Legal
Privacy Policy
Last updated: May 28, 2026
1. Who We Are
ListTrim ("we", "us", "our") operates the website at listtrim.com and the ListTrim subscriber-cleaning service. If you have any questions about this policy, contact us at privacy@listtrim.com.
2. Information We Collect
Account information
When you sign up, we collect your email address (via Supabase Auth) and store it in your profile. We do not collect passwords.
Beehiiv credentials
To connect your newsletter, you provide a Beehiiv API key and Publication ID. These are encrypted with AES-256-GCM before being written to our database. The plaintext values are never logged and are only decrypted in-memory during a scan or clean operation.
Scan and clean statistics
Each time you run a scan or clean, we store aggregate numbers only: total subscribers analysed, ghost count, ghosts removed, and estimated cost savings. We do not store individual subscriber email addresses, names, or any personally identifiable information belonging to your subscribers.
Payment information
Payments are handled by Paddle (our Merchant of Record). ListTrim never receives or stores your credit card details. Paddle provides us with a customer ID, subscription ID, and plan status only.
Usage data
We collect standard server logs (IP address, browser type, pages visited, timestamps) to diagnose errors and improve performance. Logs are retained for 30 days and then deleted.
3. How We Use Your Information
- To authenticate you and provide access to the Service.
- To connect to your Beehiiv account and perform the scans and cleans you request.
- To manage your subscription and process billing through Paddle.
- To send transactional emails (clean summaries, notifications) via Resend.
- To run scheduled auto-clean jobs when you have enabled that feature.
- To detect abuse, fraud, and security incidents.
- To improve and maintain the platform.
We do not use your data for advertising, sell it to third parties, or use it to train machine-learning models.
4. Legal Bases for Processing (GDPR)
For users in the European Economic Area (EEA) and United Kingdom, our legal bases for processing are:
- Contract performance — processing necessary to deliver the Service you signed up for.
- Legitimate interest — security monitoring, fraud prevention, and service improvement.
- Legal obligation — complying with applicable laws and regulations.
5. Data Sharing
We share data only with the following third-party processors:
| Processor | Purpose | Data shared |
|---|---|---|
| Supabase | Database & auth | Email, encrypted credentials, job stats |
| Paddle | Payments | Email, country, subscription status |
| Resend | Transactional email | Email address, clean summary |
| Inngest | Scheduled jobs | User ID, job trigger event |
| Vercel | Hosting | Standard server logs |
We do not share data with any other parties unless required by law.
6. Data Retention
We retain your account data for as long as your account is active. Clean job statistics are retained indefinitely so you can view your full history. If you delete your account, all associated data (profile, credentials, job history) is permanently deleted within 30 days.
7. Security
We use industry-standard safeguards including AES-256-GCM encryption for sensitive credentials, TLS in transit, row-level security in Supabase, and regular dependency audits. No system is 100% secure; if you discover a vulnerability please contact us at security@listtrim.com.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your account and associated data.
- Restrict or object to processing.
- Export your data in a portable format.
You can delete your account directly from the Settings page or by emailing privacy@listtrim.com. We will respond to all requests within 30 days.
9. Cookies
ListTrim uses only essential cookies: an authentication session cookie set by Supabase and a cookie to remember your preferences. We do not use advertising cookies or third-party trackers. You can disable cookies in your browser, but doing so will prevent you from logging in.
10. Children's Privacy
The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have done so, contact us immediately and we will delete the data.
11. Changes to This Policy
We may update this policy from time to time. We will notify you by email or via an in-app notice at least 14 days before any material changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
12. Contact
For any privacy-related questions or requests, email us at privacy@listtrim.com.