Back to Trawly

Privacy Policy

Last updated 22 March 2026

Trawly is a personalized morning digest service. This policy explains what personal information we collect, how we use it, and your rights. We've written it in plain English because you deserve to actually understand it.

What we collect

Account information

Your email address, display name, delivery phone number (if you use SMS), and X (Twitter) handle (if you connect it). We collect this so we can deliver your digest and identify you.

Taste profile

The interests, context, and preferences you provide during onboarding and refine over time. This is the most sensitive data we hold — it can include information about your work, projects, health interests, and personal context. We use it exclusively to personalise your digest.

Engagement data

Which digest links you click, when your emails are opened and delivered, and replies you send to digests. We use this to improve your taste profile and measure product quality — not to sell to advertisers.

Delivery preferences

Your preferred delivery time, timezone, and delivery method (email or SMS).

How we use it

  • To research, compile, and deliver your personalised daily digest
  • To learn your preferences over time and improve future digests
  • To send you transactional messages about your account
  • To measure product quality and fix bugs

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described below.

Third-party services we use

Anthropic (Claude AI)

Your taste profile and curated content are sent to Anthropic's API to generate your digest. We use API access — prompts are not used to train Anthropic's models. See Anthropic's privacy policy.

Supabase

All user data is stored in Supabase's hosted Postgres database with row-level security. Data is encrypted at rest and in transit.

Resend (email) & Twilio (SMS)

Used exclusively to deliver your digest and account notifications. We do not share your email or phone number with these providers beyond what's needed for delivery.

Vercel

Our application is hosted on Vercel. Standard server logs (IP addresses, request metadata) may be retained for security purposes.

Data retention

We retain your data for as long as your account is active. Digest history is kept for 12 months. Engagement events are kept for 90 days for profile optimisation, then aggregated and anonymised.

Your rights

You have the right to:

  • Access — request a copy of all data we hold about you
  • Correction — update your taste profile at any time from your settings page
  • Deletion — request deletion of your account and all associated data
  • Portability — receive your taste profile and digest history in a machine-readable format
  • Opt-out — unsubscribe from all communications at any time via the unsubscribe link in any email

To exercise any of these rights, email gm@heytrawly.com. We'll respond within 30 days.

Email and SMS consent

By creating an account, you consent to receive your daily digest and transactional account notifications via email and/or SMS (depending on your delivery preferences). You can unsubscribe at any time. We do not send marketing emails without separate consent.

Security

We use industry-standard security practices: encrypted connections (TLS), encrypted data at rest, row-level database security, and restricted access controls. Trawly is in beta — if you discover a security issue, please report it to gm@heytrawly.com rather than disclosing publicly.

Changes to this policy

If we make material changes to how we handle your data, we'll notify you by email before the change takes effect. The date at the top of this page always reflects the most recent revision.

Contact

Questions about this policy or your data? Email gm@heytrawly.com.