Back to Earmail

Security & Privacy

Forwarding a newsletter to Earmail means trusting us with the content of that email. Here's exactly what that trust covers.

How we protect your account

  • No passwords. Earmail uses magic-link login only. There's nothing for an attacker to phish, guess, or breach. Your account security is bounded by your email security.
  • Revocable sessions. Logins are recorded as database sessions, not signed tokens. We can invalidate any session immediately if you ask us to.
  • HTTPS everywhere. All connections to and from Earmail use TLS.
  • Encrypted at rest. Our database, audio storage, and backups live on encrypted volumes.
  • Stripe handles payment. We never see card numbers, CVVs, or full bank details.
  • Private feeds. Your podcast feed URL contains a long random token. Only you have it; no public listing exists.

What we hold

  • Your email address (and optional display name).
  • The body of every newsletter you forward, while it's in your library.
  • The audio file generated for each episode.
  • Any follow-up questions you ask about an episode, and the answers we generate for them.
  • Anonymized usage counts (episodes generated, days active).

What we don't hold

  • A password. There isn't one to leak.
  • The contents of your inbox. We only see what you forward.
  • Your card details. Those live with Stripe.
  • Listening data from your podcast app. We can see that an episode was delivered (download events, with hashed IP addresses) — but not whether, or how much of it, you actually listened to. Playback in your podcast app never reports back to us. The one exception is our optional web player, which saves your playback position so you can resume where you left off.

What you control

  • Delete an episode. Its audio and transcript (the original and cleaned text) are erased immediately; the remaining record is fully removed within 31 days.
  • Delete your account. All your content, audio, and data is gone within 30 days. We give you a window in case the deletion was a mistake.
  • Opt out of translation. Settings → Episode extras. By default, non-English newsletters are auto-translated to English.

Admin access & audit logging

For support, debugging, and quality control, Earmail admins can access the contents of episodes — but the admin interface is redacted by default. Episode titles and transcripts are hidden until an admin takes an explicit "Reveal" action on a single episode, and every reveal is recorded to an internal audit log with the admin's identity, the episode ID, and a timestamp.

We do not page through user content casually, and we do not use it to train models. If you have questions about a specific access event, email us and we'll tell you.

Where your content goes for processing

To turn a newsletter into a podcast episode, the cleaned text passes through two third-party APIs:

  • Anthropic (Claude) for cleanup, structure detection, translation, and the optional extras (weekly digests, reflection prompts, answers to follow-up questions). Anthropic does not train on data sent through their API.
  • OpenAI for text-to-speech narration. OpenAI does not train on data sent through their API.

Both relationships are governed by their no-training-on-data terms. Full third-party list is in our privacy policy.

Reporting a security concern

Found a bug or anything else that worries you? Email hello@earmail.app with the details and we'll get back to you fast.

Questions about anything on this page? Reply to any Earmail email or write to hello@earmail.app.