Privacy Policy

Effective: April 26, 2026

NewBook Privacy

NewBook (newbook.social) is operated by XCOR, LLC, a California limited liability company. This section describes how NewBook handles the personal information you provide or generate when using the app. For data processed through Gmail and Outlook connections, see the Serendipity Network Privacy Policy below.

What we collect

Account and profile. Your phone number is required to create an account (verified via SMS). You may optionally provide an email address, display name, bio, and profile photo. We store interests you add manually (topics and activities that shape your feed and search results).

Content you post. Posts (text, images, feelings/emoji, visibility tier), comments, stories (24-hour ephemeral), and direct messages are stored in our database. Images are stored on AWS S3. Stories are automatically deleted after 24 hours; other content persists until you delete it or your account is removed.

Social graph. Your connections, group memberships, roles, and notification preferences are stored to power the core features of the service.

Financial connection (optional). If you choose to link a bank account via Plaid, NewBook stores an encrypted Plaid access token (AES-256-GCM). We never receive or store your banking credentials. You can disconnect at any time from Settings.

How we use your data

  • Displaying your profile, posts, stories, and messages to authorized recipients
  • Personalizing your feed, search results, and relationship recommendations
  • Sending you notifications about activity on your content
  • Surfacing savings and swap offers if you connect a bank account via Plaid
  • Analyzing post sentiment (valence, arousal, affect tags) to improve feed ranking — see AI below

Third-party services NewBook uses directly

Stytch (authentication).Your phone number is sent to Stytch to deliver SMS one-time passcodes and manage your session. Stytch's privacy policy governs their handling of this data.

AWS S3 (image storage). Profile photos, post images, and story images are stored in an S3-compatible object store. Images are accessed only via signed URLs and are not publicly indexed.

Plaid (bank connection, optional).If you connect a bank account, Plaid manages the account-linking flow. NewBook stores only an encrypted access token. Plaid's privacy policy governs their handling of your financial data.

GNews API (news feed). Your interest topics are sent to GNews to fetch relevant news articles. Individual articles are cached for up to 4 hours in Redis and are not associated with your identity outside NewBook.

OpenAI / OpenRouter (AI sentiment analysis). The text of posts you create is sent to an AI model to extract sentiment signals (emotional valence, arousal, and affect tags). This analysis happens at post time. The provider does not train on this data and discards it after processing. We do not send messages, stories, or any financial data to AI providers.

Gmail and Outlook connections

If you connect your Gmail or Outlook account to discover existing relationships, that connection is handled entirely by the Serendipity Network (ConnectionFinder), operated by XCOR, LLC. NewBook never receives your raw email content — only derived relationship signals (who you interact with and how often). Full details are in the Serendipity Network Privacy Policy below.

Cookies and sessions

NewBook uses HTTP-only cookies to maintain your session: a Stytch session cookie for authentication and a platform session token for internal service calls. No third-party advertising or tracking cookies are set.

Data retention and deletion

Your data is retained for as long as your account is active. When you delete your account:

  • Your profile, posts, stories, images, and group memberships are queued for deletion
  • Deletion is completed within 30 days
  • Plaid access tokens are revoked immediately
  • Gmail/Outlook tokens are revoked immediately (handled by ConnectionFinder)
  • Message content may be anonymized rather than deleted where it appears in other users' conversations

To request early deletion of specific data, contact lance@xcor-cto.com.

Your rights

  • Access or export the data NewBook holds about you
  • Correct your profile information at any time from Settings
  • Delete your account and associated content
  • Disconnect your bank account or email integration at any time
  • Opt out of AI sentiment analysis — contact us and we will disable it for your account

Security

All data is encrypted in transit using TLS. Sensitive data at rest (Plaid tokens) is encrypted using AES-256-GCM. Images are stored with access controls; direct URLs are signed and time-limited. Session tokens are stored in HTTP-only cookies.

Contact

For privacy questions or data requests: lance@xcor-cto.com

Serendipity Network Privacy Policy

The following policy governs data processed by the Serendipity Network (ConnectionFinder), including Gmail and Outlook connection features available within NewBook.

Last updated: April 21, 2026

Overview

ConnectionFinder provides a secure connection layer that allows users to link their Google account to applications that use our service. This policy describes what data we collect, how we use it, and your rights.

Who operates ConnectionFinder

ConnectionFinder is operated by XCOR, LLC, a California limited liability company. When you connect your Google account through ConnectionFinder, you are authorizing XCOR, LLC to process your data solely for the purposes described in this policy.

Today, ConnectionFinder is the only product where you interact with the data we process from your Google account — you can view your signals, manage connections, and delete your data at connectionfinder.net/connected.

XCOR, LLC may in the future introduce additional products that use derived signals generated from the data you authorize through ConnectionFinder. Before any additional product receives your signals, we will (1) update this privacy policy to name that product, (2) notify existing users, and (3) give you the option to opt out before any data is shared. Products operated by entities other than XCOR, LLC are not part of ConnectionFinder and cannot receive your data through this service.

What data we collect

When you connect your Google or Microsoft account through ConnectionFinder, we may access the categories of data you authorize. Depending on the app and the scopes it requests, this may include:

  • Gmail or Outlook messages and metadata
  • Google or Outlook Contacts data
  • Google or Outlook Calendar data
  • Sending email on your behalf — used only when you explicitly invite a specific contact from an application built on ConnectionFinder. We never send email without your direct, per-recipient action. We never send bulk or automated email.

