legal obligations.
6. Your Rights and Choices
Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. Drift does not yet offer self-service account deletion; to exercise any of these rights, contact us at [email protected] and we will respond within a reasonable time. You can also sign out at any time to end a session.
7. Security
We take reasonable measures to protect your information: passwords are stored only as one-way hashes, the session cookie is signed and HttpOnly, and access to data is limited. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
8. Children’s Privacy
Drift is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.
9. Changes to This Policy
We may update this Policy from time to time. When we do, we will revise the “Last updated” date above and, for material changes, provide notice by a reasonable means.
10. Contact
Questions about your privacy or this Policy? Reach us at [email protected].