Privacy Policy of POLLAR P.S.A.

At Pollar, we respect your privacy. We want you to know how we collect your data, why we need it, and what rights you have. This Policy explains how we use your data and how you can exercise control over it.

This Policy describes the rules for processing data on our website https://pollar.news (the “Website”) and our web, mobile, and TV applications (the “Applications”).

This document has been prepared in Polish for users in Poland.

1. Who are we?

The controller of your personal data is Pollar P.S.A., with its registered office in Krakow at ul. Piastowska 46/12, 30-067 Krakow, registered in the Register of Entrepreneurs of the National Court Register maintained by the District Court for Krakow-Srodmiescie in Krakow, 11th Commercial Division of the National Court Register, under KRS number 0001194689, with NIP (tax identification number): 6772530681 (“Pollar”, “we”, “us”).

We are the creators of Pollar, a news aggregator that uses artificial intelligence to group and summarize press articles. In connection with this, we process the data of individuals who:

  • visit our Website,
  • use our Applications,
  • have subscribed to our newsletter or are on our waiting list (waitlist),
  • visit our social media profiles (e.g., Instagram).

For matters related to the processing of personal data, you may contact us at the following email address: contact@pollar.news, with the subject line “GDPR”.

2. Where do we obtain your data?

As a general rule, the data we process is provided to us directly by you. This occurs when:

  • you visit our Website – in which case cookies or server logs are stored,
  • you use our Applications – you provide us with your data when creating an account in order to use the full functionality of the service on a specific mobile device or television,
  • you subscribe to our newsletter or join the waiting list – you provide us with your email address so that we can send you marketing information, including information about the launch of our services and their updates,
  • you visit our social media profiles – you leave a trace in the form of a comment, like, or message that is visible to us and to the operator of the given platform.

Data that we receive indirectly is data that we obtain when:

  • you are the author of articles that we analyze – data such as your first and last name and the content of the article are obtained by us in an automated manner from publicly available news websites that we aggregate.

3. Purposes and legal bases for processing your personal data

Depending on how you use our Website and Applications, we may process your data for various purposes. Below you will find the most important ones:

You visit our Website:

  • to provide you with a service consisting of access to aggregated news,
  • to ensure its proper functioning and security (Art. 6(1)(f) GDPR),
  • to analyze visit statistics and improve content (Art. 6(1)(f) GDPR).

Thanks to this data, the website runs smoothly and we can develop it in accordance with your needs.

You use our Applications:

  • to provide you with a service, i.e., to enable you to create an account and use the application’s features (Art. 6(1)(b) GDPR),
  • to ensure the security of the service and protect it against abuse (Art. 6(1)(f) GDPR),
  • to analyze how you use the application in order to improve and develop it (Art. 6(1)(f) GDPR),
  • in the event of a potential dispute, for the purpose of defending or pursuing claims (Art. 6(1)(f) GDPR).

Without this data, we would not be able to provide you with access to your account or guarantee the security of our service.

You subscribe to the newsletter or join the waiting list:

  • to send you marketing and promotional information, as well as to inform you about the launch of our services and their important updates (Art. 6(1)(a) GDPR in conjunction with the provisions of the Electronic Communications Act and the Act on Providing Services by Electronic Means).

You'll stay up to date with Pollar.

You visit our social media profiles:

  • to conduct conversations, respond to comments and messages (Art. 6(1)(f) GDPR),
  • to present our offer and build our brand (Art. 6(1)(f) GDPR).

We use it to respond to your comments and messages.

You author articles we analyze:

  • to process and aggregate publicly available news content, which is the foundation of our service (Art. 6(1)(f) GDPR),
  • to identify you as the author of a cited article excerpt, fulfilling informational purposes and respecting copyright (Art. 6(1)(f) GDPR).

4. What data do we process?

The scope of data we collect from you depends on how you use our Website and services:

If you visit our Website:

  • technical data, such as anonymized IP address, device and browser information, and server logs;
  • if you enable browser notifications: a web push subscription issued by your browser, used to deliver notifications.

If you use our Applications:

  • if you have an account: email address and passwordless sign-in data (one-time email codes, Sign in with Apple, or Sign in with Google); Pollar accounts have no password;
  • in all cases: technical and operational data in the form of session tokens used for authentication, an app-generated device identifier, anonymous crash and performance diagnostics, and a fixed allowlist of first-party product-analytics events (no free text or content);
  • if you enable push notifications: a push notification token issued by Apple or Google, used to deliver notifications to your device.

If you subscribe to the newsletter or join the waiting list:

  • email address.

If you visit our social media profiles:

  • data that is publicly visible as part of your activity (e.g., first and last name or username, comments, likes, message content, profile picture).

If you author articles we analyze:

  • your first and last name, if provided in a publicly available article, as well as its content.

5. How long do we retain your data?

We retain your data only for as long as it is truly necessary, in accordance with the purpose of processing and applicable law. In the event that:

You visit our Website:

  • we retain your IP address for a maximum of 7 days in server logs,
  • cookies are retained in accordance with the information provided in the cookie banner and your browser settings.

You use our Applications:

  • we retain your account data for the entire duration of your account. It will be deleted when you decide to close your account,
  • diagnostic logs and anonymous crash and performance diagnostics are retained for up to 7 days, and security audit logs for up to 90 days,
  • first-party product-analytics events and other aggregated metrics that help us improve our services are retained for up to 90 days.

You subscribe to the newsletter or join the waiting list:

  • we retain your data until you unsubscribe from the mailing list (by withdrawing your consent).

You visit our social media profiles:

  • we retain your data for as long as you follow our profiles or engage in interactions (comments, messages),
  • your reactions (e.g., likes) may remain visible for longer, unless you remove them. We use this data to be able to respond to your comments or messages.

You author articles we analyze:

  • data obtained from article content (including your first and last name) is stored in our database for 72 hours from the moment it is retrieved, after which it is automatically deleted.

Account deletion: where, how, and what stays

We follow Apple's App Store rule 5.1.1(v) and GDPR Art. 17. You can delete your Pollar account directly inside the app or from the web. No phone call, no support ticket.

  • In the iOS app: Settings → Privacy → Delete account. The confirmation screen explains the 30-day grace period before irreversible deletion.
  • On the web: sign in at https://pollar.news, open Settings, and use the same Delete account flow.
  • During the 30-day grace period: your account is disabled. We collect no new data. Sign in within the grace window to cancel deletion. After 30 days, the data listed below is irreversibly removed.

Removed at the end of the grace period:

  • your profile, e-mail and authentication data,
  • your feed preferences, free-text preference, and the interpreted personalization rules,
  • your follows, bookmarks, reading history and notification preferences,
  • your active sessions and registered devices.

Retained, with a documented purpose and a defined retention period:

  • Financial transactions (Stripe + Apple In-App Purchase records) — 5 years, required by the Polish Accounting Act and Tax Ordinance Act.
  • Security audit logs (sign-in events, deletion request audit trail) — 90 days, for incident response and fraud investigation.
  • Backups — encrypted snapshots are overwritten in the normal backup rotation within 30 days of the grace period ending. Restored backups would not re-introduce your deleted data.

Once the grace period ends, the irreversible deletion is automated and runs daily. We do not keep a soft-deleted version of your account beyond that point.

6. To whom may we disclose personal data?

We may share your data with trusted partners and providers who help us deliver our services. Depending on how you use Pollar’s services, your data may be shared with the following categories of recipients:

You visit our Website or use our Applications:

  • hosting and cloud infrastructure service providers who ensure the operation of our servers and databases (e.g., Hetzner Online GmbH — servers in Germany, Cloudflare Inc. — content delivery network).

You set free-text feed preferences:

  • the free-text preferences you type in Settings are sent to Google’s Gemini model, hosted in the EU on Google Cloud Vertex AI (europe-west4), to interpret them into feed rules on our behalf. They are processed within the EU, and we do not send your email address or other account identifiers with them.

You subscribe to the newsletter or join the waiting list:

  • providers of mass email correspondence systems who help us send messages.

You visit our social media profiles:

  • your data is visible to the operators of those platforms and is processed in accordance with their terms of service and privacy policies.

You are the author of articles that we analyze:

  • data contained in publicly available articles (including your first and last name) is shared with our technology partners, i.e., providers of artificial intelligence models (such as OpenAI, Anthropic, OpenRouter), who perform content summarization and categorization operations on our behalf.

Other than the feed-preference text you choose to enter (described above), we do not share your registered-account identifiers (such as your email address) with AI model providers, and we do not allow your data to be used to train their models.

For advertising measurement, when you consent we share a limited set of events and hashed (SHA-256) identifiers with Meta (and with X when enabled), as described in the Advertising and measurement section below. We never sell your personal data, and beyond that limited measurement we do not share it with advertisers or data brokers.

