Privacy Policy

Overview

TownPost ("TownPost," "we," "us," or "our") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data.

Information We Collect

Information You Provide

• Account & Newsletter: Your email address when you sign up or subscribe to our newsletter
• Content Preferences: Topics, tags, and digest frequency settings you select
• Contact Forms: Name, email, phone (optional), and message content when you contact us
• Community Submissions: Event details, deals, or other content you submit, along with your email if provided
• Business Registration: Business name, contact email, and payment information when registering as a sponsor or advertiser

Information Collected Automatically

• Usage Data: Pages visited, time spent, and interactions with the site via analytics tools
• Device Information: Browser type, operating system, and device type
• IP Address: Your IP address is never stored in raw form. We hash it using SHA-256 with a server-side salt for spam prevention, rate limiting, and ad fraud detection. The hash cannot be reversed to recover your IP address.
• Cookies: A single httpOnly session cookie (lm_session) used for authentication. This cookie contains only your user ID and expiration — no tracking data.
• Email Engagement: Whether you opened a newsletter or clicked a link, used to measure newsletter effectiveness
• Ad Interactions: Ad impressions and clicks are logged with hashed IP addresses for sponsor performance reporting and fraud prevention

How We Use Your Information

• Newsletter: To send you our daily or weekly digest and important updates
• Authentication: To sign you in via magic-link email (we do not use passwords)
• Personalization: To tailor content based on your topic preferences
• Communication: To respond to your inquiries and support requests
• Content Moderation: To review and publish user-submitted events and deals
• Security: To prevent spam, fraud, and abuse through rate limiting and IP hashing
• Analytics: To understand how people use our site and improve our service
• Advertising: To display and measure local sponsor ads (we do not sell your data to advertisers)

Information Sharing

We do not sell your personal information. We may share data with:

• Service Providers: Third-party services that help us operate (listed below), each bound by their own privacy policies
• Sponsors: Aggregated, anonymized ad performance data (impressions, clicks) — never individual user data
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In the event of a merger or acquisition

Third-Party Services

We use the following third-party services:

• Postmark (email delivery): Sends transactional emails (magic-link login) and broadcast emails (newsletter). Your email address and message content are shared with Postmark. Open/click tracking may be used for newsletter analytics.
• Stripe (payment processing): Processes payments for sponsors and advertisers. Business name, email, and payment details are handled by Stripe. We do not store credit card numbers.
• OpenAI (AI services): Civic meeting transcripts and news article summaries are processed by OpenAI for relevance scoring and summarization. No personal user data is sent to OpenAI.
• Google Analytics (web analytics): Collects anonymized usage data including pages visited and user interactions. Google may use cookies for analytics purposes.
• Google AdSense (advertising): May display advertisements and use cookies to serve ads based on your visits to this and other websites.
• Railway (hosting): Our web application and database are hosted on Railway.
• Cloudflare (DNS and security): Provides DNS, CDN, and DDoS protection services.

Each service has its own privacy policy. We encourage you to review them.

Cookies

We use a minimal number of cookies:

• Authentication: A single httpOnly session cookie (lm_session) to keep you signed in. This cookie is secure, cannot be accessed by JavaScript, and contains only your user ID.
• Analytics: Google Analytics may set cookies to understand site usage patterns.
• Advertising: Google AdSense may set cookies for serving relevant ads.

You can control cookies through your browser settings, but some features (like staying signed in) may not work properly without them.

Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Unsubscribe: Opt out of marketing emails at any time via the unsubscribe link in each newsletter
• Portability: Receive your data in a portable format

To exercise these rights, please contact us.

Data Retention

• Email addresses: Retained until you unsubscribe or request deletion
• Community submissions: Retained indefinitely unless you request removal
• Contact submissions: Retained for up to 2 years
• Ad interaction data: Hashed IP logs retained for up to 90 days
• Analytics data: Aggregated data retained indefinitely; individual data per Google Analytics retention settings (default 14 months)

Security

We implement reasonable security measures to protect your data, including:

• HTTPS encryption for all connections
• IP addresses hashed with SHA-256 and a server-side salt — never stored in raw form
• Magic-link authentication tokens are hashed before storage and expire after use
• httpOnly, secure session cookies that resist XSS attacks
• Rate limiting on forms and API endpoints
• Limited access to personal data

Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect personal information from children under 13.

California Residents (CCPA)

California residents have additional rights under the CCPA, including the right to know what data we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice on our website and updating the "Last updated" date above.

Contact Us

For privacy-related questions or to exercise your rights, please contact us.