Chatterbox

Local civic news for your ZIP code.

Privacy Policy

Last updated:

1. Who We Are

Chatterbox is operated by Digent LLC, a limited liability company organized under the laws of the State of Florida ("Company," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use the Chatterbox website and email briefing service (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, do not use the Service.

2. What We Collect

We collect only the minimum data necessary to operate the Service:

  • Email address — provided at registration; used for authentication (magic-link) and delivery of briefings.
  • Age affirmation — at registration you affirm that you are 18 years of age or older. We record this affirmation (timestamp and method) as an audit event. We do not store your full date of birth; we collect only the year of birth as a minimum verification check.
  • Location preferences — the zip code(s) or community area(s) you select to receive coverage for. We store these preferences so we can route the correct briefings to you.
  • IP address and user agent on submissions — when you submit a news tip, event listing, or other community content, we log your IP address and browser user agent. This information is used solely for abuse prevention, fraud detection, and legal compliance.
  • Audit log of account actions — we maintain an immutable log of significant account events (registration, age affirmation, login, account deletion request). This log exists for accountability and is not used for advertising.
  • Sponsor account data — if you create a sponsor account, we additionally collect billing name, billing address, and payment method information (the latter handled by Stripe — see Section 4).

What we do not collect: We do not collect any information from persons under 18 years of age. We do not collect social security numbers, government ID numbers, health information, or financial account numbers (payment card data is handled directly by Stripe and is never transmitted to or stored on our servers). We do not build advertising profiles.

3. How We Use Your Information

We use the information we collect to:

  • Deliver briefings — route the correct local briefings to your email address based on your location preferences.
  • Authenticate you — send magic-link login emails and maintain your authenticated session.
  • Publish moderated community submissions — review, edit, and publish (or decline) news tips and community content you submit.
  • Bill sponsors — process sponsor payments through Stripe and maintain billing records as required by law.
  • Secure the Service — detect and prevent fraud, abuse, unauthorized access, and illegal activity.
  • Measure aggregate visits — count anonymous unique browser visits over rolling 24-hour, 7-day, and 30-day windows. The counter uses a randomly-generated identifier stored in your browser's localStorage and is never linked to your account.
  • Comply with legal obligations — respond to lawful requests from law enforcement, fulfill data-subject rights requests, and maintain records required by applicable law.

We do not sell, rent, or share your personal information with advertisers or data brokers. We do not use your information for targeted advertising. The only sponsor-facing information is aggregate coverage statistics (e.g., subscriber count for a given coverage area), which contain no personal data.

4. Third-Party Processors

We share your information with the following third-party service providers ("processors") solely as necessary for them to perform services on our behalf. Each processor is contractually prohibited from using your data for any purpose other than providing services to us.

ProcessorPurposePrivacy Policy
ResendTransactional email delivery (daily briefings, magic-link sign-in, notifications)Privacy Policy
StripePayment processing for sponsor subscriptions and other paid featuresPrivacy Policy
Lemon SqueezyMerchant-of-record payment processing for sponsor subscriptions (alternative to Stripe; handles EU VAT and global sales tax)Privacy Policy
AnthropicAI-assisted content summarization and community-submission classificationPrivacy Policy
Cloudflare R2Object storage for user-uploaded media and published asset archivesPrivacy Policy
Fly.ioWeb hosting and container runtime; serves all chatterbox.news trafficPrivacy Policy
CloudflareDNS, edge caching, and DDoS protection for chatterbox.newsPrivacy Policy

We may add, remove, or replace processors over time. When we do so in a way that materially affects your data, we will update this Privacy Policy and notify subscribers by email.

5. Data Retention

We retain your data for the following periods:

  • Active subscriber data (email, location preferences, account settings) — retained for the duration of your subscription and for twenty-four (24) months following unsubscription or account deletion, after which it is permanently deleted.
  • Audit log of account actions — retained indefinitely for accountability and legal compliance purposes.
  • Published community submissions — retained indefinitely as part of the public record archive unless a valid legal removal request is received.
  • Review queue decisions (editorial decisions on tips and submissions, including declined submissions) — retained indefinitely for editorial accountability.
  • Sponsor billing records — retained for seven (7) years as required by applicable tax and accounting law.
  • IP address logs from submissions — retained for ninety (90) days, then purged, unless retained longer as required by an active legal hold.

6. Your Rights

You may exercise the following rights by emailing us at hello@chatterbox.news:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that we correct inaccurate personal data.
  • Deletion — request that we delete your personal data, subject to our retention obligations (see Section 5) and applicable law.
  • Data portability — request a machine-readable export of your personal data.
  • Objection / restriction — object to or request restriction of certain processing activities.

California residents (California Consumer Privacy Act / CPRA): You have additional rights including the right to know the categories of personal information we collect and share, the right to opt out of the "sale" of personal information (we do not sell personal information), and the right to non-discrimination for exercising your rights. To submit a consumer request, email hello@chatterbox.news with the subject line "California Privacy Request."

Colorado residents (Colorado Privacy Act): You have the right to access, correct, delete, and obtain a portable copy of your personal data, and the right to opt out of the processing of personal data for targeted advertising (we do not conduct targeted advertising).

Virginia residents (Consumer Data Protection Act): You have the right to confirm whether we process personal data about you, to access, correct, delete, and obtain a copy of that data, and to opt out of the sale of personal data and targeted advertising.

