Tableread

Privacy Policy

Last updated: April 30, 2026

This is an interim policy. Tableread is in alpha and this page is a working summary of how we handle data today. A full, lawyer-reviewed policy will replace it before public launch. Questions in the meantime go to contact.

Cookies and similar storage

Tableread uses only the cookies and browser storage strictly necessary to run the service. We do not use advertising, marketing, analytics, or cross-site tracking cookies, and we don't embed third-party trackers like Google Analytics, Meta Pixel, or similar services.

What we do set:

  • Authentication — Supabase sets HttpOnly session cookies (sb-access-token, sb-refresh-token) so we can keep you signed in. Without these, login doesn't work.
  • Bot protection — Cloudflare sets cookies (cf_clearance, _cfuvid) to distinguish humans from automated traffic during signup and high-risk actions.
  • Payment / video features — Stripe and Mux set their own cookies on the specific pages where their checkout or video player is embedded. They're only present when you use those features.
  • Local preferences — your browser's localStorage holds non-sensitive UI preferences (e.g., chosen content format on the reviews page) so the site remembers your selections. Cleared when you clear browser data.

Each of these is required for the service to function. EU GDPR / ePrivacy and California CCPA don't require consent banners for strictly-necessary cookies, so Tableread doesn't show one. The day we add anything non-essential — analytics, advertising, tracking — we'll add the banner and ask before setting it.

What we collect

Account data. Email, chosen username, display name, password hash (we never see your raw password), profile fields you fill out.

Activity. Reviews, lists, purchases, messages, follows, votes, and other interactions you make on the platform.

Identity verification (optional). If you opt into identity verification via Stripe Identity, Stripe collects government ID and selfie data on our behalf and tells us only whether the verification passed. We never receive or store the underlying documents.

Payments (optional). If you subscribe or purchase from the marketplace, Stripe processes the card and stores it. We see only a customer ID and high-level transaction metadata. We never see or store credit card numbers.

Technical. Standard server logs (IP, user agent, timestamps) for security and debugging.

How we use it

To run the service: authenticate you, show you content, deliver messages, process payments, enforce community standards.

To communicate: account confirmations, password resets, security alerts, and (when you opt in) product updates.

We do not sell your data. We do not use it to train AI models.

Who we share with

Service providers we depend on, in their own scope only:

  • Supabase — auth, database, and file storage
  • Stripe — payments, identity verification, marketplace payouts
  • Mux — video hosting and streaming
  • Resend — transactional email delivery
  • Vercel — application hosting
  • Cloudflare — DNS, network security, bot protection

We disclose information when legally compelled or to protect the platform and its users from harm.

Your rights

You can edit or delete most of your data from your settings. For full account deletion, email us through contact and we will remove your account and associated data within 30 days, subject to legal retention obligations (e.g., financial records for marketplace transactions).

You can opt out of product-update emails at any time. Transactional emails (signup, password reset, security) are required and cannot be disabled while your account is active.

Changes

When this policy changes meaningfully, we'll update the date above and notify active users by email. Continued use after a change means you accept the updated terms.

Contact

Questions, deletion requests, or concerns: tableread.com/contact.

Privacy Policy | Tableread