What we collect, what we don’t.

Reading os.me is anonymous. We don’t make you sign in. We don’t track you across the web. The only personal information we store is the bare minimum needed to run a Privilege Pass account, and we never sell or rent it.

Reading anonymously

Almost nothing. Your browser sends standard request data — user agent, referrer, an IP address — which we use only to keep the site running and to figure out which currency to show you on the membership page. We store a small cookie called os_country(a two-letter country code) so we don’t have to detect your region on every request. We do not run third-party analytics or advertising trackers.

If you create a Privilege Pass account

We store:

• Your email address.
• A display name (whatever you put in, often your first name).
• An optional country.
• The date you joined.
• The plan you bought (Annual or Lifetime), the dates, and the amount paid.
• A reference to the payment processor’s transaction id, so we can match a charge to a person and issue refunds.
• An encrypted password if you set one.

If you write a comment

The comment itself, your display name, and the time it was posted. Comments are tied to your account so you can edit or delete them.

What we deliberately do not store

• Card numbers, CVVs, or full card details. Stripe and Razorpay handle those directly.
• Browsing history across other websites.
• Behavioural advertising profiles.
• Marketing-style cookies. The cookies we do set are functional only.

To run os.me we send your data to a few specialised services. They only see what they need to do their job, and each is bound by their own published privacy terms.

• Supabase— hosts our database and handles account authentication.
• Vercel— serves the website itself.
• Stripe— processes USD card payments.
• Razorpay— processes INR payments (UPI, cards, netbanking).
• SendGrid— sends transactional emails (welcome, receipts, password resets).
• Cloudflare Turnstile— captcha on the contact form. It does not use cookies or fingerprinting.
• ipapi.co— one-time IP-to-country lookup for guests in regions without an edge geolocation header. Cached for 30 days as a cookie so we don’t call them again.

• sb-…-auth-token— keeps you signed in. Required for the comments room. Set by Supabase.
• os_country— remembers which currency to show you. Strictly functional. 30-day expiry.
• theme/ season preference — if you toggle dark mode or change the seasonal background. Your choice, stored in your browser.

That’s the whole list. No advertising cookies, no analytics cookies.

You can ask us to:

• Show you everything we have about you.
• Correct anything that’s wrong.
• Delete your account and the data tied to it.
• Export your data in a machine-readable format.
• Stop emailing you (other than essential receipt emails).

Email us@os.mefrom the address tied to your account and we’ll act on the request within 30 days. There’s no form to fill out.

os.me is intended for readers 13 and older. If you’re a parent and discover your child has created an account, write to us@os.meand we’ll remove it.

os.me is operated from California with infrastructure spread across the US, India, and Europe (whichever Supabase / Vercel region happens to host the request). By using the site you accept that personal data may be transferred between these regions subject to standard contractual safeguards.

We’ll update the “last updated” date at the top when this page changes. Material changes (e.g. a new processor, a new category of data) get an email to all account holders before they take effect.

Privacy questions, deletion requests, or anything else — us@os.me. There’s also a contact form.

os.me · 2261 Market Street, STE 85546, San Francisco, CA 94114