Privacy Policy

Last updated: June 7, 2026

The Yesterday Times (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our service, including creating and saving newspapers.

1. Data We Collect

We collect personal data to provide and improve our service. Specifically, we collect:

  • Authentication & Profile Data: Email address, username, Google account ID (if you sign in using Google OAuth), and session tokens.
  • Generated & User Content: The newspapers, custom articles, dates, topics, and edition names you create or supply — including, for personalized or gift editions, information about other people such as a recipient name, occasion, facts, and any photo you upload.
  • Technical Data: Authentication tokens stored in your browser’s local storage (localStorage), and basic server logs (such as IP address and request metadata) used for security and reliability.

If you provide personal data about another person, you confirm that you have the right and any necessary consent to share that information with us for the purpose of fulfilling your request.

2. How We Use Your Data

  • To authenticate your identity and manage your account.
  • To generate newspaper pages tailored to your inputs and date choices.
  • To send transactional emails (such as welcome, password reset).
  • To secure, debug, maintain, and improve the Service, and to comply with legal obligations.

3. Legal Basis for Processing

  • Performance of a Contract: To provide the services you request, including creating newspapers.
  • Consent: Where you have given consent (e.g., OAuth login, or submitting another person's details).
  • Legitimate Interests: To secure, optimize, and maintain our platform and accounts.
  • Legal Obligation: To retain certain records for tax, accounting, and compliance purposes.

4. Third-Party Data Sharing

We share data with trusted third-party providers (sub-processors) only as needed to operate the Service:

  • Google: Secure single sign-on via Google OAuth.
  • Resend: Delivery of transactional emails (receives your email address and message content).
  • Photo Archive Providers: Image search (query only — no personal identifiers are shared).
  • Editorial Generation Providers: The date, topics, and edition details you provide, including personalization text or photos, are sent to the configured editorial provider to compose your page. Our production provider contract limits use of your inputs and generated content to service delivery, security, and abuse monitoring.
  • Amazon Web Services (AWS S3): Secure storage of saved newspaper files.

We do not sell your personal data. We may disclose data if required by law, to enforce our Terms, or to protect the rights, safety, and security of our users or the public.

5. International Data Transfers

Our providers may be located in various countries, including outside your country or region. Where personal data is transferred internationally, we rely on the providers’ safeguards and applicable transfer mechanisms to protect your data consistent with this Policy.

6. Cookies & Local Storage

We do not use tracking cookies for advertising. We use the browser’s local storage (localStorage) solely to store your authentication session tokens so you can remain logged in between visits.

7. Data Security

We take reasonable technical and organizational measures to protect your data, including password hashing and encrypted transport (HTTPS). No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a personal data breach that affects you, we will notify you and the relevant authorities where required by applicable law.

8. Data Retention

We retain your personal data and generated content for as long as your account remains active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal information, except where we are legally required to retain certain records.

9. Children’s Privacy

The Service is intended for adults. We do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided us personal data, please contact us and we will take appropriate steps to delete it.

10. Your Rights

Depending on your location, you may have rights under local privacy and data protection laws, including:

  • The right to access the personal data we hold about you.
  • The right to request correction or deletion of your personal data.
  • The right to withdraw consent and to object to or restrict certain processing.
  • The right to data portability, and to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us using the details below. We will respond within the timeframe required by applicable law.

11. Contact & Grievances

For any questions about this Privacy Policy, to exercise your rights, or to raise a grievance, contact The Yesterday Times using the email address below.

Email: support@theyesterdaytimes.com

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above. Material changes will be posted on this page and take effect when posted.