Privacy Policy
Last updated: May 9, 2026
1. What we collect
The Yiddish List collects two categories of data: (a) customer account data — name, business details, billing email, payment information processed by Stripe; and (b) subscriber audience data — email addresses (encrypted at rest), engagement events (opens, clicks, unsubscribes) used to maintain list hygiene.
2. How subscriber data is protected
Subscriber email addresses are encrypted with PGP symmetric encryption and are never exposed to customers, contractors, or third parties. Customers receive only aggregated analytics (counts, percentages) — never personally identifiable data.
3. Unsubscribe & CAN-SPAM
Every campaign includes a one-click unsubscribe link. Unsubscribes are honored permanently across all customers within 24 hours, in compliance with CAN-SPAM and applicable equivalents (GDPR, CASL).
4. Data retention
Customer accounts and transaction records are retained for 7 years for tax and audit purposes. Subscriber engagement events older than 24 months are aggregated and the per-event records purged.
5. Contact
Privacy requests: privacy@theyiddishlist.com