Privacy Policy

NewsTodayPH (“we”, “us”, “our”) is an operator-run publisher that posts a single 5-story digest to social platforms once per night, around 22:30 Philippine Time. The product runs autonomously: an AI pipeline summarizes public news articles from major Philippine publishers, and a small operator team supervises the editorial output. We have no public website that serves audience traffic and no end-user accounts.

• We do not operate a public-facing website that tracks visitors.
• We do not collect emails, phone numbers, or any personal information from the audience that views our posts.
• We do not use advertising trackers, third-party analytics, cookies, or fingerprinting on any audience-facing surface.
• We do not sell, share, or rent any personal data — ever.
• We do not read or store data about the users who view our TikTok, Threads, Instagram, or Facebook posts. The platforms surface engagement counts to us as a creator, but we do not retrieve or store any per-viewer identifiers.

Each NewsTodayPH post:

• Summarizes facts from public news articles published by major Philippine outlets (ABS-CBN, GMA News, Inquirer, Rappler, Philstar).
• Credits each source publisher by name — on the slide footer, the outro card, and in the caption.
• Is produced with AI assistance (rewrite, narration, ranking, categorization). This is disclosed in every account bio and on the caption of every post.
• Is reviewable by a human operator before publication, but posting is automated and scheduled.

• We summarize only what was already published by the source publisher.
• We do not independently investigate or identify individuals.
• We omit details that would unnecessarily identify private individuals (home addresses, workplace identifiers, family relationships not central to the story).
• We categorize stories for safety review before publication. Categories that carry libel or Data Privacy Act risk (named scandals, individual death notices, individual legal cases) can be gated off per environment.

Right to removal

If you are named in a NewsTodayPH post and wish to be removed:

1. Email newstodayph.hq@gmail.com with the post URL and your relationship to the content.
2. We will respond within 5 business days.
3. Where appropriate under RA 10173, we will remove or edit the post and update our pipeline to prevent recurrence.

TikTok (Content Posting API)

OAuth scopes we request:

• user.info.basic — read our own creator account’s open_id, display name, and avatar URL. Used to confirm which account our token authorizes.
• video.publish — post the nightly 9:16 narrated video to our own creator account via /v2/post/publish/video/init/.
• video.upload — upload a draft to our own creator account’s inbox. Held in scope for a future operator-review flow; the live nightly run uses direct-post only.

Data we receive from TikTok and store:

• The connected creator account’s opaque open_id (not the public TikTok username).
• Access token, refresh token, granted scopes, and token expiry timestamps.
• The publish_id and final publish status of each post we make.

Data we do not request or access:

• Viewer identifiers, demographic data, or per-viewer engagement.
• Our follower list, follower count, or any other audience information.
• Any data about TikTok users other than the one connected creator account.

Token storage and retention:

• TikTok access tokens are short-lived (~24 hours). Refresh tokens last ~365 days and are rotated when refreshed.
• Tokens are stored in our PostgreSQL database (operated by Railway), one row per platform in the OAuthToken table. The database is not publicly reachable; access is restricted to our operator team.
• Tokens are deleted when the connected creator revokes access via TikTok’s Privacy & Safety → Manage app permissions, or when we rotate the operator account.

Pending app review: until TikTok approves our application, every post is published with privacy_level=SELF_ONLY — visible only to the connected creator account.

Meta (Threads, Facebook, Instagram)

We use long-lived Meta Page / Threads access tokens scoped to our own Page and Threads account. We request only the permissions required to publish posts: threads_basic, threads_content_publish, pages_manage_posts, instagram_basic, instagram_content_publish. We do not request read access to follower data, page insights beyond aggregate counts, or any user-level identifiers.

The operator-facing admin dashboard at /admin requires Google OAuth sign-in. Operator email addresses and per-action audit logs (digest builds, render runs, publish attempts) are stored solely for operational security and troubleshooting. Operator data is never shared outside the operating team and is not analyzed for any purpose besides debugging.

• OpenAI — processes article text and editorial prompts for clustering, ranking, categorization, summarization, and narration scripting. No audience data is sent.
• ElevenLabs — converts the per-story narration script into synthesized speech for the TikTok / Reels video. Uses a commercially-licensed library voice (not a cloned voice and not a real person).
• Cloudflare R2 — stores generated carousel slides and MP4 video assets. No personal data is stored.
• Railway — hosts the nightly pipeline (BUILD / RENDER / PUBLISH crons) and the PostgreSQL database. Stores generated stories, render assets, publish logs, and operator audit logs only.
• Vercel — hosts this admin dashboard and the public legal pages.
• Meta & TikTok — receive published posts via official Content Publishing APIs.

• We do not operate, fine-tune, or train any AI model. We use third-party hosted models (OpenAI for text, ElevenLabs for speech) via their published API endpoints.
• We have not opted in to using API inputs or outputs for model training with any AI provider. Per OpenAI’s and ElevenLabs’s current API policies, data sent to their APIs is not used to train models by default.
• We do not transmit any audience data to AI providers, because we do not collect audience data in the first place.

NewsTodayPH respects the intellectual property rights of source publishers. Our rewriter operates under a code-level “copyright safeguard” that is enforced on every AI rewrite: extract facts only, never reproduce source phrasing, and omit any fact that cannot be restated. Copyright holders with takedown requests may contact us at newstodayph.hq@gmail.com. Takedown procedure and timing are documented in our Terms of Service.

NewsTodayPH complies with the Data Privacy Act of 2012 (RA 10173) of the Philippines, including its implementing rules and regulations issued by the National Privacy Commission (NPC). For privacy-related complaints, contact us at newstodayph.hq@gmail.com or file a complaint with the NPC at privacy.gov.ph.

This policy may be updated as the product evolves. The effective date at the top of the page reflects the most recent revision. Material changes — new data we collect, new third-party services, new platform integrations — will be announced on our social accounts before they take effect.