Documents

Privacy Policy

Last Updated: September 3, 2021

Substack Inc. knows you care about how your personal information is used and shared, and we take your privacy seriously. This Privacy Policy outlines how we collect, use, and share your personally identifiable information ("Personal Information") through our website (www.substack.com) and our services. Please read it carefully. 

Remember that your use of Substack is at all times subject to the Terms of Use, which incorporates this Privacy Policy. Any terms we use in this Privacy Policy without defining them have the definitions given to them in the Terms of Use

This Privacy Policy includes additional notices that may apply to you if you are a California consumer. Please see the section further below titled "Additional Notices for California Residents" for more details. 

What does this Privacy Policy cover?

This Privacy Policy details how we collect, receive, use, store, share, transfer and process your Personal Information. It also describes the choices you have regarding the use of your Personal Information, as well as your rights and how you execute these rights.

This Privacy Policy only applies to the processing of your Personal Information by Substack as data controller, meaning where we process your Personal Information for our purposes. This Privacy Policy does not apply to any processing of your Personal Information by Substack as a data processor on behalf of a Publisher. Publishers will have their own privacy practices governing their use of Personal Information as outlined in their own terms of use and/or privacy policies.

Will Substack ever change this Privacy Policy?

We’re constantly trying to improve our services, so we may need to change this Privacy Policy from time to time as well, but we will alert you to changes by placing a notice on our site, by sending you an email, and/or by some other means. 

Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of Substack, and you are still responsible for reading and understanding them. 

What Information does Substack collect?

We collect and process Personal Information about you when you interact with us and our services, as well as when you subscribe to any of our paid or unpaid services. This may include:

  • your first and last name;

  • your email address;

  • your phone number;

  • your payment details (including billing address, credit card details, where you make a purchase from us); 

  • your location and/or mailing address;

  • your photograph;

  • your marketing preferences, including any consents you have given us;

  • information related to the browser or device you use to access our website (including your IP address);

  • any information we collect online from you and maintain in association with your account, such as your username and password;

  • your subscription status with Substack newsletters;

  • any other information you provide us when communicating with us.

We also collect information on the use of our website via Cookies. Please view the section “Cookies” below for more information.

How does Substack use your Personal Information?

We process this Personal Information for the following purposes:

  • To establish and fulfill a contract with you, for example when you subscribe to a subscription Service. This may include verifying your identity, taking payments, communicating with you, providing customer service;

  • As required by Substack to enable our business and pursue our legitimate interests. In particular we use you Personal Information for the following purposes:

    • to provide services you have requested, and respond to any communications, comments or complaints you send us;

    • to monitor the use of our services and to help us monitor, improve and protect our services, content and website;

    • allow you to create, maintain, customize and secure your account with us; 

    • to personalize our services for you;

    • to monitor any user accounts to prevent, investigate and/or report fraud, misrepresentation, terrorism, security incidents or crime in accordance with applicable law;

    • to invite you to take part in surveys or market research.

    • Where our use of Personal Information is made pursuant to a balancing of our legitimate interests with your privacy interest, we will provide more information about our balancing analysis and process on request. Please send any such requests to privacy@substackinc.com. 

  • Compliance with applicable laws and protection of Substack’s legitimate business interests and legal rights, including but not limited to use in connection with legal claims, compliance, regulatory, investigative purposes (including disclosure of such information in connection with legal process or litigation). 

  • In addition, we will send you, based on your consent (if required), direct marketing communication in relation to our relevant services, or other services provided by us, our affiliates and carefully selected partners. You can withdraw your consent at any time ("opt out"); see the section "What are your rights?" below. In case of electronic direct marketing you can opt out by following the instructions in the communication.

  • In certain cases, we may also share some Personal Information with third parties, but only as described in this Privacy Policy.

How will Substack share the Personal Information it receives?

We may share your Personal Information with third parties as described below:

  • Affiliates: We may disclose your Personal Information to our subsidiaries and/or corporate affiliates for the purposes as described above.

  • Publishers: when you subscribe to a Publisher’s Newsletter, we provide them the information necessary (including your name and email address) to provide you their newsletter(s). 

