Privacy Policy
1. Introduction
Rally News ("we", "us", or "our"), operated by Sam Brooks, is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it.
Rally News is hosted and operated in Europe. We are subject to the General Data Protection Regulation (GDPR) (EU 2016/679) and applicable national data protection laws.
2. Data Controller
The data controller for your personal information is:
Sam Brooks
Rally News — rally.news
support@rally.news
3. What Data We Collect
3.1 Account Data (when you sign in)
If you choose to create an account using Google or Mastodon, we receive from those providers and store:
- Your display name
- Your profile photo URL (if provided)
- A unique identifier from the authentication provider (Google UID or Mastodon account ID)
- The authentication provider used (Google or Mastodon)
We do not receive or store your Google or Mastodon password.
3.2 Preference Data
If you are signed in, we store your Rally News preferences in our database (Firebase Firestore), including:
- Your selected news categories
- Your preferred news sources
- Your selected region
- Your preferred language
3.3 Saved Stories
If you use the "Save" feature, we store article metadata (title, URL, source name, and image URL) in our database linked to your account.
3.4 Usage Data (Analytics)
We use Google Analytics (GA4) to collect anonymised data about how the Service is used. This may include:
- Pages visited and navigation patterns
- Device type, browser, and operating system
- Approximate geographic location (country/city level, derived from IP address)
- Session duration and interaction events
Google Analytics data is processed in accordance with Google's Privacy Policy. We have configured Google Analytics to anonymise IP addresses where required.
3.5 Local Storage (No-Account Users)
If you use the Service without signing in, your language preference and theme setting are stored locally in your browser's localStorage. This data is not transmitted to our servers.
3.6 Advertising
We display advertisements through Adcash, a third-party advertising network. Adcash may use cookies or similar tracking technologies to serve relevant ads. We do not share your personal account data with advertisers. For details on how Adcash processes data, see their privacy policy at adcash.com/legal.
4. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| To provide account functionality (saving stories, syncing preferences) | Performance of a contract (Art. 6(1)(b)) |
| To authenticate your identity via Google or Mastodon | Performance of a contract (Art. 6(1)(b)) |
| To analyse and improve the Service (Google Analytics) | Legitimate interests (Art. 6(1)(f)) |
| To display contextual advertising | Legitimate interests (Art. 6(1)(f)) / Consent where required |
| To comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling that has legal or similarly significant effects on you.
5. Data Retention
- Account and preference data: Retained for as long as your account is active. If you delete your account, we will delete your stored data within 30 days.
- Saved stories: Retained as part of your account data and deleted when your account is deleted.
- Google Analytics data: Retained in accordance with Google's data retention settings (we use a 14-month retention window).
- Local storage data: Stored only in your browser and under your control at all times.
6. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Firebase (Google) | Authentication and database | policies.google.com/privacy |
| Google Analytics | Usage analytics | policies.google.com/privacy |
| Adcash | Advertising | adcash.com/legal |
| mastodon.social | Mastodon OAuth authentication | mastodon.social/privacy-policy |
| Google Fonts | Font loading | policies.google.com/privacy |
We make reasonable efforts to ensure these providers maintain appropriate data protection standards.
7. Cookies and Similar Technologies
The Service uses the following:
- Session and authentication cookies: Set by Firebase to maintain your login session.
- Analytics cookies: Set by Google Analytics to measure usage.
- Advertising cookies: May be set by our advertising network.
- Browser localStorage: Used to store your local preferences (theme, language) without account creation.
Where required by applicable law (including the EU ePrivacy Directive), we will request your consent before placing non-essential cookies.
8. Data Transfers
Firebase and Google Analytics are operated by Google LLC, which may process data outside the European Economic Area (EEA). Google relies on Standard Contractual Clauses and other appropriate transfer mechanisms approved by the European Commission to ensure adequate protection of your data.
9. Your Rights Under GDPR
If you are located in the EEA or the UK, you have the following rights in relation to your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data ("right to be forgotten").
- Right to restriction: Request that we restrict processing of your data in certain circumstances.
- Right to data portability: Request your data in a machine-readable format.
- Right to object: Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at support@rally.news. We will respond within 30 days.
You also have the right to lodge a complaint with your national data protection supervisory authority. As Rally News is based in Germany, our lead supervisory authority is the relevant German state data protection authority (Datenschutzbeauftragter). You can also contact the EU-level body at: edpb.europa.eu.
10. Children's Privacy
The Service is not directed at children under the age of 18. We do not knowingly collect personal data from children under 18. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
11. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include the use of Firebase's security infrastructure, HTTPS encryption, and access controls. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy on this page with a revised "Last updated" date. For significant changes affecting your rights, we will take additional steps to inform signed-in users.
13. Contact
If you have any questions, concerns, or requests relating to this Privacy Policy, please contact:
Sam Brooks
Rally News — rally.news
support@rally.news
