惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Microsoft Azure Blog
Microsoft Azure Blog
Cloudbric
Cloudbric
I
InfoQ
V
V2EX
博客园_首页
The Register - Security
The Register - Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
S
Secure Thoughts
Vercel News
Vercel News
Forbes - Security
Forbes - Security
云风的 BLOG
云风的 BLOG
PCI Perspectives
PCI Perspectives
L
LINUX DO - 最新话题
D
DataBreaches.Net
H
Hacker News: Front Page
Application and Cybersecurity Blog
Application and Cybersecurity Blog
B
Blog RSS Feed
A
About on SuperTechFans
N
News and Events Feed by Topic
Apple Machine Learning Research
Apple Machine Learning Research
Help Net Security
Help Net Security
Attack and Defense Labs
Attack and Defense Labs
N
Netflix TechBlog - Medium
Spread Privacy
Spread Privacy
F
Full Disclosure
Recorded Future
Recorded Future
AWS News Blog
AWS News Blog
博客园 - 【当耐特】
The Cloudflare Blog
T
Threatpost
T
Tor Project blog
Google DeepMind News
Google DeepMind News
C
CXSECURITY Database RSS Feed - CXSecurity.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Recent Announcements
Recent Announcements
M
MIT News - Artificial intelligence
A
Arctic Wolf
C
Check Point Blog
Stack Overflow Blog
Stack Overflow Blog
T
Threat Research - Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
Hacker News - Newest:
Hacker News - Newest: "LLM"
WordPress大学
WordPress大学
Cyberwarzone
Cyberwarzone
小众软件
小众软件
C
Cyber Attacks, Cyber Crime and Cyber Security
P
Proofpoint News Feed
Security Latest
Security Latest
The Last Watchdog
The Last Watchdog

Buttondown's blog

Email could have been X.400 times better The physicists who convinced Fermilab to send Brazil's emails Better in-app previews Analytics 3.0 Subscriber ID variables Comments! Send latest premium action Automation filtering Free API subscribers Surveys in automations Reply to replies Labels for RSS feeds How Jeremy Singer-Vine curates curious datasets for readers 2023 (and what's next) Email vs web content Sort by engagement Better gift subscriptions How Andy Dehnart built a career reviewing television New email template Email-based automations Opt-in reply tracking Automatic alt text More social network integrations Sort by metadata Overlarge image warnings Automation tag actions Pause emails mid-flight Search tags and automations Gift via automations Subscriber-driving emails Programmatic webhooks Email page views Tag statistics Discord webhook formatting Automatic subscriber cleanup RSS subscriber count Weekly subscriber reports More list columns Customizable list views How Max Voltar turned a side gig into a trusted keyboard resource How Nick Disabato runs two newsletters from one design consultancy Made-for-you share images Automation improvements End-of-email surveys Filter by date Survey-triggered automations More automation functionality New webhooks How France Insider built a news service with paid subscribers Email as primary key How John Willshire unites two businesses in one newsletter Confirmation reminders Email churned subscribers Email-to-draft Subscriber metadata columns ChatGPT integration Faster web archives Referral program Better search results TikTok embeds Subscriber timeline Spotify embeds Improved RSS-to-email Subscribe page OG image New analytics page Google Tag Manager Even more subscriber types Integrating Duda with Buttondown Linktree integration guide Advanced and enterprise plans Framer integration guide API requests page Team collaboration In-email surveys Better CSS settings Better RSS automation fetching! Editor toolbar improvements Smart filters Faster emails page RSS automations Faster email analytics Zapier error codes Image accessibility checks Tags vs newsletters OG image picker Image editor improvements API bulk actions Improved OpenAPI spec Mastodon support Better subscriber filtering Better subscriber validation Hotkey support! Programmatic access to analytics Stronger bulk actions Faster archive page Custom canonical URLs Email slug and metadata Improved writing interface Generating a Typescript router in Django Filter emails by source
A spring cleaning for our legal docs
Justin Duke · 2026-03-16 · via Buttondown's blog

tl;dr

None of the below changes reflect any shift in our stance on anything: we just clarified some outdated legalese, removed incorrect info (such as boilerplate copy about "sharing with third-party advertising companies", which we've never done), and pulled out our subprocessors into a formal table.

We just pushed a round of updates to our legal pages — partly prompted by good feedback from a customer working through GDPR compliance on their end, and partly because some of these docs were overdue for a refresh. Here's what changed:

Data processing agreement

Our DPA now includes:

  • A processing details annex (Annex 1), spelling out the subject matter, duration, types of personal data, and categories of data subjects — everything Article 28(3) of the GDPR asks for.
  • A reference to our sub-processor list in Section 5, so you have a stable URL to point to in your records.
  • A GDPR precedence clause in Section 12, clarifying that EU, UK, and Swiss data protection law takes priority over US governing law where there's a conflict.
  • An updated international transfers section (Section 8) that honestly acknowledges data is processed in the US and references Standard Contractual Clauses as the transfer mechanism.

Privacy policy

The privacy policy hadn't been updated since October 2019 — long overdue. The main changes:

  • Removed a reference to third-party advertising companies that was carried over from a template we used years ago. Buttondown has never shared subscriber data with ad networks, and the old language contradicted what we say on our GDPR compliance page. It's gone now.
  • Updated contact information from a personal email to support@buttondown.com across the board.
  • Fixed a broken anchor link and a heading formatting inconsistency.

Sub-processor list

We added two missing entries to our sub-processor list: Stripe (payment processing) and Seline (privacy-focused analytics, which replaced Vercel Analytics earlier this year).

GDPR compliance page

The GDPR page previously said data was only shared "for the purposes of sending your newsletter" — but sub-processors like AWS, Cloudflare, and Sentry aren't really about newsletter delivery. We updated the language to "providing the service" and linked directly to the sub-processor list and DPA.

Cookie policy

We also published a new cookie policy that documents every cookie Buttondown sets, organized by category: essential, functional, and analytics. No third-party advertising cookies, no surprises.

If you're working through your own GDPR compliance and something's missing or unclear, let us know — this latest round of updates came directly from a customer asking good questions.