  • Our Service Providers: We share your Personal Information with third party service providers that provide services on our behalf; for example, we use Stripe (a third party payment provider) to receive and process your credit card transactions for us. Such third parties further include, but are not limited to, providers of: website hosting; maintenance services; email services; security services; content delivery networks; customer support operations and software services; traffic and usage analytics services; and cloud storage and computing services.

  • Other users: If your user profile allows it, you may choose to populate certain user profile information, including, without limitation, your name, subscriptions, publications, location, and any image content. Any user profile information uploaded may be displayed to other users to facilitate user interaction within the services (including when you post comments or upload images or videos through the services). Your account privacy settings may allow you to limit the other users who can see the Personal Information in your user profile and/or what information in your user profile is visible to others. Your username may also be displayed to other users if and when and other users can contact you through comments.

  • Prospective sellers or buyers: We may share and/or transfer customer information in connection with the sale or merger of our business or assets (subject to local laws). Also, if we go out of business, enter bankruptcy, or go through some other change of control. 

  • Government authorities and/or law enforcement officials: If required for the purposes as described in this Privacy Policy, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws we may share Personal Information with competent regulatory, prosecuting, tax or governmental authorities, courts or other tribunals in any jurisdiction or markets, domestic or foreign. 

In certain cases, we may anonymize your Personal Information in such a way that you can no longer be identified as an individual, and we reserve the right to use and share such anonymized information to trusted partners not specified here. However, we never disclose aggregated or de-identified information in a manner that could identify you as an individual.

Where will we send your Personal Information? 

Substack is established in the US and uses service providers established both in the US and in other countries to process Personal Information as described in this Privacy Policy. As such, your Personal Information may be shared internationally.

Is Personal Information about you secure?

Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, failure of the services, or other factors may compromise the security of user information at any time.

What are your rights?

Depending on applicable local laws, you may be entitled to ask Substack for a copy of your Personal Information, to correct it, erase or restrict its processing, or to ask us to transfer some of this information to other organizations. You may also have rights to object to some processing activities or to request restriction of some processing activities. Where we have asked for your consent to process your Personal Information, you may also have the right to withdraw this consent. These rights may be limited in some situations or in accordance with applicable law – for example, we cannot delete your Personal Information when we can demonstrate that we have a legal obligation to retain it. In some instances, this may mean that we are able to retain data even if you withdraw your consent or you delete your account. 

Where we require Personal Information to comply with legal or contractual obligations, then provision of such information is mandatory: if such information is not provided, then we will not be able to manage our contractual relationship, or to meet obligations placed on us. In all other cases, provision of requested personal data is optional. Please note we will always inform you where the provision of your Personal Information is mandatory or optional.

We hope that we can satisfy any queries you may have about the way we process your Personal Information. If you have any concerns about how we process your Personal Information, or would like to opt out of marketing, you can get in touch at privacy@substackinc.com. 

If you are a California consumer, please see the section further below titled “Additional Notices for California Residents” for more notices regarding your Personal Information.

You can access, edit, or delete some personal information by yourself

Through your account settings, you may access, and, in some cases, edit or delete the following information you’ve provided to us:

  • name and password

  • email address

  • user profile information, including images you may have uploaded to the site

The information you can view, update, and delete may change as the services change. If you'd like to delete your account, you can do so from your account page.

If you have any questions about viewing or updating information we have on file about you, please contact us at privacy@substackinc.com.

You can unsubscribe from our marketing communications

You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our e-mails, updating your communication preferences or by contacting us at privacy@substackinc.com.

We remind you that this Privacy Policy does not apply to any processing of your Personal Information by Substack as a data processor on behalf of a Publisher. A Publisher’s own terms and policies govern its use of Personal Information it collects on the Publisher’s subdomain on the services, including their own marketing emails and other communications. 

You have the right to complain to your local data protection authority

In the event you have unresolved concerns, please note that you have the right to complain to a data protection authority. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries are available here.

How long will Substack retain your data?

We retain information about you only for as long as reasonably necessary to fulfill the purposes for which it was collected. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

Automated individual decision-making, including profiling

We do not process your Personal Information for automated individual decision-making, including profiling. 

Cookies 

We use cookies on our website. Cookies are small text files sent by a web server to your web browser and saved locally on your computer. The cookie allows the server to uniquely identify the browser on each page. Cookies do not cause any harm to your computer and do not contain viruses. 