Your data may be transferred outside the European Economic Area (EEA), as some of our providers (e.g., OpenAI, Anthropic, OpenRouter, Cloudflare, Stripe) are based in the United States. In such cases, we rely on the European Commission's adequacy decision (Commission Implementing Decision (EU) 2023/1795 of 10 July 2023 on the EU-US Data Privacy Framework, DPF) or on the standard contractual clauses approved by the European Commission (Art. 46(2)(c) GDPR), to ensure an adequate level of protection for your data.

Two Pollar News features send your input outside the European Union: Pollar Chat messages and search queries. To provide the best answer quality, chat messages are processed by a US-based AI provider (OpenAI, via OpenRouter) as the primary model, with an EU provider (Google Vertex AI, europe-west4) as fallback. When you search, your query is converted into a numeric representation and the results are ranked by US-based AI providers (OpenAI and Cohere, via OpenRouter) to find matching articles; no account or device identifiers are attached to it. Chat inputs and search queries are processed only to provide those features and are not used to train any model. All other Pollar News features keep your data within the EU. You can withdraw chat consent at any time in Settings.

7. What rights do you have over your data?

You have full control over your data. Under the GDPR, you may:

  • access your data – request information on whether we process your data and obtain a copy thereof,
  • rectify your data – correct your data if it is outdated or inaccurate,
  • erase your data (“right to be forgotten”) — request the deletion of your data. The fastest path is the in-app Delete account flow described in section 5. If you need a server-side or web-account deletion outside that flow, contact contact@pollar.news; we respond without undue delay and at the latest within one calendar month.
  • restrict processing – temporarily suspend the use of your data, e.g., while we verify its accuracy,
  • data portability – receive your data in a structured format and transfer it to another controller (where your data is processed on the basis of your consent),
  • object – object to the processing of your data where it is processed on the basis of our legitimate interest,
  • withdraw consent – withdraw your consent at any time if we rely on it for processing (e.g., newsletter, competitions). Withdrawal of consent does not affect the lawfulness of prior processing,
  • lodge a complaint with a supervisory authority – if you believe that we are violating data protection rules, you may lodge a complaint with the President of the Personal Data Protection Office (UODO) in Warsaw.

To exercise your rights, you may contact us at contact@pollar.news, with the subject line “GDPR”.

8. Analytical tools

On our Website we use a minimal, self-hosted analytics tool, chosen to collect only anonymized data needed to assess overall traffic and service quality. How we measure our advertising is covered separately in the Advertising and measurement section.

Umami Analytics

We use Umami, a lightweight, cookieless analytics tool that collects only anonymized traffic statistics (page views, referrer, country). Umami does not use cookies or localStorage, does not identify individual users, and for this reason does not require consent (processed under our legitimate interest, Art. 6(1)(f) GDPR). Umami is self-hosted by us. Data never leaves our infrastructure. Learn more.

9. Advertising and measurement

Like any modern publisher, we run advertising and we measure whether it works, so we can spend responsibly and improve it. To do this we use Meta Platforms, Inc. (and X Corp. when we enable it). The purpose is limited to measuring and improving our advertising; we do not use these tools to profile what you read.

What we share: a limited set of events (for example, a page visit or a membership purchase) together with hashed identifiers, the SHA-256 of your email address or phone number, sent through Meta's Conversion API, along with equivalent browser events from the Meta Pixel. We do not share your raw email address or phone number, and we never share the articles you read or anything you write in Pollar Chat.

Your choice and legal basis: in the European Economic Area we carry out advertising measurement only with your consent (Art. 6(1)(a) GDPR). Elsewhere we operate on an opt-out basis, and we honor the Global Privacy Control signal.

Transfer to the United States: this data is processed by Meta in the United States. Meta Platforms, Inc. is certified under the EU-US Data Privacy Framework, and we rely on the European Commission's standard contractual clauses as a fallback. When X is enabled, its transfer mechanism is disclosed here as well.

Retention: Meta retains this data under its own data policy. We keep our record of your consent for the life of your account, so we can show when and how you made your choice.

How to turn it off: use the consent banner, change your choice in Settings then Privacy, or send a Global Privacy Control signal from your browser. Turning it off stops new advertising events from being shared.

10. Diagnostics and product analytics in our Applications

To keep Pollar stable and to understand which parts of the product help you, our Applications send two kinds of first-party measurement data to our own servers. We use no third-party analytics SDK. This data is stored on our infrastructure in the European Union (Hetzner, Germany), is never sold, and is never shared with advertisers or data brokers.

