Privacy Policy
Effective July 12, 2026
The short version: we collect what the product needs to work, we run our own analytics instead of handing your behavior to ad networks, we never sell your data, and you can delete everything yourself from Settings. Details below. Questions: hello@wisdomly.co.
1. What we collect
Account. Email, username, display name, optional bio, and a hash of your password (we can't see the password itself).
Reading activity. Which books you open, save, unlock, and finish, your position in each book, your reading streak, and the interests you pick during onboarding. This is what makes progress, your library, and recommendations work.
Your writing. Sparks you draft and publish, including their review status and editor notes.
Product analytics. First-party event records (like “signed up”, “read an idea”, “shared a link”) stored in our own database. We do not use third-party analytics, advertising trackers, or fingerprinting. Anonymous visitors are not profiled — anonymous events carry no account identity.
Billing. If you go Premium, Stripe processes the payment. We store only your Stripe customer/subscription identifiers and subscription status — never card numbers.
2. Cookies
One essential cookie: your session (httpOnly, so scripts can't read it). No advertising or cross-site tracking cookies, which is why you don't see a cookie banner.
3. How we use your data
To run the product (progress, library, streaks, recommendations, Sparks review), to bill Premium subscriptions, to send the emails you'd expect (verification, password reset, and a weekly reading digest you can switch off in Settings — every digest carries a one-click unsubscribe link), and to understand in aggregate how the product is used so we can improve it. Legal bases, where GDPR applies: performance of our contract with you, and our legitimate interest in improving a service you chose to use.
4. Who else touches your data
Three processors, each seeing only what their job requires: Stripe (payments), Resend (transactional email), and our hosting provider (the servers and database live there). We never sell personal data and never share it with advertisers. We'd disclose data only if the law genuinely compels it.
5. Retention and deletion
Your data stays while your account exists. Delete your account in Settings and your profile, progress, library, unlocks, sessions, and subscription records are removed immediately; your analytics events are anonymized (the link to you is severed). Published Sparks are deleted with the account. Backups age out on a rolling schedule.
6. Your rights
Access, correction, export, deletion, and objection — regardless of where you live. Most of it is self-serve (Settings covers your profile and full account deletion). For a copy of your data or anything else, email hello@wisdomly.co and we'll respond within 30 days. EU/UK residents may also complain to their local data protection authority.
7. Security
Passwords are hashed with scrypt; session tokens are stored only as hashes; all traffic is encrypted in transit; payment webhooks are signature-verified. No system is perfect — if a breach ever affects your data, we'll tell you promptly and plainly.
8. Children
Wisdomly isn't directed at children under 13 (or the higher age your country sets), and we don't knowingly collect their data. If you believe a child has an account, email us and we'll remove it.
9. Changes
If we change this policy in a way that matters, we'll notify you before it takes effect. The date at the top always tells you when it last changed.
See also: Terms of Service