We use the following categories of cookies on our website:

Category 1: Strictly Necessary Cookies

These cookies are essential in order to enable you to move around the website and use its features. Without these cookies, services you have asked for such as remembering your login details or data provided for a purchase cannot be provided. 

Category 2: Performance Cookies

These cookies collect information on how people use our website. For example, we use Google Analytics cookies to help us understand how users arrive at our site, browse or use our site and highlight areas where we can improve areas such as navigation, website experience and marketing campaigns. The data stored by these cookies never shows personal details from which your individual identity can be established. 

Category 3: Functionality Cookies

These cookies remember choices you make such as the country you visit our website from, language and search parameters such as number of guests, hotel, time of stay. These can then be used to provide you with an experience more appropriate to your selections and to make the visits more tailored and pleasant. 

Cookie Name: _cfduid

Cookie Type: Persistent

Cookie Purpose: Set by Cloudflare, identifies individual visitors privately and anonymously to help rate-limit and prevent malicious traffic

Cookie Lifetime: 30 days

Cookie Domain: .substack.com

Vendor Privacy Policy (if applicable): https://www.cloudflare.com/privacypolicy/

Cookie Name: substack.sid / connect.sid

Cookie Type: Persistent

Cookie Purpose: Session identifier (login, etc)

Cookie Lifetime: 90 days max

Cookie Domain: .substack.com

Vendor Privacy Policy (if applicable):

Cookie Name: ajs_anonymous_id

Cookie Type: Persistent

Cookie Purpose: First-party analytics tracking

Cookie Lifetime: 365 days

Cookie Domain: <subdomain>.substack.com

Vendor Privacy Policy (if applicable):

Cookie Name: hideCookieBanner

Cookie Type: Persistent

Cookie Purpose: Remembers that the user dismissed cookie banner

Cookie Lifetime: 365 days

Cookie Domain: <subdomain>.substack.com

Vendor Privacy Policy (if applicable):

Cookie Name: intro_popup_last_hidden_at

Cookie Type: Persistent

Cookie Purpose: Prevents showing introductory information the user has already seen

Cookie Lifetime: 10 years

Cookie Domain: <subdomain>.substack.com

Vendor Privacy Policy (if applicable):

Cookie Name: visit_id

Cookie Type: Persistent

Cookie Purpose: First-party analytics tracking

Cookie Lifetime: 30 minutes

Cookie Domain: .substack.com

Vendor Privacy Policy (if applicable):

Publisher cookies

In addition to the cookies Substack uses, Publishers on Substack may choose to set certain tracking and analytics cookies, subject to the Publisher’s own terms and policies. These Publisher cookies may include cookies set by third parties such as Twitter, Facebook, Google, and Parse.ly.

Disabling and opting-out of cookies

Current versions of web browsers offer enhanced user controls regarding the placement and duration of both first and third party cookies. Search for "cookies" under your web browser's “Help menu” for more information on cookie management features available to you. You can enable or disable cookies by modifying the settings in your browser. You can also find out how to do this, and find more information on cookies at www.allaboutcookies.org. However, if you choose to disable cookies in your browser, you may be unable to complete certain activities on our websites or to correctly access certain parts of it. If you would like more information about interest-based advertising, including how to opt-out of these cookies, please visit http://youronlinechoices.eu/.

Information Collected From Other Websites and Do Not Track Policy

Through cookies we place on your browser or device, we may collect information about your online activity after you leave our website. Just like any other usage information we collect, this information allows us to improve the services and customize your online experience, and otherwise as described in this Privacy Policy. Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the services and after you leave our services.

Questions about this policy?

The data controller for this processing is Substack, Inc.

If you have any questions or concerns regarding our privacy policies, please send us a detailed message to privacy@substackinc.com or contact us at:

Substack Inc.
111 Sutter Street, 7th Floor
San Francisco CA 94104
USA 

T +1 (415) 592-7299

We will try to resolve your concerns.

Additional Notices for California Residents

Substack has prepared additional disclosures and notices consistent with the California Consumer Privacy Act (CCPA). Our CCPA Policy, the terms of which are incorporated by reference into this Privacy Policy, can be found here.