Difficult Opinions

Thought-provoking perspectives on news, politics, and culture.

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: May 14, 2026

This Privacy Policy describes how Difficult Opinions ("Company," "we," "us," or "our") collects, uses, and discloses your information when you use our website, iOS app, account features, premium content, messaging tools, and related services. We are committed to protecting your privacy and handling your data in an open and transparent manner.

Interpretation and Definitions

Definitions

  • Account means a unique account created for You to access our Service.
  • Company refers to Three Things Media / Difficult Opinions, Härtingerstr. 29, 85051 Ingolstadt, Deutschland.
  • Cookies are small files placed on Your device containing browsing history details.
  • Data Controller refers to the Company as the legal person which determines the purposes and means of the processing of Personal Data.
  • Device means any device that can access the Service.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Difficult Opinions website, iOS app, account services, content APIs, premium features, messaging tools, and related services.
  • Website refers to Difficult Opinions, accessible from difficultopinions.com.
  • You means the individual accessing or using the Service.

Data Controller

The Data Controller responsible for your Personal Data is:

Three Things Media / Difficult Opinions
Härtingerstr. 29
85051 Ingolstadt, Deutschland
Email: info@difficultopinions.com

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. This includes:

  • Email address (required for account creation and sign-in)
  • Name or display name (optional profile information and social sign-in data)
  • Profile avatar (optional)
  • Purchase status and entitlement history for premium access
  • Payment information processed securely by Apple for App Store purchases or Stripe for eligible web payments; we do not store card details
  • Messages and submissions you choose to send, including contact forms, newsletter signups, anonymous show messages, and voice message audio
  • Device identifiers used for push notifications if you enable them

Usage Data

Usage Data is collected automatically when using the Service. We use a privacy-focused, first-party analytics system with the following characteristics:

  • No IP addresses stored: Your IP address is used only to generate a one-way cryptographic hash, then immediately discarded. The raw IP is never stored in our database.
  • No cookies or tracking pixels: We do not use cookies, web beacons, or any client-side tracking technologies for analytics.
  • Server-side collection only: All analytics are collected server-side with no JavaScript tracking code running in your browser.
  • No cross-day tracking: Visitor identifiers reset daily. We cannot track you across multiple days.
  • Anonymized session data: Session identifiers are generated using time-based salts that expire hourly.

The anonymized usage data we collect includes:

  • Pages visited (path only, no query parameters)
  • Referring domain (not full URL)
  • Country and region code (coarse geolocation only, no city or precise location)
  • Device category (desktop, mobile, or tablet)
  • Browser family (e.g., Chrome, Firefox, Safari)
  • Operating system family (e.g., Windows, macOS, iOS)
  • Page performance metrics (load times)

Data retention: Raw analytics events are automatically deleted after 90 days. Only aggregated, anonymous statistics are retained long-term.

Information from Third-Party Services

We allow You to create an account and log in through the following third-party services:

  • Apple: For Sign in with Apple in the iOS app. We receive the account identifier and any name or email address Apple provides according to your Apple settings.
  • Google: For social login. We may receive your email address, name, profile picture, and account identifier.

If You decide to register through or link a third-party service, We collect Personal Data associated with Your account as described above. You can link these services to an existing email/password account for convenience.

Tracking Technologies and Cookies

We do not use tracking cookies for analytics. Our analytics system is entirely server-side and does not place any tracking cookies on your device.

We use only essential cookies required for the Service to function:

  • Authentication cookies: Session cookies to keep you logged in when you have an account. These are strictly necessary for the Service and are not used for tracking.
  • Preference cookies: To remember your settings (such as dark mode preference or whether to hide AI summaries).

The iOS app stores local preferences such as theme, reading settings, notification settings, cached authentication state, and locally restored App Store entitlement state. These preferences are used for app functionality and are not used for cross-app tracking.

We do not use:

  • Third-party tracking cookies
  • Advertising or marketing cookies
  • Web beacons or tracking pixels
  • Browser fingerprinting

Legal Basis for Processing (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data concerned and the context in which we collect it. We may process your Personal Data because:

  • We need to perform a contract with you (e.g., providing our Service)
  • You have given us consent to do so
  • The processing is in our legitimate interests and not overridden by your rights
  • We need to comply with legal obligations

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including monitoring usage
  • To manage Your Account and registration as a user
  • For the performance of a contract, including purchases and subscriptions
  • To contact You with newsletters, marketing, and promotional materials (with your consent where required)
  • To manage Your requests and provide customer support
  • For business transfers, such as mergers or acquisitions
  • For data analysis to improve our Service, products, and user experience
  • To detect, prevent and address technical issues, fraud, and security concerns
  • To enforce our terms and policies

