Last Updated: June 16, 2021
Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them.
What Information does Substack collect?
We collect and process Personal Information about you when you interact with us and our Services, as well as when you subscribe to any of our paid or unpaid Services. This may include:
your first and last name;
your email address;
your phone number;
your payment details (including billing address, credit card details, where you make a purchase from us);
your marketing preferences, including any consents you have given us;
information related to the browser or device you use to access our website (including your IP address);
any information we collect online from you and maintain in association with your account, such as your username and password;
any other information you provide us when communicating with us.
We also collect information on the use of our website via Cookies. Please view the section “Cookies” below for more information.
How does Substack use your Personal Information?
We process this Personal Information for the following purposes:
To establish and fulfill a contract with you, for example when you subscribe to a subscription Service. This may include verifying your identity, taking payments, communicating with you, providing customer service;
As required by Substack to enable our business and pursue our legitimate interests. In particular we use you Personal Information for the following purposes:
to provide Services you have requested, and respond to any communications, comments or complaints you send us;
to monitor the use of our Services and to help us monitor, improve and protect our Services, content and website;
allow you to create, maintain, customize and secure your account with us;
to personalize our Services for you;
to monitor any user accounts to prevent, investigate and/or report fraud, misrepresentation, terrorism, security incidents or crime in accordance with applicable law;
to invite you to take part in surveys or market research.
Where our use of Personal Information is made pursuant to a balancing of our legitimate interests with your privacy interest, we will provide more information about our balancing analysis and process on request. Please send any such requests to firstname.lastname@example.org.
Compliance with applicable laws and protection of Substack’s legitimate business interests and legal rights, including but not limited to use in connection with legal claims, compliance, regulatory, investigative purposes (including disclosure of such information in connection with legal process or litigation).
In addition, we will send you, based on your consent (if required), direct marketing communication in relation to our relevant Services, or other services provided by us, our affiliates and carefully selected partners. You can withdraw your consent at any time ("opt out"); see the section "What are your rights?" below. In case of electronic direct marketing you can opt out by following the instructions in the communication.
How will Substack share the Personal Information it receives?
We may share your Personal Information with third parties as described below:
Affiliates: We may disclose your Personal Information to our subsidiaries and/or corporate affiliates for the purposes as described above.
Publishers: when you subscribe to a Publisher’s Newsletter, we provide them the information necessary (including your name and email address) to provide you their newsletter(s).
Our Service Providers: We share your Personal Information with third party service providers that provide services on our behalf; for example, we use Stripe (a third party payment provider) to receive and process your credit card transactions for us. Such third parties further include, but are not limited to, providers of: website hosting; maintenance services; email services; security services; content delivery networks; customer support operations and software services; traffic and usage analytics services; and cloud storage and computing services.
Other users: If your user profile allows it, you may choose to populate certain user profile information, including, without limitation, your name, location, and any image content. Any user profile information uploaded may be displayed to other users to facilitate user interaction within the Services (including when you post comments or upload images or videos through the Services). Your account privacy settings may allow you to limit the other users who can see the Personal Information in your user profile and/or what information in your user profile is visible to others. Your username may also be displayed to other users if and when and other users can contact you through comments.
Prospective sellers or buyers: We may share and/or transfer customer information in connection with the sale or merger of our business or assets (subject to local laws). Also, if we go out of business, enter bankruptcy, or go through some other change of control.
In certain cases, we may anonymize your Personal Information in such a way that you can no longer be identified as an individual, and we reserve the right to use and share such anonymized information to trusted partners not specified here. However, we never disclose aggregated or de-identified information in a manner that could identify you as an individual.
Where will we send your Personal Information?
Is Personal Information about you secure?
Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, failure of the Services, or other factors may compromise the security of user information at any time.
What are your rights?
Depending on applicable local laws, you may be entitled to ask Substack for a copy of your Personal Information, to correct it, erase or restrict its processing, or to ask us to transfer some of this information to other organizations. You may also have rights to object to some processing activities or to request restriction of some processing activities. Where we have asked for your consent to process your Personal Information, you may also have the right to withdraw this consent. These rights may be limited in some situations or in accordance with applicable law – for example, we cannot delete your Personal Information when we can demonstrate that we have a legal obligation to retain it. In some instances, this may mean that we are able to retain data even if you withdraw your consent or you delete your account.
