Privacy Policy

Who we are

Just Right News Corp, a Florida corporation (“Bureau”, “we”), operates bureau.news, *.bureau.news, and connected custom domains. Contact: support@bureau.news.

The short version

• We collect what we need to run your bureau, charge you, and keep the service safe — nothing for advertising and nothing for resale.
• We don’t sell or rent personal data. There’s no ad network.
• You bring your own AI keys; your prompts, articles, and audio go from your bureau to your AI provider. Bureau records the cost in your account but never sees the key in the clear.
• For Brief tier subscribers, raw source payloads (e.g., a Slack message, an email body) are processed for the day’s briefing and then dropped by default — we call it “brief and discard”.

What we collect

Account data

Email, name, hashed password (Argon2id), Google OAuth subject id if you sign in with Google, billing identifiers from Stripe (we never see your card number), two-factor recovery hints.

Tenant data

Your bureau’s configuration (name, domain, journalists, beats, voices), your articles, your audio, your images, your task assignments, your usage metrics. Stored under Postgres row-level security; one tenant cannot read another tenant’s rows.

Source data (Brief tier)

When you connect Gmail, Calendar, Slack, GitHub, Linear, HubSpot, Postgres, or a webhook as a source, we hold the OAuth or API credential encrypted (envelope encryption, per-tenant DEK, AES-256-GCM) and we fetch the data window your brief asks for. By default we drop the raw payload after the brief is composed; only the composed brief and the cost/usage row are kept. You can opt into payload retention per source — that’s a deliberate, visible setting in Desk.

Subscriber data (Brief tier)

Subscribers you add to a private brief: name, email, and a tokenized podcast feed URL. We use the email to deliver notifications about new episodes and to honor an unsubscribe.

Operational data

Server logs (timestamp, request path, response code, request id, tenant slug — not request bodies), error traces (Sentry), and security events (login, password reset, suspicious activity). Logs roll off after 30 days unless something requires a longer hold.

What we do with it

• Run your bureau. Build pages, render podcasts, deliver email, route AI calls, mint tokenized feeds.
• Bill you. Stripe handles cards; we keep the customer id and invoice history.
• Keep the platform safe. Rate limits, abuse detection, incident response.
• Talk to you. Transactional emails about your account, security notices, occasional product changes. No marketing list unless you opt in.

What we don’t do

• Sell, rent, or trade personal data. There’s no “Bureau advertising network” and there won’t be.
• Train any model on your tenant’s data.
• Read your inbox, calendar, or messages outside the brief window you configured.
• Mark up your AI-provider bills.

Sub-processors

We use a small number of vendors to run the service. The current list:

• Linode (Akamai) — compute, object storage, networking.
• Cloudflare — DNS and edge TLS.
• Stripe — payment processing.
• SendGrid — transactional email delivery.
• Sentry — server-side error tracking.
• Your AI providers — Gemini, OpenAI, Anthropic, OpenRouter, ElevenLabs, Perplexity — to the extent you’ve configured them.

If this list changes materially, we’ll update this page and email account admins.

Retention

• Tenant content: as long as the bureau is active, plus 30 days after closure for recovery.
• Backups: rotated on a 90-day cycle.
• Raw source payloads (Brief tier): dropped after each brief by default, unless you opt into per-source retention.
• Logs: 30 days.
• Billing records: 7 years (US tax / payment regulations).

Your rights

You can ask us to export, correct, or delete your data. Use Desk for self-serve export and account deletion, or email support@bureau.news. We respond within 30 days. If you’re in the EEA, UK, or California, you have additional rights under GDPR, the UK GDPR, and the CCPA respectively — all of them apply to us and you can exercise them through the same address.

Security

Architecture details live on the Security & PII page. The short version: Postgres row-level security, AES-256-GCM envelope encryption for credentials, Argon2id for passwords, TLS everywhere, two-factor available, OAuth via Google. We’re not SOC 2 or ISO 27001 certified yet and we don’t pretend to be.

Children

Bureau is for adults. We don’t knowingly collect data from anyone under 16. If you believe a child has signed up, please tell us and we’ll remove the account.

Changes

Material changes get posted here and emailed to account admins at least 14 days before they take effect.

Contact

support@bureau.news — privacy and data questions land here.