Privacy Policy
Effective date: 2026-07-04
to RSS ("we", "us", "our") provides a tool that turns public social media sources into RSS feeds (the "Service"). This Privacy Policy explains what data we collect, how we use it, and the choices you have.
Summary
- Using the Service requires an account identified by an email address — that is the only personal identifier we ask for.
- We do not ask for passwords or credentials to third-party platforms; sign-in works via one-time email links.
- No payment details are collected at this time, and we never store payment card data ourselves.
- We process publicly available social media content to generate RSS feeds.
- We keep limited technical logs to operate the Service, prevent abuse, and debug issues.
- We do not sell personal data and do not use advertising trackers.
- You can export your data or delete your account yourself, at any time, from your account settings.
What we collect
1) Account information
To use the Service you create an account with your email address. We use it to send one-time sign-in links and essential service emails (for example, confirming an email change). We do not store passwords.
2) Subscription information
When you choose a plan, we store your selection and the status of your subscription so we can provide the features included in it. No payment is collected at this time, and we do not store payment card details. If paid billing is introduced in the future, payments would be handled by a dedicated payment provider and you would be notified in advance.
3) Content you configure
When you add a source, you submit a public profile or channel identifier (a URL or username) together with optional feed settings (such as keyword filters). We store these to build and serve your feeds.
4) Automatically collected information (server logs)
Like most websites, our servers record limited technical information when you access the Service, such as:
- IP address
- Device and browser type (user agent)
- Timestamps and pages requested
- Referrer URL (if provided by your browser)
- Basic error and performance diagnostics
We use this information to keep the Service secure, prevent abuse (for example, rate limiting), debug issues, and maintain performance.
5) Public content
To build RSS feeds, we fetch content from public social media sources. This may include posts, timestamps, media links, and other content that is publicly available on the respective platform. We do not support private accounts or private groups. If a source becomes private or is removed, the feed will stop updating.
Cookies
We use only functional cookies: a signed session cookie after you sign in, a security cookie that protects forms against forgery, and an anonymous visitor cookie used for abuse prevention and basic usage statistics. We do not use cross-site advertising cookies, ad targeting, or third-party analytics trackers.
How we use information
- Provide and operate the Service (generate and serve RSS feeds)
- Authenticate you and keep your account secure
- Maintain reliability and performance
- Prevent abuse and protect the Service and other users
- Debug and improve the Service
- Comply with legal obligations
Legal bases (EEA/UK users)
If you are in the European Economic Area or the UK, we process data under the following legal bases:
- Performance of a contract (providing the Service you request)
- Legitimate interests (security, abuse prevention, service reliability and improvement)
- Legal obligation (where applicable)
Your choices and rights
- Export: you can download a copy of your account data from your account settings at any time.
- Correction: you can change your account email address from your account settings.
- Deletion: you can delete your account from your account settings. Deletion takes effect immediately; for a short grace period you can restore the account by signing in again, after which all associated data is permanently removed.
You can also contact support@to-rss.com for any privacy request, including rights you may have under applicable law (such as access, rectification, erasure, or objection).
Data retention
- Server logs: retained for a limited period for security and debugging, then deleted.
- Fetched public content: stored temporarily to generate and serve RSS feeds, and cleaned up when no longer needed.
- Account and subscription data: retained while your account exists, and permanently removed after the deletion grace period described above.
Retention periods may vary based on operational needs, legal requirements, and abuse patterns.
International transfers
If you access the Service from outside the country where our servers are located, your information may be processed in other countries. Where required, we use appropriate safeguards for cross-border transfers.
Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the effective date.
Contact
Questions about this policy? Contact support@to-rss.com.