Privacy Policy
Last updated: June 2026
1. Data Controller
This website is operated by A2Z News. If you have questions about this policy, contact us at [email protected].
2. What Data We Collect
We collect the following categories of personal data:
- Essential data: Authentication token, consent state, theme, language, font size, CEFR level, timezone, location, and category — required for the site to function properly. Stored in your browser and cookies.
- Analytics: Aggregate daily visit counts (total and per CEFR level) and authenticated user streak history. This tracks which days you visited, not individual pages. Requires your consent.
- Functional data: Favorites, vocabulary bank, and translation preferences — stored locally and synced for logged-in users under legitimate interest (GDPR Art. 6(1)(f)). You can opt out at any time via cookie settings.
- Account data: When you sign in with Google, we store your Google ID, email address, display name, and avatar URL. This data is used to provide your account and may be synced with your preferences, favorites, and vocabulary bank.
- Rate limiting data: When using the translation feature, your IP address is temporarily processed in server memory for up to 60 seconds to prevent abuse. This data is never persisted to disk or stored in our database.
3. Legal Basis
Essential data is processed under GDPR Article 6(1)(b) (necessary for service provision). Functional data (favorites, vocabulary, translation preferences) is processed under legitimate interest (GDPR Article 6(1)(f)) — saving your preferences is necessary to deliver the feature you are actively using. You can opt out at any time. Analytics data is processed under your consent (GDPR Article 6(1)(a)). Account data is processed under your consent when you sign in with Google.
4. Purpose of Processing
- Preferences: To remember your theme, language, font size, level, timezone, location, and category settings.
- Analytics: To display daily visit counts as a transparency feature (aggregate only).
- Favorites & Vocabulary: To let you save and export articles and words.
- Account data: To provide login functionality, sync your data across devices, and personalize your experience.
5. Data Retention
Preference and analytics cookies persist for up to 1 year. You can clear them at any time using your browser settings or the "Clear All My Data" option in the consent settings. Visit tracking aggregates are reset daily and are not linked to individual users. Account data is retained until you delete your account.
- Visit data is retained for 2 years and then automatically deleted.
- Accounts inactive for more than 5 years will be permanently deleted to protect user privacy.
- You can export all your data at any time using the "Download My Data" feature in your account menu.
6. Your Rights
Under GDPR, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Withdraw consent at any time (use the "Cookie Settings" button in the sidebar or menu)
- Request deletion of your data (use "Clear All My Data" in consent settings, or "Delete account" in the sidebar if signed in)
- Data portability (export your favorites and vocabulary from the app)
You can also download all your data at any time using the "Download My Data" button in your account menu. This includes your profile, preferences, favorites, vocabulary bank, and visit history.
7. Third-Party Services
We use Google OAuth for sign-in. When you sign in, Google shares your email address, display name, and profile picture with us.
We do not use Google Analytics, Facebook Pixel, or any other third-party analytics or tracking services.
8. Cookie Details
The following cookies may be set on your device:
| Cookie Name | Category | Purpose | Expiry |
|---|---|---|---|
auth_token | Essential | Authentication (JWT). HttpOnly, Secure, SameSite=Lax. | 7 days |
news-reader-consent | Essential | Stores your cookie consent choices. | 1 year |
news-reader-theme | Preferences | Remembers your light/dark theme choice. | 1 year |
news-reader-language | Preferences | Remembers your language (en/zh). | 1 year |
news-reader-font-scale | Preferences | Remembers your font size setting. | 1 year |
news-reader-level | Preferences | Remembers your CEFR level (A2, B2, C2, ZH). | 1 year |
news-reader-timezone | Preferences | Remembers your detected timezone. | 1 year |
news-reader-location | Preferences | Remembers your selected news location filter. | 1 year |
news-reader-category | Preferences | Remembers your selected news category filter. | 1 year |
news_visit_sent | Analytics | Dedup: prevents double-counting site visits per day. | Until next UTC midnight |
news_visit_sent_{level} | Analytics | Dedup: prevents double-counting per-level visits per day. | Until next UTC midnight |
9. Authentication Cookies
When you sign in, we set an HttpOnly cookie named auth_token that contains a JSON Web Token (JWT). This cookie is used to authenticate your requests and expires after 7 days. It is set with Secure and SameSite=Lax attributes for security.
10. Data Deletion Rights
You can delete your account at any time from the sidebar menu. Account deletion permanently removes your account and all synced data from our servers, including your preferences, favorites, vocabulary bank, visit history, and OAuth tokens. Local data stored in your browser will also be cleared upon account deletion.
11. Data Security
All connections to this website are encrypted using TLS (HTTPS). Authentication tokens are stored in HttpOnly, Secure cookies and are never exposed to client-side JavaScript. Database access is limited to the minimum necessary operations. We do not collect IP addresses beyond what is necessary for serving the website.
12. Changes to This Policy
We may update this policy from time to time. Changes will be reflected in the "Last updated" date above.
13. Contact
For any questions about this privacy policy or to exercise your data rights, contact: [email protected].