Anonymous diagnostics (crashes and performance):

Our iOS app forwards Apple device reports about crashes, hangs, and resource use (CPU, memory, disk) to our server so we can find and fix faults. These reports carry no personal data, no device identifier, and no user identifier — they are fully anonymous and cannot be linked back to You. Because they are strictly necessary to keep the app working, they are always sent and there is no separate switch for them (Art. 6(1)(f) GDPR).

First-party product analytics (how the app is used):

We record a small, fixed allowlist of interface events so we can see where the experience works and where it breaks. Typical events are: onboarding steps, paywall viewed, subscribe tapped, a search being run (we never store what you searched for), an article shared, a tab selected, a session starting, the result of a notification-permission prompt, a bookmark added, a thread subscribed, and an error being shown.

We never collect free text, message content, or what you read inside these events, and they are not passed to any third-party processor. These events are never linked to your account; they are tied only to an anonymous device identifier, whether or not You are signed in. We process them under our legitimate interest in improving the product (Art. 6(1)(f) GDPR).

Your control: You can turn product analytics off at any time. In the app, open Settings and switch off “Help improve Pollar”. This setting is on by default; turning it off stops these analytics events. It is separate from the Reading history control, which governs the personalization signal described elsewhere in this Policy, and from anonymous diagnostics, which remain on for app stability.

We keep diagnostics and product-analytics data only for as long as it is useful for finding faults and improving the product, in line with the retention periods in section 5.

Search personalization

Search personalization is off by default. When you turn on the controls in Settings then Privacy, Pollar can save your search history, order suggestions and results to match what you read, and learn from which results you open. You can turn any of these off at any time, and clearing your data removes the searches and clicks tied to your account.

A separate, anonymized measure of popular searches always runs without linking to you. It records how often a query is searched, clicked, or returns nothing, with no account, device, or IP attached.

Pollar News MCP server

Pollar runs a public Model Context Protocol server at mcp.pollar.news so AI assistants can read our published news. It exposes only public editorial content and has no access to your account, preferences, reading history, or any personal data. It cannot change anything.

The server needs no sign-in, sets no cookies, and builds no profile of you. To keep it available and prevent abuse it briefly logs the requesting IP address and which tool was called, then discards those logs on a short rolling window. We do not sell or share this data.

11. Social Media

We process the personal data of users who follow our profiles on social media platforms such as Facebook, Instagram, YouTube, and TikTok and interact with them. Meta and X (when enabled) also act as our advertising-measurement partners, covered in the Advertising and measurement section above. Detailed information on how data is processed by each platform can be found at the following links:

12. Cookies

On our Website and in our Applications, we use cookies and similar browser data storage technologies (including localStorage). Thanks to them, the website and applications function properly, we can ensure security, and analyze visit statistics.

We set first-party cookies for the service itself: pollar_device_id (an anonymous device identifier, kept ~1 year, that keeps your session and push notifications working without an account), NEXT_LOCALE (your language), and a session cookie when you sign in. Data stored in localStorage is kept exclusively locally in your browser and is not shared with anyone.

Some cookies and localStorage data are essential for the website to function and cannot be disabled; others require your consent and can be managed in your browser settings or through the cookie banner displayed on your first visit.

Additionally, we use Umami Analytics, an analytical tool that does not use cookies or localStorage. Umami collects exclusively anonymized statistical data about website traffic, without the ability to identify individual users.

With your consent, we also use advertising cookies set by the Meta Pixel (and by X when enabled) to measure our advertising, as described in the Advertising and measurement section. These cookies are consent-gated: they are not set unless you allow advertising measurement, and you can withdraw that consent at any time through the cookie banner or in Settings then Privacy.

NameDescriptionRetention periodType
cookieConsentStores your preferences regarding cookie consent (essential, analytics, marketing).IndefiniteEssential
pollarThemeStores the selected interface color theme (light or dark).IndefiniteEssential
pollarAuthStores the user’s sign-in state (anonymous 1/0 flag, no account data).IndefiniteEssential
_fbpSet by the Meta Pixel to measure the performance of our advertising. Set only with your marketing consent.~90 daysMarketing
_fbcSet by the Meta Pixel to attribute ad clicks for advertising measurement. Set only with your marketing consent.~90 daysMarketing

You can clear cookies and localStorage at any time from your browser settings; our analytics also automatically honors Global Privacy Control and Do-Not-Track signals.

13. Changes to the Privacy Policy

We want our data protection rules to be transparent and aligned with how you actually use the Website. Therefore, this Policy may be updated from time to time.

The most current version of this document will always be available on this page, together with the date from which it takes effect.

This version of the Policy is effective as of: July 1, 2026