We will respond to verified rights requests within forty-five (45) calendar days, or as otherwise required by applicable law.

7. Cookies & Tracking Technologies

The only cookie set by the Service today is a strictly necessary, first-party session cookie that maintains your authenticated session and expires when you close your browser or when the session token expires.

We use a first-party visitor counter that records anonymous, aggregated page views from your browser. The counter stores a randomly-generated identifier in your browser's localStorage (not a cookie) so we can measure unique browser visits over rolling 24-hour, 7-day, and 30-day windows. The counter does notcollect IP addresses, user-agent strings, fingerprints, advertising identifiers, or any cross-site tracking data, and the dataset is automatically deleted after 30 days.

We do not currently use behavioral tracking, advertising cookies, or third-party analytics tools. We may, in the future, enable a privacy-respecting product-analytics tool (such as PostHog or Plausible) to better understand how the Service is used. If we do, we will update this policy and clearly disclose what is collected, why, and how to opt out before any new collection begins. We will not enable interest-based advertising, cross-site tracking pixels, or third-party cookies for behavioral targeting.

8. Security

We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/HTTPS.
  • Hashed, single-use authentication tokens — we do not store passwords. All authentication is performed via time-limited magic links.
  • Access controls limiting employee access to personal data on a need-to-know basis.
  • Regular security reviews of our infrastructure and dependencies.

No method of electronic transmission or storage is 100% secure. If we become aware of a security breach that affects your personal data, we will notify you as required by applicable law.

9. Children's Privacy

The Service is intended for adults only. We do not knowingly collect personal information from any person under 18 years of age. We enforce this restriction through an age gate at registration consistent with our obligations under the Children's Online Privacy Protection Act ("COPPA") and applicable state law.

If we discover, or are credibly notified, that we hold personal data belonging to a person under 18, we will permanently delete that account and all associated personal data within seven (7) calendar days of discovery. If you believe we have inadvertently collected data from a minor, please contact us immediately at hello@chatterbox.news.

10. International Users

The Service is operated from the United States and is intended solely for users located in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using the Service from outside the United States, you consent to the transfer of your information to the United States. We do not actively market the Service to persons in the European Economic Area, the United Kingdom, or other jurisdictions with data protection frameworks that are not compatible with our current practices.

11. Changes to This Privacy Policy

We may update this Privacy Policy at any time, in our sole discretion. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by applicable law, provide additional notice (such as an in-app banner or an email to active subscribers) before the changes take effect. Non-material changes (including but not limited to clarifications, formatting changes, expansions of permitted uses consistent with the spirit of this Policy, and updates to processor lists) may be posted without separate notice.

Your continued use of the Service after a revised Privacy Policy is posted constitutes your acceptance of the revised policy. If you do not agree to a revised policy you must stop using the Service.

11A. Limitations of Our Privacy Commitments

The descriptions of our practices in this Policy are provided for transparency and to comply with applicable disclosure obligations. They do not create or imply any contractual commitment, service-level guarantee, or fiduciary obligation beyond what is required by applicable law. We may modify our data-handling practices at any time, and we disclaim any obligation to maintain particular tools, processors, retention periods, or features described herein.

Specifically, and without limitation: (a) response timelines for rights-requests, deletion requests, and other inquiries are best-effort estimates and not legally binding service levels except as expressly required by statute; (b) retention periods are minimums consistent with operational need and legal obligations and may be extended where we, in our sole discretion, deem it appropriate (e.g., for fraud investigation, audit, litigation hold, or backup integrity); (c) third-party processors may change at any time without notice, so long as the new processor's data-protection posture is broadly equivalent to the replaced processor's; (d) aggregated, anonymized, or de-identified data is not personal information for purposes of this Policy and may be retained, used, disclosed, and shared without restriction; (e) backup copies of personal data may persist in offline or write-once-read-many media for up to twenty-four (24) months following deletion of the live record, and we have no obligation to delete such backup copies before they are overwritten in the ordinary course of business.

Nothing in this Policy waives or diminishes any disclaimer, limitation of liability, or dispute-resolution provision contained in our Terms of Service, which are incorporated herein by reference.

11B. Liability for Privacy Matters

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, OUR TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THIS PRIVACY POLICY, OUR PROCESSING OF YOUR PERSONAL DATA, OR ANY PRIVACY-RELATED CLAIM IS SUBJECT TO THE LIMITATION OF LIABILITY SET FORTH IN OUR Terms of Service (currently capped at the greater of $100 USD or amounts you have paid us in the prior twelve months). YOU AGREE THAT THIS LIMITATION IS REASONABLE GIVEN THE NATURE OF THE SERVICE, AND YOU SHALL HAVE NO CLAIM AGAINST US OR OUR AFFILIATES, DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, OR PROCESSORS THAT EXCEEDS THE FOREGOING CAP.

We are not responsible for the privacy practices of third-party websites, applications, or services to which the Service may link, including but not limited to government source pages, news partners, sponsor websites, and email providers used by you to receive our briefings. You access such third-party services at your own risk.

12. Contact

Questions, requests, or concerns regarding this Privacy Policy may be directed to:

Digent LLC
Attn: Privacy
hello@chatterbox.news

We will make reasonable efforts to respond to all legitimate privacy inquiries within fourteen (14) business days.