We also collect basic account information (such as your email address) to associate your connection with your user account.

Separately, ConnectionFinder may store access-restricted third-party identity records that are used only to improve recommendations in applications that you choose to use. These records consist of one-way cryptographic hashes of identifiers (such as email addresses and phone numbers) and are compared locally against your account at signup.

How we use your data

We use this data only to provide and improve user-facing features in the apps that you choose to use, such as:

  • Relationship discovery — finding people you already know
  • Contact matching and enrichment
  • Personalized product functionality
  • Recommendations based on your network

Third-party identity enrichment

Status: Not currently active. The description below is provided for transparency about planned functionality. We will update this policy before this feature is activated and before any enrichment data provider is engaged.

ConnectionFinder is designed as the centralized boundary for third-party data processing for XCOR, LLC. In addition to OAuth-based connections, we plan to maintain an access-restricted dataset of pre-ingested identity records licensed from third-party data providers. When you sign up to any XCOR, LLC-operated application, we may check whether your hashed email address or phone number matches a record in this dataset.

At signup, we compute a one-way cryptographic hash of your email or phone number and compare it against the dataset inside ConnectionFinder. If there is a match, we pass a third-party entity identifier to the Serendipity Engine to improve recommendations. If there is no match, nothing is retained.

We will not share your raw identifiers with any third party, use this process for advertising or cold outreach, use Google API data as an input to enrichment, or sell your personal information.

Opt-out. Email lance@xcor-cto.com with subject "Opt out of enrichment" and any enrichment records will be deleted within 30 days. Opting out does not affect your ability to use any XCOR, LLC application.

Google User Data

ConnectionFinder's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What ConnectionFinder never does with your Google data:

  • We do not sell your Google user data.
  • We do not transfer your Google user data, or any signal derived from it, to advertisers, data brokers, or any entity outside XCOR, LLC.
  • We do not use your Google user data, or any signal derived from it, to train, develop, or improve general-purpose artificial intelligence or machine learning models.
  • We do not use your Google user data for advertising, ad targeting, or ad measurement.
  • We do not allow humans to read your Gmail content except: (a) with your affirmative prior consent for specific messages, (b) when necessary for security purposes or to investigate abuse, (c) to comply with applicable law, or (d) for limited internal operations where the data has been aggregated and anonymized and cannot be associated with an individually identifiable user.
  • We do not use your Google user data for any purpose other than to provide and improve user-facing features that are visible and prominent in ConnectionFinder's user interface.

Information derived from Google APIs. Information we generate or derive from Gmail, Contacts, or Calendar data — including aggregated statistics, relationship scores, quality dimensions, and anonymized signals — is treated as Google user data and is governed by the same Limited Use commitments above. Aggregation or anonymization does not change how we handle this information.

Per-scope use:

  • gmail.readonly — read message bodies, headers, and attachment metadata to score relationship strength (who you interact with, how often, on what topics). Bodies are processed in memory, retained in encrypted form for at most 30 days for signal extraction, then deleted. Bodies are never transmitted outside ConnectionFinder.
  • gmail.metadata — when a user opts for headers-only, we read sender, recipient, subject, and date to compute interaction frequency without ever accessing bodies.
  • gmail.send — send invitation emails you explicitly initiate from an app built on ConnectionFinder. Never used for bulk, automated, marketing, or system-initiated email. Every send requires a user action and a specific recipient.
  • calendar.readonly — read event titles, times, and attendees to identify co-attendance as a relationship signal.
  • contacts.readonly — read contact names, emails, phones, and notes to disambiguate and enrich contact records across services.

Data sharing

We do not share your data with third parties except:

  • With the specific app you authorized to receive the data
  • With the sub-processors listed below, who process data on our behalf to power features you use
  • When required by law or legal process
  • To protect the security of our service or investigate abuse

Sub-processors

We use the following third-party vendors to process your data:

  • Anthropic (Claude) — LLM-based analysis of your email content to power relationship and signal extraction features. Email content is redacted to remove obvious personal identifiers (phone numbers, payment numbers, addresses) before transmission. Anthropic does not train on this data and discards it within 30 days.
  • Railway — Compute and infrastructure hosting. Encrypted-at-rest storage only.
  • MongoDB Atlas — Primary database. All sensitive content is application-level encrypted with AES-256-GCM before being written.

The complete and current sub-processor list is maintained in our compliance docs. We will update this policy before engaging any additional sub-processor that will process Google user data or data derived from it.

Data retention and deletion

We retain your data for as long as your account connection is active. When you disconnect your account or request deletion:

  • Your OAuth tokens are revoked immediately at Google (and Microsoft, where applicable)
  • Your stored data is queued for erasure
  • Erasure is completed within 30 days

Your rights

You have the right to:

  • Disconnect your account at any time from the app where you connected it
  • Request a copy of the data we hold about you
  • Request deletion of your data
  • Revoke access via your Google Account permissions

Security

All data is encrypted in transit using TLS. OAuth tokens and sensitive content are encrypted at rest using AES-256-GCM with versioned key rotation. Access to user data is restricted to automated systems; human access requires explicit authorization and is logged.

Contact

For privacy-related questions or data requests, contact us at lance@xcor-cto.com.

© 2026 XCOR, LLC