Privacy Policy

Last Updated: June 18, 2025

I. Introduction and General Privacy Policy

This document constitutes the general privacy policy of ndot.io LLC, a company registered in the state of New Jersey (headquarters: 45 River Drive South, Jersey City, NJ 07310, USA, hereinafter referred to as "we" or "data controller"). This policy describes in detail how ndot.io LLC collects, uses, stores, and protects your personal data.

This policy applies to the NewsFuse.io website and the NewsFuse Custom GPT service (hereinafter referred to as "the Project"). Our objective is to provide comprehensive information regarding our data processing practices and to ensure the protection of personal data.

1. Types of Data Collected and Methods of Data Collection

We collect only the data strictly necessary for the provision and development of the Project.

1.1 Data Collected During Registration and Account Management

Email address: We collect this data for account creation, identification, login, communication related to the Project (e.g., password reset, service notifications), and—with your explicit consent—for marketing communications.
Method of Data Collection: Directly provided by you during registration.
Password: Your password is securely stored in a hashed format to protect your account and enable login.
Method of Data Collection: Directly provided by you during registration.

1.2 Data Collected During Social Authentication

We offer the option to log in using Google, Microsoft, and Apple accounts. From these providers, we solely request and store your email address for account identification purposes. We do not request or store any other personal data (e.g., profile picture, date of birth) from these platforms.

Method of Data Collection: Indirectly, through the chosen third-party login service.

1.3 Data Provided on the Dashboard Interface

During your use of the Project, you may provide settings and personalization data on the dashboard interface (e.g., language settings, notification preferences, templates). This data is used to provide a personalized user experience and ensure the proper functioning of the Project.

Method of Data Collection: Directly by you through dashboard forms.

1.4 Technical and Usage Data (Log Data)

When you use the Project, we automatically collect certain technical and usage data. This data helps us maintain and improve the Project, as well as ensure security.

Data Collected: Device type, browser type, IP address, operating system. We use Google Analytics to analyze website traffic and user behavior in an anonymized form.
Method of Data Collection: Automatically, via API requests and Google Analytics.

Use of Cookies:

The Project uses strictly necessary cookies primarily for authentication and session management.
Authentication Cookies: To facilitate login, account management, and secure use of the service, we automatically place cookies in your browser. These are necessary for session identification and social login integration. These cookies do not contain personal data (e.g., password, email address); they solely serve for secure session identification.
Technical/Session Cookies: We use temporary (session) cookies to ensure the user experience and operate the service. These are automatically deleted when you close your browser.
We do not use marketing or analytical cookies, except for anonymized data recording associated with Google Analytics, provided you have explicitly enabled it. For more information on cookie settings and management, please refer to your browser's documentation.

1.5 Customer Service Communication

If you contact our customer support at support@newsfuse.io, we record the content of the correspondence, as well as any other personal data you provide (e.g., name, problem description) that is necessary for handling the inquiry.

Method of Data Collection: Directly by you during initiated communication.

1.6 Custom GPT and Search Process Data

During the use of the Project's Custom GPT service, your search settings, keywords, and generated content may be transmitted to OpenAI for the purpose of providing the service. OpenAI's use of this data is subject to OpenAI's own privacy policy. We recommend reviewing the OpenAI Privacy Policy for further information.

Method of Data Collection: Via API requests and based on user input.

1.7 Feedback Data

The feedback you provide is important to us for the continuous development of the Project. However, the feedback you submit is completely anonymous; it is not linked to your identity or account. As it does not qualify as personal data, it is not subject to the data storage duration provisions of this Privacy Policy.

Method of Data Collection: Communication with ChatGPT.

2. Purpose of Data Processing

We use your personal data for the following purposes, based on the specified legal bases:

User Account Management and Authentication: Purpose: To create and manage user accounts, ensure identification and secure login.
Project Provision and Billing: Purpose: To provide the Project's services and process payments via Stripe.
Personalization: Purpose: To enhance and personalize the user experience based on your settings.
Customer Support: Purpose: To answer your questions, resolve your problems, and ensure efficient customer service.
Analysis and Development: Purpose: To analyze Project operations, troubleshoot, optimize user experience, and develop new features.
Marketing Communication: Purpose: To send newsletters upon the user's explicit request.
Fulfillment of Legal Obligations: Purpose: To comply with tax, accounting, or other legal obligations.
Dispute Resolution and Legal Enforcement: Purpose: To establish, exercise, or defend legal claims.

