Privacy
Privacy Policy
What data APN collects, why, how long it stays, and the controls you have over it. Short version: account data only when you sign up, no selling, ask for deletion any time.
1#Who runs APN
APN is operated by All Patch Notes. The public service runs at allpatchnotes.com. Staging environments, when present, remain blocked from indexing and are not part of the public service.
2#What we collect
Only what is needed to run the product.
- Account data when you sign up: email, display name, profile preferences, sign-in identifiers.
- Activity data: what you saved, who you follow, notification settings, theme.
- Usage data: search queries, page views, content interactions. Anonymized at the analytics layer.
- Technical data: IP address, user agent, locale, screen size, Cloudflare request identifiers used for security and rate limiting.
- Messages: whatever you send to contact.
APN is not for children under 13 (or under 16 where local law sets that bar). See section 10.
3#How we use it
The data above is used to:
- Run the feed, search, save, and follow.
- Send account messages (sign-in, password reset, security notices).
- Send optional product email you opted into (digests, breaking patch alerts).
- Improve search ranking and coverage decisions.
- Keep the service secure and meet legal obligations.
4#Legal bases (EEA / UK)
If GDPR or UK GDPR applies to you, we rely on one of these grounds:
- Contract: to deliver the APN service you signed up for.
- Legitimate interests: to operate, secure, and improve the product, balanced against your rights.
- Consent: for optional analytics and any feature that explicitly asks for it.
- Legal obligation: when retention or disclosure is required by law.
5#Sharing and subprocessors
APN does not sell personal data. The providers below run pieces of the service on our behalf under contract.
| Provider | Purpose | Region | Data category |
|---|---|---|---|
| Cloudflare | Edge delivery, DDoS protection, Workers runtime | Global edge | Technical, security |
| Supabase | Authenticated database and identity | EU / US (configurable) | Account, activity |
| Typesense | Search index, self-hosted on APN infrastructure | EU | Usage, content metadata |
| Email provider | Account messages and digests | EU / US | Account, communications |
| Google Analytics 4 | Aggregated, consent-gated usage measurement (IP anonymized, Consent Mode v2) | US / EU (Standard Contractual Clauses) | Usage, anonymized |
Data goes to law enforcement only when legally compelled, and only the minimum required.
6#International transfers
APN runs on global edge infrastructure. When data crosses borders, the transfer is covered by Standard Contractual Clauses, the UK IDTA, or the equivalent mechanism for your jurisdiction.
7#Retention
Data is kept only as long as it serves the purpose it was collected for.
| Data | Retention |
|---|---|
| Account data | While the account is active. Deleted within 30 days of a deletion request. |
| Activity (saved, follows, preferences) | Tied to your account lifecycle. |
| Anonymized analytics | Up to 24 months in aggregate. |
| Security logs | Up to 90 days unless an incident requires more. |
| Support correspondence | Up to 24 months after the case closes. |
8#Your rights
Your rights, in plain English
Under GDPR, UK GDPR, CCPA/CPRA, LGPD, PIPEDA, and similar laws, you can:
- Ask what personal data APN holds about you.
- Correct it if it is wrong.
- Delete your account and the data tied to it.
- Export your data in a machine-readable format.
- Object to or restrict some processing.
- Withdraw consent at any time, without affecting prior processing.
- Lodge a complaint with your data protection authority.
To use any of these rights, email contact@allpatchnotes.com with subject "Privacy request". APN responds within 30 days and may need to verify who you are for sensitive requests.
9#Security
APN uses TLS for traffic, hashed passwords, scoped service tokens, row-level security on user-owned tables, and least-privilege access for the team. No service is fully secure. If you find a vulnerability, see the Report an issue page for how to disclose it.
10#Children
APN is for general audiences but is not aimed at children under 13 (or under 16 where local law requires that). If you believe a child has signed up, contact us and we will delete the account.
11#Changes to this policy
Material changes get posted here with a new effective date. For significant changes, account holders also get an email or an in-product banner.
★Privacy contact
Email contact@allpatchnotes.com with subject "Privacy request" for data access, correction, deletion, or export.
Privacy · Terms · Cookies · Accessibility · Contact