Terms & Privacy

Last updated: 21 May 2026  ·  Version 1.0

1. What misty. is

misty. is a personal news reader. You pick topics, we fetch articles from public RSS feeds, you read them in a clean interface. That is the whole product.

misty. is operated by a private individual based in Norway and hosted on servers in Norway operated by Dedia AS. misty. is not a company and is not operated for profit.

2. Your account

To use misty. you create an account with a username and three words as your password. We do not ask for your name, email address, phone number, or any other personal information.

Your username is chosen by you and does not need to be your real name. It is not published anywhere or visible to other users.

There is no account recovery. If you forget your three words, your account cannot be retrieved. You can simply create a new account.

3. What data we store

When you create an account, we store the following on our server in Norway:

• Your chosen username
• Your passphrase — stored as a one-way hash (we cannot read it)
• The tags you follow
• Any custom RSS feed URLs you add
• The date and time of your last login

We do not sell, share, rent, or transfer your data to any third party for any purpose.

4. How we use your data

The only purposes for which we use your data are:

• To log you into your account
• To show you news articles matching your chosen tags and RSS feeds
• To automatically delete your account after 60 days of inactivity (see section 6)

We do not analyse your reading behaviour, build profiles, serve ads, or use your data for any purpose beyond what is listed above.

5. Cookies

misty. uses a single session cookie called misty_session. This cookie is strictly necessary to keep you logged in. It contains no personal information and is deleted when you log out or after 30 days of not visiting. Your account itself remains active until 60 days of inactivity, after which it is permanently deleted (see section 6).

We do not use advertising cookies, tracking cookies, analytics cookies, or any other non-essential cookies. You will not see a cookie banner on misty. because we have nothing to ask your consent for beyond the session cookie, which is required for the service to function.

6. Data retention and automatic deletion

Accounts that have not been logged into for 60 consecutive days are automatically and permanently deleted, along with all associated data (tags, RSS feeds, passphrase hash).

You will not receive a warning before deletion because we do not hold your email address. The 60-day window is generous — if you have not read the news in two months, your account will be quietly removed.

You can also delete your account at any time from the settings page. Deletion is immediate and permanent.

7. Where your data is stored

All data is stored exclusively on servers in Norway operated by Dedia AS. Norway is a member of the European Economic Area (EEA) and subject to the same data protection rules as EU member states under the GDPR.

No data is transferred to servers outside Norway or the EEA.

8. Your rights under GDPR

As a user of misty. you have the following rights under the General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (Personopplysningsloven):

• Right of access — you can ask us what data we hold about you
• Right to deletion — you can delete your account and all data at any time from settings, or by emailing us
• Right to portability — you can ask us for a copy of your data at any time
• Right to correction — if any data we hold is incorrect, you can ask us to correct it
• Right to object — you can object to how we process your data

To exercise any of these rights, email hi@misty.no. We will respond within 30 days.

If you believe we are handling your data in a way that violates GDPR, you have the right to lodge a complaint with the Norwegian Data Protection Authority:

9. RSS feeds and third-party content

misty. displays articles from public RSS feeds published by third-party news sources. We do not control, endorse, or take responsibility for the content of those articles. When you click "open original article" you leave misty. and are subject to the terms and privacy policy of that third-party website.

When misty. fetches an RSS feed, the request is made from our server in Norway. The RSS source may log our server's IP address as part of their normal server logging. We have no control over this.

10. Security

We take reasonable steps to protect your data. All connections to misty. are encrypted via HTTPS. Passphrases are hashed using bcrypt and cannot be reversed. The database is stored outside the public web directory and is not accessible via the internet.

However, no system is perfectly secure. misty. holds almost no personal data, so the impact of any breach would be minimal. There is no payment information, no email addresses, and no real identities stored on our servers.

11. Children

misty. is not directed at children under the age of 13. If you are under 13, please do not create an account.

12. Changes to these terms

If we make material changes to these terms, we will update the date at the top of this page. Since we do not hold email addresses, we cannot notify you directly. We recommend checking this page occasionally.

Continued use of misty. after changes are posted constitutes acceptance of the updated terms.

13. Disclaimer

misty. is provided as-is, without warranty of any kind. We make no guarantees about uptime, availability, or the accuracy of third-party news content. As a free hobby project, misty. may be modified, paused, or shut down at any time.

14. Contact

For any questions about these terms or your data, contact us at hi@misty.no. We are a one-person operation and will do our best to respond promptly.

---