Difficult Opinions

Thought-provoking perspectives on news, politics, and culture.

Subscribe

Privacy Policy

How we collect, use, and disclose your information

Last updated: January 10, 2026

This Privacy Policy describes how Difficult Opinions ("Company," "we," "us," or "our") collects, uses, and discloses your information when you use our Service. We are committed to protecting your privacy and handling your data in an open and transparent manner.

Interpretation and Definitions

Definitions

  • Account means a unique account created for You to access our Service.
  • Company refers to Three Things Media / Difficult Opinions, Postfach 101015, DE-85010 Ingolstadt, Deutschland.
  • Cookies are small files placed on Your device containing browsing history details.
  • Data Controller refers to the Company as the legal person which determines the purposes and means of the processing of Personal Data.
  • Device means any device that can access the Service.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Website.
  • Website refers to Difficult Opinions, accessible from difficultopinions.com
  • You means the individual accessing or using the Service.

Data Controller

The Data Controller responsible for your Personal Data is:

Three Things Media / Difficult Opinions
Postfach 101015
DE-85010 Ingolstadt, Deutschland
Email: info@difficultopinions.com

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. This includes:

  • Email address (required for account creation)
  • Display name (optional, shown publicly on comments)
  • Profile avatar (optional)
  • Payment information (processed securely by Stripe for subscriptions; we do not store card details)

Usage Data

Usage Data is collected automatically when using the Service. We use a privacy-focused, first-party analytics system with the following characteristics:

  • No IP addresses stored: Your IP address is used only to generate a one-way cryptographic hash, then immediately discarded. The raw IP is never stored in our database.
  • No cookies or tracking pixels: We do not use cookies, web beacons, or any client-side tracking technologies for analytics.
  • Server-side collection only: All analytics are collected server-side with no JavaScript tracking code running in your browser.
  • No cross-day tracking: Visitor identifiers reset daily. We cannot track you across multiple days.
  • Anonymized session data: Session identifiers are generated using time-based salts that expire hourly.

The anonymized usage data we collect includes:

  • Pages visited (path only, no query parameters)
  • Referring domain (not full URL)
  • Country and region code (coarse geolocation only, no city or precise location)
  • Device category (desktop, mobile, or tablet)
  • Browser family (e.g., Chrome, Firefox, Safari)
  • Operating system family (e.g., Windows, macOS, iOS)
  • Page performance metrics (load times)

Data retention: Raw analytics events are automatically deleted after 90 days. Only aggregated, anonymous statistics are retained long-term.

Information from Third-Party Services

We allow You to create an account and log in through the following third-party services:

  • Google: For social login. We receive your email address, name, and profile picture.
  • Patreon: For login and subscription management. We receive your email address, name, profile picture, and membership status (patron tier and pledge amount).

If You decide to register through or link a third-party service, We collect Personal Data associated with Your account as described above. You can link these services to an existing email/password account for convenience.

Patreon Integration: If you are a Patreon supporter, linking your Patreon account allows us to verify your membership status and provide premium access. We store your Patreon user ID, current tier, and pledge amount to manage your subscription. Patreon sends us webhook notifications when your membership status changes (e.g., new pledge, tier change, or cancellation) so we can update your access accordingly.

Tracking Technologies and Cookies

We do not use tracking cookies for analytics. Our analytics system is entirely server-side and does not place any tracking cookies on your device.

We use only essential cookies required for the Service to function:

  • Authentication cookies: Session cookies to keep you logged in when you have an account. These are strictly necessary for the Service and are not used for tracking.
  • Preference cookies: To remember your settings (such as dark mode preference or whether to hide AI summaries).

We do not use:

  • Third-party tracking cookies
  • Advertising or marketing cookies
  • Web beacons or tracking pixels
  • Browser fingerprinting

Legal Basis for Processing (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data concerned and the context in which we collect it. We may process your Personal Data because:

  • We need to perform a contract with you (e.g., providing our Service)
  • You have given us consent to do so
  • The processing is in our legitimate interests and not overridden by your rights
  • We need to comply with legal obligations

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including monitoring usage
  • To manage Your Account and registration as a user
  • For the performance of a contract, including purchases and subscriptions
  • To contact You with newsletters, marketing, and promotional materials (with your consent where required)
  • To manage Your requests and provide customer support
  • For business transfers, such as mergers or acquisitions
  • For data analysis to improve our Service, products, and user experience
  • To detect, prevent and address technical issues, fraud, and security concerns
  • To enforce our terms and policies

Sharing Your Personal Data

We may share Your personal information in the following situations:

  • With Service Providers: To monitor and analyze Service use, process payments, and provide customer support
  • For business transfers: In connection with mergers, acquisitions, or asset sales
  • With Affiliates: With our parent company, subsidiaries, or joint venture partners
  • With business partners: To offer certain products, services, or promotions
  • With other users: When you share information publicly or interact in public areas
  • With Your consent: For any other purpose with your explicit consent
  • With law enforcement: If required by law or to protect our rights

Third-Party Service Providers

We employ third-party companies and individuals to facilitate our Service, including:

  • Payment/Subscription: Stripe (for direct payments) and Patreon (for membership management)
  • Cloud hosting: Vercel (website hosting) and Supabase (database and authentication)
  • Email service: For transactional emails (account verification, password resets, security notifications)
  • AI services: OpenAI (for generating article summaries and SEO descriptions)
  • Authentication: Google OAuth and Patreon OAuth (for social login)

Note: We do not use third-party analytics services such as Google Analytics. All analytics are processed by our own first-party system as described in the Usage Data section above.

Fonts

Our website uses custom fonts (Roboto Slab and Poppins) to provide consistent typography across our Service. These fonts are self-hosted on our servers for your privacy and GDPR compliance.

Self-Hosted Fonts: All fonts are served directly from our domain (difficultopinions.com). This means:

  • No data is transmitted to third-party services when loading fonts
  • Your IP address and browser information remain private
  • Faster loading times as fonts are served from our CDN
  • Full GDPR compliance - no data transfer to external font providers

Font Files: The font files we use are based on Google Fonts (Roboto Slab and Poppins), but they are downloaded and served from our own infrastructure. No connection is made to Google's servers when you visit our website.

International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country. If you are located outside Germany and choose to provide information to us, please note that we transfer the data to Germany and process it there.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy:

  • Account data: Retained while your account is active. You may delete your account at any time.
  • Analytics data: Raw, anonymized analytics events are automatically deleted after 90 days. Only aggregated statistics (containing no individual identifiers) are retained long-term.
  • Transaction records: Payment and subscription records are retained as required by law for accounting purposes.
  • Comments and content: User-generated content is retained until you delete it or your account.

We may also retain data to comply with legal obligations, resolve disputes, and enforce our agreements.

Your Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights:

  • Right of access: You can request copies of your personal data
  • Right to rectification: You can request correction of inaccurate data
  • Right to erasure: You can request deletion of your personal data
  • Right to restrict processing: You can request restriction of processing
  • Right to data portability: You can request transfer of your data
  • Right to object: You can object to processing of your personal data
  • Right to withdraw consent: You can withdraw consent at any time

To exercise these rights, please contact us at info@difficultopinions.com.

California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal data is being collected about you
  • Know whether your personal data is sold or disclosed and to whom
  • Say no to the sale of personal data
  • Access your personal data
  • Request deletion of your personal data
  • Not be discriminated against for exercising your privacy rights

We do not sell personal information.

Do Not Track Signals

Our analytics system is designed with privacy as the default. Because we do not use tracking cookies, do not track users across days, and do not share data with third-party advertisers, our system inherently respects the spirit of Do Not Track (DNT) signals regardless of your browser settings.

Security of Your Personal Data

The security of Your Personal Data is important to Us. We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (SSL/TLS)
  • Secure data storage
  • Access controls and authentication
  • Regular security assessments

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Children's Privacy

Our Service does not address anyone under the age of 16. We do not knowingly collect personally identifiable information from anyone under 16. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us so we can take necessary action.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending you an email notification (for material changes)

You are advised to review this Privacy Policy periodically for any changes.

Complaints

If you have concerns about our data processing practices, you have the right to lodge a complaint with your local data protection authority. For Germany, this is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

Contact Us

If you have any questions about this Privacy Policy, You can contact us: