Privacy Policy

Summary

Vurro runs on your device. It does not transmit your data to any Vurro-controlled server. The browser extension stores everything in your browser; the mobile app stores your Substack session and app data on your device. Nothing is sent to vurro.net.

Browser Extension

The Vurro browser extension runs entirely on your device. It does not send any data to external servers. All data — including bookmarks, watched users, and settings — is stored locally in your browser using the browser's built-in Storage API.

Vurro requests the following browser permissions:

• storage — to save your bookmarks, watched users, and extension settings locally in your browser.
• Host access to substack.com — to enhance the Substack chat interface with search, filtering, and bookmarking features. Vurro only activates on Substack chat pages.

Mobile App

The Vurro mobile app is a third-party Substack client. Like the browser extension, it runs entirely on your device and does not send any of your data to vurro.net or any Vurro-controlled server.

Signing in

You sign in to Substack inside an in-app web view by entering your credentials directly on substack.com — Vurro never sees your email, password, or 2FA code. After Substack authenticates you, the app captures your Substack session cookie from the web view and stores it on your device in the platform's secure keystore (Android Keystore / iOS Keychain). The web view is then closed.

Subsequent requests to Substack are made directly from your device using that stored cookie. Vurro does not proxy, log, or transmit any of your Substack activity to a third party.

What is stored on your device

• Your Substack session cookie (in the OS secure store)
• Your bookmarks, watched users, in-thread search history, and app settings (in the app's local storage)
• A short-lived cache of recently viewed threads and messages, to make navigation feel instant

All of the above stays on your device. Uninstalling the app removes it.

What is not collected

• No analytics SDKs
• No advertising identifiers
• No crash reporting that includes your data
• No tracking across apps or websites
• No transmission of your data to Vurro or any third party other than Substack itself

Notifications

If you enable notifications, the app polls Substack on your device on a schedule and decides locally whether to surface a notification based on your filter rules. The decision happens on-device; Vurro does not run a server that reads your messages.

A future Premium tier may use a minimal "wake-up" backend that sends empty push messages to remind your device to poll. Even in that model, your Substack credentials and message content never leave the device — only your device's push token is shared, which by itself contains no information about you or your activity.

Permissions

The app requests only the permissions needed for its features:

• Internet — to fetch chat content from Substack.
• Camera, photo library, or file access (only if you use the attachment-upload feature) — to select an image or video to send. The selected file is uploaded directly to Substack; Vurro never holds a copy.
• Notifications (if you opt in) — to surface filter-matched messages.

You can revoke any of these in your device's app settings without breaking the app's core functionality.

Deleting your data

All of your Vurro data lives on your own device. Vurro does not operate a server that stores your data, so there is no server-side data to retain or to delete on request — retention period: none.

You can delete the on-device data at any time by taking one or both of these steps:

1. Sign out from within the app. This clears the stored Substack session cookie from your device's secure keystore. You'll need to sign back in to Substack to use the app again.
2. Uninstall the app. This removes everything Vurro stored on your device — bookmarks, watched users, app settings, and the local message cache — along with the session cookie. After uninstall, nothing about your use of Vurro remains anywhere.

Website

This website (vurro.net) does not use cookies, analytics, tracking pixels, or any third-party services. No data is collected from visitors.

Third Parties

Vurro does not share your data with any third parties. The browser extension and mobile app communicate directly with Substack to fetch the content you're viewing — and only with Substack. No analytics, no advertising networks, no crash reporters that include your data.

Changes

If this policy changes, the updated version will be posted here with a new "last updated" date.

Contact

Questions or concerns? Open an issue at github.com/longcut/vurro-issues.