3. Data Storage Duration

Registration Data (email address, password): Deleted within 24 hours of your account termination. There is no grace period; deletion is final.
Customer Service Correspondence: Stored for a maximum of 4 years. This duration is necessary to provide reference points for future inquiries and maintain Project quality.
Billing and Financial Transaction Data: Although we do not directly store credit card data (this is handled by Stripe), billing information related to transactions (e.g., invoice number, amount, date) is stored for the period required by applicable laws (e.g., tax laws). Currently, this duration depends on the regulations in force in the relevant jurisdiction.
Google Analytics Data: Our data retention settings in Google Analytics are configured according to Google's policies, ensuring the appropriate handling of anonymized data.
Data for Marketing Purposes: Until you withdraw your consent or until the purpose of data processing ceases.

4. Third-Party Data Processors and Data Sharing

We treat your personal data with strict confidentiality and share it with third parties only when strictly necessary for the provision of the Project, to fulfill a legal obligation, or based on your consent. In all cases, we ensure that data processors comply with strict data protection regulations and have a Data Processing Agreement (DPA) with us. We may share data with the following third-party providers:

Google (Analytics): For analyzing our Project's traffic and user behavior, in an anonymized form.
Cloudflare: For optimizing the security and performance of our Project (CDN services).
Microsoft: For providing search results (Bing API).
Vultr: For server hosting services.
OpenAI: For artificial intelligence-based content generation in the Project's Custom GPT service. OpenAI's use of data is subject to its own privacy policy.
Stripe: For processing payment transactions and billing.

5. Data Security

We take data security seriously and implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, deletion, or destruction. Our measures include:

SSL/TLS Encryption: All data communication between our Project and our servers is encrypted.
Strict Access Control: Only authorized personnel have access to personal data, based on strict role-based access rules and the principle of least privilege.
Password Policy: Enforcement of strong passwords for users and internal systems.
Regular Security Training: Our employees receive regular training on data protection and security best practices.
Security Protocols: Application of regular security audits, vulnerability assessments, and incident response protocols.
Data Hashing: Passwords are stored in an encrypted, hashed format.

6. International Data Transfers

ndot.io LLC is located in New Jersey, USA, and our servers are also located in the USA. This means that if you use the system from outside the USA, your personal data may be transferred to and processed in the USA. During data transfer, we proceed as follows:

Data originating from the EEA is transferred to the USA using Standard Contractual Clauses (SCCs) approved by the European Commission. These clauses provide contractual safeguards for data protection.
Additionally, we implement supplementary measures (e.g., encryption, pseudonymization) where necessary to ensure an adequate level of data protection in light of the Schrems II judgment.

7. Handling of Data Breaches

In the event of a data breach (i.e., accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your personal data), we will immediately take the necessary measures.

We will report and document the incident to the competent supervisory authority within 72 hours of becoming aware of it.
If the incident is likely to result in a high risk to your rights and freedoms, we will notify the affected users without undue delay. The notification will include the nature of the incident, the contact details of the data protection officer, the likely consequences of the incident, and the measures taken by us.

8. Child Protection

The Project's services are not designed for children under 13 years of age. We do not knowingly collect personal data from individuals under 13. If we become aware that we have collected personal data from an individual under 13 without parental consent, we will promptly delete such data.

9. Account Suspension

We reserve the right to suspend user accounts in cases of unauthorized access, violation of the terms of service, or breach of this privacy policy. If your account is suspended and you have a complaint, we will investigate and respond within 7 business days. More detailed regulations on this point are contained in the Terms of Service.

10. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that would produce legal effects concerning you or similarly significantly affect you (e.g., restricting access to services, influencing pricing).

11. Contact

If you have any questions or concerns regarding our Privacy Policy or data processing practices, please contact us at the following address:
ndot.io LLC
45 River Drive South, Jersey City, NJ 07310, USA
Data Protection Contact Email: privacy@ndot.io

12. Amendments to the Policy

We reserve the right to amend this Privacy Policy from time to time. We will notify users of such amendments through our dashboard and service interface, as well as via email. Material changes will be notified at least 14 days before they come into effect. We recommend that you regularly review this policy to stay informed about our data protection practices.

13. Legal Basis

The processing of your personal data is based on the following legal grounds:

Your Consent: In certain cases, such as marketing communications.
Performance of a Contract: For the provision of our Project, management of your user account, and fulfillment of our contractual obligations (based on the accepted Terms of Service).
Legitimate Interest: For the development and optimization of our Project, for security purposes, and for providing customer service, provided that your interests or fundamental rights and freedoms do not override these interests.
Fulfillment of a Legal Obligation: To comply with obligations imposed by tax, accounting, and other legal regulations.