Where we require Personal Information to comply with legal or contractual obligations, then provision of such information is mandatory: if such information is not provided, then we will not be able to manage our contractual relationship, or to meet obligations placed on us. In all other cases, provision of requested personal data is optional. Please note we will always inform you where the provision of your Personal Information is mandatory or optional.
We hope that we can satisfy any queries you may have about the way we process your Personal Information. If you have any concerns about how we process your Personal Information, or would like to opt out of marketing, you can get in touch at email@example.com.
If you are a California consumer, please see the section further below titled “Additional Notices for California Residents” for more notices regarding your Personal Information.
You can access, edit, or delete some personal information by yourself
Through your account settings, you may access, and, in some cases, edit or delete the following information you’ve provided to us:
name and password
user profile information, including images you may have uploaded to the site
The information you can view, update, and delete may change as the Services change. If you'd like to delete your account, you can do so from your account page.
If you have any questions about viewing or updating information we have on file about you, please contact us at firstname.lastname@example.org.
You can unsubscribe from our marketing communications
You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our e-mails, updating your communication preferences or by contacting us at email@example.com.
You have the right to complain to your local data protection authority
In the event you have unresolved concerns, please note that you have the right to complain to a data protection authority. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries are available here.
How long will Substack retain your data?
We retain information about you only for as long as reasonably necessary to fulfill the purposes for which it was collected. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Automated individual decision-making, including profiling
We do not process your Personal Information for automated individual decision-making, including profiling.
We use the following categories of cookies on our website:
Category 1: Strictly Necessary Cookies
These cookies are essential in order to enable you to move around the website and use its features. Without these cookies, services you have asked for such as remembering your login details or data provided for a purchase cannot be provided.
Category 2: Performance Cookies
These cookies collect information on how people use our website. For example, we use Google Analytics cookies to help us understand how users arrive at our site, browse or use our site and highlight areas where we can improve areas such as navigation, website experience and marketing campaigns. The data stored by these cookies never shows personal details from which your individual identity can be established.
Category 3: Functionality Cookies
These cookies remember choices you make such as the country you visit our website from, language and search parameters such as number of guests, hotel, time of stay. These can then be used to provide you with an experience more appropriate to your selections and to make the visits more tailored and pleasant.
_cfduid, Persistent, Set by Cloudflare, identifies individual visitors privately and anonymously to help rate-limit and prevent malicious traffic, 30 days, .substack.com, https://www.cloudflare.com/privacypolicy/
substack.sid / connect.sid, Persistent, Session identifier (login, etc), 90 days max, .substack.com
ajs_anonymous_id, Persistent, First-party analytics tracking, 365 days, <subdomain>.substack.com
hideCookieBanner, Persistent, Remembers that the user dismissed cookie banner, 365 days, <subdomain>.substack.com
intro_popup_last_hidden_at, Persistent, Prevents showing introductory information the user has already seen, 10 years, <subdomain>.substack.com
visit_id, Persistent, First-party analytics tracking, 30 minutes, .substack.com
In addition to the cookies Substack uses, Publishers on Substack may choose to set certain tracking and analytics cookies, subject to the Publisher’s own terms and policies. These Publisher cookies may include cookies set by third parties such as Twitter, Facebook, Google, and Parse.ly.
Disabling and opting-out of cookies
Current versions of web browsers offer enhanced user controls regarding the placement and duration of both first and third party cookies. Search for "cookies" under your web browser's “Help menu” for more information on cookie management features available to you. You can enable or disable cookies by modifying the settings in your browser. You can also find out how to do this, and find more information on cookies at www.allaboutcookies.org. However, if you choose to disable cookies in your browser, you may be unable to complete certain activities on our websites or to correctly access certain parts of it. If you would like more information about interest-based advertising, including how to opt-out of these cookies, please visit http://youronlinechoices.eu/.
Information Collected From Other Websites and Do Not Track Policy
Questions about this policy?
The data controller for this processing is Substack, Inc.
If you have any questions or concerns regarding our privacy policies, please send us a detailed message to firstname.lastname@example.org or contact us at:
548 Market Street
San Francisco CA 94104
T +1 (415) 592-7299
We will try to resolve your concerns.
Additional Notices for California Residents