Security & Privacy

Plain language. No marketing.

Forwarding a newsletter to Earmail means trusting us with the content of that email. Here's exactly what that trust covers and where it doesn't.

How we protect your account

  • No passwords. Earmail uses magic-link login only. There's nothing for an attacker to phish, guess, or breach. Your account security is bounded by your email security.
  • Revocable sessions. Logins are recorded as database sessions, not signed tokens. We can invalidate any session immediately if you ask us to.
  • HTTPS everywhere. All connections to and from Earmail use TLS.
  • Encrypted at rest. Our database, audio storage, and backups live on encrypted volumes.
  • Stripe handles payment. We never see card numbers, CVVs, or full bank details.
  • Private feeds. Your podcast feed URL contains a long random token. Only you have it; no public listing exists.

What we hold

  • Your email address (and optional display name).
  • The body of every newsletter you forward, while it's in your library.
  • The audio file generated for each episode.
  • Anonymized usage counts (episodes generated, days active).

What we don't hold

  • A password. There isn't one to leak.
  • The contents of your inbox. We only see what you forward.
  • Your card details. Those live with Stripe.
  • Any analytics about which articles you actually listen to. Episodes are downloaded by your podcast app — playback never reports back to us.

What you control

  • Delete an episode. The audio file is unlinked immediately; the database row is fully purged within 31 days. (We keep the row that long so "delete" can't be used to free up monthly capacity past your plan's cap.)
  • Delete your account. All your content, audio, and data is gone within 30 days. We give you a window in case the deletion was a mistake.
  • Opt out of translation. Settings → Episode extras. By default, non-English newsletters are auto-translated to English.

Admin access & audit logging

For support, debugging, and quality control, Earmail admins can access the contents of episodes — but the admin interface is redacted by default. Episode titles and transcripts are hidden until an admin takes an explicit "Reveal" action on a single episode, and every reveal is recorded to an internal audit log with the admin's identity, the episode ID, and a timestamp.

We do not page through user content casually, and we do not use it to train models. If you have questions about a specific access event, email us and we'll tell you.

Where your content goes for processing

To turn a newsletter into a podcast episode, the cleaned text passes through two third-party APIs:

  • Anthropic (Claude) for cleanup, structure detection, and translation. Anthropic does not train on data sent through their API.
  • OpenAI for text-to-speech narration. OpenAI does not train on data sent through their API.

Both relationships are governed by their no-training-on-data terms. Full third-party list is in our privacy policy.

Where Earmail isn't the right fit

We've designed Earmail for newsletters and articles — commentary, analysis, opinion, lifestyle, and news. If you're considering forwarding legally privileged communications, regulated medical or financial records, or anything you'd be uncomfortable having processed by a third-party API or accessed by an Earmail operator under any circumstance, please don't. We aren't the right tool for that material yet, and we'd rather you know now.

Reporting a security concern

Found a bug, a leaked URL, or anything else that worries you? Email hello@earmail.app with the details and we'll get back to you fast. We don't run a formal bug bounty program right now, but responsible disclosure is appreciated and we're happy to credit you publicly if you'd like.

Questions about anything on this page? Reply to any Earmail email or write to hello@earmail.app.