II. Data Protection Rights and Compliance: Detailed Information

This section details your data protection rights under applicable laws, including the European Union's General Data Protection Regulation (GDPR), the U.S. California Consumer Privacy Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), and the Colorado Privacy Act (CPA). This section demonstrates how our data processing practices, described in Section I: Introduction and General Privacy Policy, comply with these regulations.

Important note on sensitive data: ndot.io LLC, including the Project, does not collect or process special categories of so-called "sensitive personal data" (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, data concerning a natural person's sex life or sexual orientation). Therefore, the stricter legal requirements related to these data categories are not relevant to us in this regard.

14. Rights Under the General Data Protection Regulation (GDPR)

Right of Access (Right to Information): You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and information concerning the processing (e.g., purposes, categories, recipients, storage period).
More Detailed Information: See Section I: Introduction and General Privacy Policy, points 1. Types of Data Collected and Methods of Data Collection and 2. Purpose of Data Processing and Legal Basis.
Right to Rectification: You can request that inaccurate personal data concerning you be rectified, or incomplete data be completed.
Right to Erasure ("Right to be Forgotten"): Under certain conditions, you can request the erasure of your personal data (e.g., if the data is no longer necessary for the original purpose, you have withdrawn your consent, or you have objected to the processing and there is no legitimate reason for further processing of the data). Please note that certain data storage may be required by legal obligations (e.g., billing data).
More Detailed Information: See Section I: Introduction and General Privacy Policy, point 3. Data Storage Duration.
Right to Restriction of Processing: You can request the restriction of processing if you contest the accuracy of the data, the processing is unlawful but you do not request erasure, or the data is needed by you for the establishment, exercise or defense of legal claims.
Right to Object: You have the right to object at any time to processing of personal data concerning you which is based on legitimate interest (unless the controller demonstrates compelling legitimate grounds for the processing), or for direct marketing purposes.
Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, where the processing is based on consent or on a contract and is carried out by automated means.
Right to Lodge a Complaint: You have the right to lodge a complaint with the competent local supervisory authority.

15. Rights Under the California Consumer Privacy Act (CCPA/CPRA)

Right to Know: You have the right to know what personal information we collect about you, why we collect it, and to whom we sell or disclose it.
Right to Access: You have the right to request access to the personal information collected about you.
Right to Deletion: You have the right to request the deletion of personal information collected about you, with certain exceptions.
Right to Correction (CPRA): You have the right to request the correction of inaccurate personal information.
Right to Opt-Out of the Sale or Sharing of My Personal Information:
- Data Selling: ndot.io LLC does not sell (as defined by CCPA/CPRA) your personal information to third parties.
- Data Sharing for Targeted Advertising (CPRA): Since we do not use marketing cookies and do not engage in targeted advertising based on your personal data, this point does not apply to you.
Right to Limit the Use and Disclosure of Sensitive Personal Information (CPRA): As mentioned above, we do not process sensitive personal information that would fall under this provision of the CPRA.

16. Rights Under the Virginia Consumer Data Protection Act (VCDPA)

Right to Access: You can request access to your personal data held by us.
Right to Deletion: You can request the deletion of personal data provided by you.
Right to Correction: You can request the correction of inaccurate personal data.
Right to Data Portability: You have the right to obtain your personal data in a portable format.
Right to Opt-Out: You have the right to opt-out of the processing of your personal data for the purposes of targeted advertising, the sale of personal data, or profiling that may have legal effects concerning you. As we do not engage in targeted advertising, profiling with legal effects, or data selling, these rights are not relevant in this context.

17. Rights Under the Colorado Privacy Act (CPA)

Right to Access: You can request access to the personal data collected about you.
Right to Deletion: You can request the deletion of personal data provided by you.
Right to Correction: You can request the correction of inaccurate personal data.
Right to Data Portability: You have the right to obtain your personal data in a portable format.
Right to Opt-Out: You have the right to opt-out of the processing of your personal data for the purposes of targeted advertising or the sale of personal data. As we do not engage in targeted advertising or data selling, this right is not relevant in this context.
Right to Appeal: If we deny your request to exercise your rights, you have the right to submit an appeal.

18. How to Exercise Your Rights?

You can exercise your rights by sending an email to privacy@ndot.io. Upon receipt of your request, we will verify your identity to confirm your person and then respond to your inquiry within the legally prescribed deadline (usually within 30 days).

Thank you for reading our Privacy Policy.