Privacy and Security

Protecting your account

Buttondown offers multi-factor authentication (often referred to as MFA) to protect your account against common threats such as phishing, brute force attacks, and password theft that may be made by malicious actors.

If you're not familiar with MFA, you can read this article to learn more about it. At a high level, it means adding an additional piece of evidence when logging in to prove who you say you are. (Ever had to type in a six-digit code sent to your phone after putting in your username and password? That's MFA!)

To register an authentication token and enroll your account in MFA, head over to the Security settings page.

You should see a table containing multi-factor authentication tokens:

A screenshot of the authentication tokens table.
A screenshot of the authentication tokens table.

Please note that at this time, Buttondown only supports third-party authenticator apps such as Google Authenticator and not physical security keys or SMS. (If you feel strongly about this, please feel free to email me.)

Why Buttondown requires Javascript on archive pages

No interesting reason, just technical debt! This is something I hope to improve in the future.

GDPR compliance

Buttondown is of course fully GDPR compliant.

You can read Buttondown's privacy policy here and its cookie policy here, but the tl;dr is that Buttondown does not collect any information about you other than what you explicitly provide to it. In addition:

  • All subscribers to your newsletter have the ability to unsubscribe at any time, and all unsubscribe requests are honored immediately.
  • All subscribers to your newsletter have the ability to request a copy of their data at any time, and all data requests are honored immediately.
  • All subscribers to your newsletter have the ability to request the deletion of their data at any time, and all deletion requests are honored immediately.
  • No data is ever shared with third parties, except for the purposes of sending your newsletter (e.g. Mailgun, Postmark, etc.).
  • No data is ever sold to third parties.
  • No data is ever used for advertising purposes.

If you're interested in a full data request, please email me.

Bug bounty

Sadly, Buttondown doesn't have the security budget to offer a bug bounty, but I would be deeply indebted to you for doing so! Please report any vulnerabilities to — I promise to respond promptly and provide a fix as soon as humanly possible.

Sincere kudos to the following individuals for reporting vulnerabilities:

  • John Bullecer
  • Vivek Modi
  • Filippo Valsorda
  • Iheanyi Ekechukwu
  • Beckett Normington

By default, link and click tracking is turned off on Buttondown.

If you'd like to enable these pieces of functionality, you can go to your newsletter settings page and scroll down to "Tracking & analytics":

A screenshot showing where on the settings page one can opt out.
A screenshot showing where on the settings page one can opt out.

Adult content policy

My default stance is to support all content so long as it is not harassing, damaging, or otherwise illegal.

However, paid newsletters are a bit of a different story. Buttondown uses Stripe to process payments; Stripe has some restrictions on adult content. Specifically, it prohibits:

Pornography and other obscene materials (including literature, imagery and other media) depicting nudity or explicitly sexual acts; sites offering any sexually-related services such as prostitution, escorts, pay-per view, adult live chat features; sexually oriented items (e.g., adult toys); adult video stores and sexually oriented massage parlors; gentleman's clubs, topless bars, and strip clubs; sexually oriented dating services

A couple notes on this:

  • I am not a lawyer, and I am not your lawyer. If you have questions about whether your content is allowed on Stripe, please consult a lawyer.
  • Our payment provider is the same as — at the time of this writing — every other major content provider platform (Ghost, Substack, Patreon, etc.)
  • Our interpretation and experience with Stripe is such that this restriction does not apply to nudity in the context of art, education, or other non-sexual contexts. (For example, a newsletter about the history of art that includes a nude painting would be fine, or a scene of a sexual nature in a non-erotic novel.) Additionally, linking to external content that is adult in nature is not prohibited so long as that link can be accessed without payment.

Does Buttondown offer stipends or financial assistance to writers?

No. In the event that I started such a practice, I would publish information about what heuristic I used as well as a full list of writers receiving such assistance.

But I will almost certainly never do this. It is a violation of Buttondown's core ethos, which is that Buttondown is a tool rather than an ecosystem — a piece of software, rather than a platform. It's important to me that people using Buttondown are, at the end of the day, writing newsletters, not Buttondowns.

WCAG compliance

Buttondown follows the compliance checklist as outlined by HHS.

If you have any other specific questions regarding Buttondown's accessibility, I'd be happy to answer — and if there are any specific accessibility gaps that you identify in Buttondown, please let me know! I'd be happy to prioritize a fix.