Privacy Policy

Last updated: 9 June 2026

Scooped is operated by Bugbear Labs FZE, a free-zone establishment licensed by Sharjah Publishing City Free Zone Authority (License No. 4426652.01), United Arab Emirates. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over it.

It is written to comply with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL) and to align with international standards including GDPR principles where applicable.

We’ve kept it short and plain. If anything is unclear, write to hello@scooped.me and we’ll explain it.

What we collect, and why

1. Email address — when you subscribe. We collect your email address when you sign up to receive the Scooped daily digest. We process this on the basis of your consent (UAE PDPL Article 5). You give that consent by submitting the subscribe form. You can withdraw it at any time by clicking “unsubscribe” in any email or by writing to hello@scooped.me.

2. Subscription engagement data. When we send you the daily digest, our email service provider (Resend, https://resend.com) records whether you opened the email and which links you clicked. This is standard email delivery telemetry. We use it to understand which alerts are useful, to detect delivery problems, and to improve the editorial product. We don’t sell or share this data.

3. Voluntary contact information. If you write to us at hello@scooped.me, or fill in a contact or sponsorship enquiry form, we process the information you send (typically your name, email, and message content) to respond to you. We retain these messages as long as the conversation is active and for 24 months after, then delete.

4. Server logs. Our hosting providers (Netlify, Supabase, Fly.io) maintain standard server access logs that include IP addresses, browser identifiers, and request paths, for security, abuse prevention, and operational debugging. These logs are not used to build profiles of individual readers and are retained for short windows per each provider’s standard policies.

5. Privacy-respecting analytics. We use PostHog (https://posthog.com) for product analytics — to count page views, understand which sections of the site are read, and measure whether the subscribe form works. We run it cookie-free: it stores an anonymous identifier in your browser’s local storage rather than in cookies, and we do not use it for advertising or to track you across other websites. We do not use Google Analytics, Meta Pixel, or any similar third-party advertising tracker.

What we don’t do

• We don’t sell your email address to anyone.
• We don’t share subscriber lists with sponsors. Sponsors see aggregate audience figures, not individual emails.
• We don’t run behavioural advertising. We don’t profile you. We don’t track you across the web.
• We don’t use your data to train external machine-learning models for third parties. We may use aggregate, anonymised reading patterns to improve our own editorial selection.

Where your data lives

• Subscriber emails and engagement data are stored in our Supabase database (hosted in Frankfurt, EU region) and processed by Resend (US-based service, GDPR-compliant).
• Operational data (alerts, sources, publishing pipeline) is stored in Supabase (Frankfurt).
• The worker that processes the publishing pipeline runs on Fly.io infrastructure in Amsterdam.
• The website itself is served by Netlify (global CDN).

Where data is transferred outside the UAE, we rely on the recipient provider’s standard contractual protections and on UAE PDPL Article 22 (cross-border transfer to jurisdictions with adequate protection or under appropriate safeguards).

Your rights

Under UAE PDPL you have the right to:

• Know what personal data we hold about you.
• Access that data — we’ll give you a copy on request.
• Correct any data that’s inaccurate.
• Delete your data and have us stop processing it.
• Withdraw consent at any time. For subscription, the simplest path is the unsubscribe link in any email; we’ll also action it if you write to us.
• Object to specific processing, including any use that doesn’t have a clear lawful basis.
• Restrict processing in disputed circumstances.

To exercise any of these rights, write to hello@scooped.me. We’ll respond within 30 days and typically much faster.

If you believe we’ve mishandled your data, you can complain to the UAE Data Office. Information at https://u.ae/en/information-and-services/justice-safety-and-the-law/data-protection-laws.

Retention

• Subscriber email + engagement data: retained while you’re subscribed and for 12 months after you unsubscribe (so we don’t accidentally re-subscribe you).
• Email exchanges with hello@scooped.me: 24 months after the last reply.
• Server logs: per each provider’s standard policy, typically 30-90 days.
• Sponsorship contract data: for the duration of the relationship and 7 years after, to meet UAE commercial record-keeping obligations.

Children

Scooped is not directed at children under 18. If we discover we’ve collected data from someone under 18 without verifiable parental consent, we’ll delete it.

Changes to this policy

We’ll update this page when our practices change. Material changes will be communicated to active subscribers by email. The “Last updated” date at the top reflects the most recent revision.

Contact

Bugbear Labs FZE Business Centre, Sharjah Publishing City Free Zone Sharjah, United Arab Emirates hello@scooped.me

For privacy or data-rights requests specifically: hello@scooped.me (mark the subject “Privacy request” for faster routing).