What we keep.
What we don't.

The short version

• We store your email, your name, your interests, your delivery preferences, and which repos you've clicked on.
• We use all of that to pick your weekly repos and send them to you. Nothing else.
• We never sell, share, rent, or publish your email. Not to advertisers, not to partners, not to anyone.
• There are no third-party analytics scripts on this site. No Google Analytics, no pixel trackers, no Facebook SDK.
• You can unsubscribe any time from the footer of any email. If you never click, we auto-pause after ten editions.
• You can ask for all your data to be deleted. We'll do it within 30 days, no interrogation.

What we actually store

Your account record contains:

• Email address — so we can send you the edition.
• First name — so the email doesn't start with "Hey user_2451".
• Interests description — the text you typed at signup.
• Delivery preferences — day of week, time, timezone, language.
• Confirmation status — whether you've clicked the confirm link.
• Signup timestamp — when you joined.

Per edition we sent you, we also store:

• Which repos were included.
• Which repos you clicked on, and when.
• The rendered HTML of that edition, so you can re-read it from the link.

Where it lives

All of the above sits in a single Azure PostgreSQL database in the US region. No third-party CRM, no mailing-list provider with access to your address, no data warehouse shipping things around.

We use Resend to actually deliver the emails. Resend sees your address and the email body, the same way any email provider would. They're GDPR-compliant and don't use message content for anything beyond delivery. That's their privacy policy.

Click tracking, the honest version

Every repo link in your email goes through finds.dev/r/{token}. That token is signed, not guessable, and encodes your user id, the repo id, and the edition id. (The footer links — preferences and unsubscribe — are also signed, but routed straight to their endpoints rather than through the redirect.) When you click a repo link:

• We record that you clicked that repo at that time.
• We redirect you to GitHub. No interstitial, no ads, no delay.
• The next agent run uses this to sharpen the next edition.

We do not record your IP, your user-agent, or which device you clicked from. Just the fact of the click. That is genuinely all we need.

What we don't do

• No selling or sharing. Your email never leaves the database to go to another party.
• No ad networks. No retargeting, no programmatic ads, no tracking pixels in the email.
• No third-party JS. The signup page loads fonts from Google and nothing else.
• No AI training on your data. Your interest text goes to Claude to pick repos for you; it is not used to train models. Anthropic's commercial API policy explicitly excludes your data from training.
• No dark patterns. Unsubscribe is one click. Reactivate is one click. No "are you sure" guilt flow.

Your rights

If you're in the EU or UK, the usual GDPR rights apply. If you're elsewhere, honestly, we still do all of this — it's simpler than having two policies.

• Access — ask and we'll send you every row we have about you.
• Correction — update your preferences from any email footer, or email us.
• Deletion — ask and we wipe your account, history, and all derived data.
• Export — we'll send you a JSON dump.
• Complaint — you can complain to your national data-protection authority if we screw up.

All of those requests go to [email protected].

Cookies

The signup page sets no cookies. The hosted edition pages set no cookies. The click-redirect endpoint sets no cookies. There is no cookie banner here because there is nothing to consent to.

Changes to this page

If the data story changes in any meaningful way, we update this page and email everyone who's subscribed. Small wording fixes don't trigger a notice.

← back to signup