Sharing Your Personal Data

We may share Your personal information in the following situations:

  • With Service Providers: To monitor and analyze Service use, process payments, and provide customer support
  • For business transfers: In connection with mergers, acquisitions, or asset sales
  • With Affiliates: With our parent company, subsidiaries, or joint venture partners
  • With business partners: To offer certain products, services, or promotions
  • With other users: When you share information publicly or interact in public areas
  • With Your consent: For any other purpose with your explicit consent
  • With law enforcement: If required by law or to protect our rights

Third-Party Service Providers

We employ third-party companies and individuals to facilitate our Service, including:

  • Payment/Subscription: Apple App Store for iOS in-app purchases and Stripe for eligible web payments
  • Authentication: Three Things Media Accounts, Sign in with Apple, and Google OAuth where available
  • Push notifications: OneSignal for optional new-article and livestream notifications
  • Cloud hosting: Cloudflare and Three Things Media services for website hosting, app APIs, account services, data storage, and security
  • Email service: For transactional emails (account verification, password resets, security notifications)
  • AI services: Three Things Media AI for editorial summaries and metadata generation
  • Merchandise: Fourthwall for product browsing, checkout, payment, fulfillment, shipping, and related support
  • Embedded media and links: YouTube, Spotify, Apple Podcasts, Bluesky, X, and similar providers when you choose to view or open their media

Note: We do not use third-party analytics services such as Google Analytics. All analytics are processed by our own first-party system as described in the Usage Data section above.

Fonts

Our website uses custom fonts (Roboto Slab and Poppins) to provide consistent typography across our Service. These fonts are self-hosted on our servers for your privacy and GDPR compliance.

Self-Hosted Fonts: All fonts are served directly from our domain (difficultopinions.com). This means:

  • No data is transmitted to third-party services when loading fonts
  • Your IP address and browser information remain private
  • Faster loading times as fonts are served from our CDN
  • Full GDPR compliance - no data transfer to external font providers

Font Files: The font files we use are based on Google Fonts (Roboto Slab and Poppins), but they are downloaded and served from our own infrastructure. No connection is made to Google's servers when you visit our website.

International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country. If you are located outside Germany and choose to provide information to us, please note that we transfer the data to Germany and process it there.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy:

  • Account data: Retained while your account is active. You may delete your account at any time.
  • Analytics data: Raw, anonymized analytics events are automatically deleted after 90 days. Only aggregated statistics (containing no individual identifiers) are retained long-term.
  • Transaction records: Payment and subscription records are retained as required by law for accounting purposes.
  • User-generated content: Comments, feedback, show messages, voice messages, and similar submissions are retained as needed to operate those features unless deleted or anonymized under applicable policy.
  • Push notification data: Device tokens and notification preferences are retained while notifications are enabled or while needed to honor your preferences.

We may also retain data to comply with legal obligations, resolve disputes, and enforce our agreements.

Your Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights:

  • Right of access: You can request copies of your personal data
  • Right to rectification: You can request correction of inaccurate data
  • Right to erasure: You can request deletion of your personal data
  • Right to restrict processing: You can request restriction of processing
  • Right to data portability: You can request transfer of your data
  • Right to object: You can object to processing of your personal data
  • Right to withdraw consent: You can withdraw consent at any time

To exercise these rights, please contact us at info@difficultopinions.com.

California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal data is being collected about you
  • Know whether your personal data is sold or disclosed and to whom
  • Say no to the sale of personal data
  • Access your personal data
  • Request deletion of your personal data
  • Not be discriminated against for exercising your privacy rights

We do not sell personal information.

Do Not Track Signals

Our analytics system is designed with privacy as the default. Because we do not use tracking cookies, do not track users across days, and do not share data with third-party advertisers, our system inherently respects the spirit of Do Not Track (DNT) signals regardless of your browser settings.

Security of Your Personal Data

The security of Your Personal Data is important to Us. We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (SSL/TLS)
  • Secure data storage
  • Access controls and authentication
  • Regular security assessments

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Children's Privacy

Our Service does not address anyone under the age of 16. We do not knowingly collect personally identifiable information from anyone under 16. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us so we can take necessary action.

Account Deletion

You may delete your account from the Profile screen in the iOS app or by contacting us. Account deletion removes or anonymizes account data under our control, except where we must retain limited records for security, fraud prevention, accounting, legal compliance, dispute resolution, or completed transactions.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending you an email notification (for material changes)

You are advised to review this Privacy Policy periodically for any changes.

Complaints

If you have concerns about our data processing practices, you have the right to lodge a complaint with your local data protection authority. For Germany, this is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

Contact Us

If you have any questions about this Privacy Policy, You can contact us: