Privacy Policy
Effective May 26, 2026 · Last updated May 26, 2026
Our Promises
Before the detailed disclosures, here’s what we commit to. These are commitments, not marketing language:
We don’t sell your personal information. Not to advertisers, not to data brokers, not to anyone. This is our most important promise.
We don’t use your data to train AI models. Your email address, your reading patterns, your engagement with newsletter issues — none of it gets used to train machine learning systems. (We report on this issue every week; we couldn’t credibly do that and quietly train on our own readers.)
We don’t build behavioral profiles of you for advertising. We don’t show ads on the site or in the newsletter today. If we ever do, we won’t profile individual readers for ad targeting — see Section 6.
We minimize what we collect. If we don’t need it to operate the site or deliver the newsletter, we don’t ask for it.
We tell you when things change. Material changes to this policy get at least 14 days’ notice to active subscribers, with the prior version archived so you can see what changed.
The rest of this policy explains how we keep these promises.
1. Who This Policy Covers
This Privacy Policy describes how Somantix Inc. (“Somantix,” “we,” “us,” “our”) handles personal information for:
- The Somantix website at [somantix.ai]
- The Ledger newsletter
- Any communications you send us
This policy doesn’t cover other Somantix software products (the Wrapper, the Vault, the Validator) — those have their own privacy practices documented separately.
2. What We Collect
| What | When | Why |
|---|---|---|
| Email address | When you subscribe to The Ledger | To send you the newsletter |
| Name (optional) | If you choose to provide it during subscription | To address newsletter emails to you by name, if you want |
| What you do (optional) | If you choose to provide it | To understand who reads The Ledger so we write better content |
| Email engagement data | When you receive a newsletter email | To know whether the newsletter is reaching you and being read |
| Website usage data | When you visit the site | To understand which articles people read, find issues, and improve the site |
| IP address | When you visit the site | For security, abuse prevention, and approximate location (country/region only) |
| Anything you send us | When you contact us | To respond to you |
That’s the complete list. If we ever start collecting something not on this table, we’ll update this section first.
3. What We Don’t Collect
We want to be specific here too:
No payment information. The newsletter is currently free; we don’t collect payment data.
No social security numbers, government IDs, or biometric data.
No precise geolocation. Our analytics show country and region; we don’t track street-level location.
No data from third parties about you. We don’t buy data, append data, or augment what you’ve given us.
No reading-level behavioral profiles for advertising. See Section 6.
No cross-site tracking pixels beyond what Google Analytics drops for measurement (Section 5).
4. How We Use What We Collect
For each thing we collect:
Your email: deliver the newsletter; respond if you write to us
Your name and what you do: we may personalize the greeting (if you gave us a name) and inform our editorial direction (if you told us your role)
Email engagement: understand whether issues land — what gets opened, what gets clicked. We use this in aggregate, not to build individual profiles.
Website usage: understand which articles work and which don’t; debug issues
IP address: detect abuse, approximate location, security
Correspondence: respond to you and keep records of what we discussed
We don’t repurpose this data for anything beyond what’s listed. If we want to use your data for a new purpose, we’ll ask first.
5. Google Analytics
We use Google Analytics to understand site traffic. This is the only third-party measurement tool currently on the site.
What Google Analytics collects:
Pages you visit and how long you spend on each
The site that referred you (if any)
Approximate location based on IP address (country/region)
Browser, operating system, device type
A cookie that lets Google recognize repeat visits
What we use it for: understanding which articles get read, where readers come from, and how to improve the site.
What it doesn’t do here:
We don’t connect Google Analytics data to your email address or your newsletter subscription.
We don’t use it to build behavioral profiles for advertising.
We don’t share Google Analytics data with advertisers.
How to opt out:
Use the official Google Analytics Opt-Out Browser Add-On: https://tools.google.com/dlpage/gaoptout
Use your browser’s “Do Not Track” setting (we honor it for non-essential analytics)
Block cookies in your browser settings
Use a privacy-focused browser or extension
Opting out doesn’t affect your access to the site or the newsletter in any way.
We’ve considered moving to a privacy-first analytics tool (such as Plausible or Fathom) that doesn’t drop cookies or share data with Google. If we do, we’ll update this section and notify subscribers in advance.
6. Future Advertising
The site and newsletter are currently ad-free, and we don’t share any data with advertisers.
If our readership grows to the point where we consider showing ads — sponsorships, display ads, or other formats — these are our commitments before any change takes effect:
Advance notice. At least 30 days before the first ad appears, we’ll email all subscribers with specifics about what’s changing.
Plain-language explanation. We’ll explain exactly what new data collection or sharing would happen — what advertisers would see, what they wouldn’t, and what your options are.
No retroactive ad tracking. Data we collected under this version of the Privacy Policy won’t be used for ad targeting or shared with advertisers retroactively.
No individual behavioral profiles for ad targeting. If we run ads, they’ll be contextual (based on the article being read) or sponsorship-style (a single advertiser per issue, not a network), not behaviorally targeted based on your specific reading patterns.
No data sales. We won’t sell your data to advertisers under any future ad model.
Easy exit. You’ll be able to unsubscribe and ask for full data deletion before any change takes effect.
We commit to these standards because we report on advertising-infrastructure changes every week. We’ve watched a lot of publications quietly turn into ad-tech middleware. We won’t do that to our readers.
7. Who Has Access to Your Data
Inside Somantix: only the people who need access to do their job (currently a small team).
Service providers we use:
| Provider | What they do | What they get |
|---|---|---|
| Beehiiv | Newsletter delivery and email engagement analytics | Your email, name, engagement data |
| AWS | Serves the site | Standard server logs, including IP |
| Google Analytics | Website usage measurement | What’s described in Section 5 |
| Google Suite | Lets us respond to email | Email correspondence |
All providers are bound by contract to use your data only for the purposes we specify. They can’t use it for their own marketing, training, or anything else.
Authorities: if law enforcement or a court requires us to share data through valid legal process, we’ll comply. We’ll tell you about it unless we’re legally prohibited from doing so. We don’t proactively share data with authorities.
Transparency report: we publish a quarterly transparency report at [somantix.ai/transparency] showing how many government and legal requests for data we received, what we shared, and what we challenged. Currently: zero requests received. If that ever changes, you’ll see it there.
No one else. We don’t share data with anyone outside this list.
8. How Long We Keep It
| Data | Retention |
|---|---|
| Your subscription (email, name, role) | While your subscription is active, plus up to 12 months after unsubscribe to manage opt-out compliance and resubscription |
| Email engagement data | Up to 24 months in identifiable form; aggregated indefinitely |
| Google Analytics data | 14 months at Google (we use the shortest available retention) |
| Server logs | 90 days |
| Correspondence with us | As long as needed to resolve the issue, then up to 24 months for records |
When we delete data, we delete it from active systems. Backups roll off according to our standard schedule (currently 30 days).
You can ask us to delete your data sooner — see Section 10.
9. International Data Transfers
The site is operated from the United States. If you’re outside the US, your data is transferred to and stored in the US.
For users in the EEA, UK, or Switzerland: we rely on Standard Contractual Clauses (or the UK International Data Transfer Agreement) as our transfer mechanism. You can request a copy of the applicable safeguards by emailing [privacy@somantix.ai].
10. Your Rights
Wherever you live, you can:
Unsubscribe anytime via the link at the bottom of any newsletter, or by emailing [unsubscribe@somantix.ai]
Ask what data we have about you and get a copy
Correct it if it’s wrong
Delete it — we’ll remove your data from our systems within 30 days
Object to specific uses (where applicable)
Stop receiving non-critical emails (you’ll still get transactional emails like unsubscribe confirmations)
To exercise any of these rights, email [privacy@somantix.ai]. We’ll respond within 30 days. If we need to verify your identity before fulfilling a request, we’ll tell you exactly what we need.
If you’re in the EEA, UK, or Switzerland, you also have:
The right to data portability (we provide an email export on request)
The right to lodge a complaint with your local data protection authority
The right to withdraw consent at any time
If you’re in California, you have rights under the CCPA/CPRA. We don’t sell your personal information as that term is defined under the CCPA. You can request disclosure, deletion, or correction by emailing the address above.
If you’re in Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, or another US state with comprehensive privacy law, you have substantially the same rights and can exercise them the same way.
We don’t make you jump through hoops to exercise your rights. Email us and we’ll handle it.
11. Children’s Privacy
The site isn’t directed at children under 16. We don’t knowingly collect data from anyone under 16. If you believe a minor has subscribed or shared data with us, tell us at [privacy@somantix.ai] and we’ll delete it.
12. Security
We take reasonable measures to protect your data:
Data in transit is encrypted with TLS
Access to subscriber data is limited to people who need it
We don’t store payment information ourselves
Service providers are vetted for their security practices
No system is perfectly secure, and we won’t pretend otherwise. If we have a security incident affecting your data, we’ll notify you in compliance with applicable breach-notification laws — and likely sooner than required.
If you find a security issue, please report it to [security@somantix.ai]. We have a responsible disclosure program and won’t take legal action against good-faith researchers.
13. Do Not Track
There’s no industry standard for how to respond to “Do Not Track” browser signals, but we respect them for non-essential analytics. If your browser sends a DNT signal, we’ll exclude your session from Google Analytics where technically feasible.
14. Changes to This Policy
We may update this policy. When we do:
The “Last Updated” date at the top changes
For material changes, we’ll email subscribers at least 14 days before the change takes effect
Prior versions stay accessible at [somantix.ai/privacy/archive]
We track and write about other platforms’ quiet policy changes every week. We’d lose all credibility if we made our own quiet changes. The archive is a commitment, not a feature.
15. Contact
For privacy questions, data requests, complaints, or anything else covered by this policy:
- General: hello@somantix.ai
- Privacy: privacy@somantix.ai
- Security: security@somantix.ai
- Corrections: corrections@somantix.ai
- Legal: legal@somantix.ai
- Press Inquiries: press@somantix.ai
- Unsubscribe: unsubscribe@somantix.ai
For EEA/UK/Switzerland users: you can also contact your local data protection authority. A list of authorities is available on the European Data Protection Board website.