Privacy and security

Why Buttondown requires Javascript on archive pages

No interesting reason, just technical debt! This is something I hope to improve in the future.

GDPR compliance

Buttondown is of course fully GDPR compliant. You can read Buttondown's privacy policy here and its cookie policy here.

If you're interested in a full data request, please email me.

Bug bounty

Sadly, Buttondown doesn't have the security budget to offer a bug bounty, but I would be deeply indebted to you for doing so! Please report any vulnerabilities to — I promise to respond promptly and provide a fix as soon as humanly possible.

Sincere kudos to the following individuals for reporting vulnerabilities:

  • John Bullecer
  • Vivek Modi
  • Filippo Valsorda
  • Iheanyi Ekechukwu
  • Beckett Normington

By default, link and click tracking is turned off on Buttondown.

If you'd like to enable these pieces of functionality, you can go to your newsletter settings page and scroll down to "Tracking & analytics":

A screenshot showing where on the settings page one can opt out.
A screenshot showing where on the settings page one can opt out.

Adult content policy

My default stance is to support all content so long as it is not harassing, damaging, or otherwise illegal.

However, paid newsletters are a bit of a different story. Buttondown uses Stripe to process payments; Stripe has some restrictions on adult content. Specifically, it prohibits:

Pornography and other obscene materials (including literature, imagery and other media) depicting nudity or explicitly sexual acts; sites offering any sexually-related services such as prostitution, escorts, pay-per view, adult live chat features; sexually oriented items (e.g., adult toys); adult video stores and sexually oriented massage parlors; gentleman's clubs, topless bars, and strip clubs; sexually oriented dating services

Unfortunately, that means things are out of my hands: if you want to send adult content over Buttondown you cannot use its paid subscriptions functionality.

Financial assistance to writers

No. In the event that I started such a practice, I would publish information about what heuristic I used as well as a full list of writers receiving such assistance.

But I will almost certainly never do this. It is a violation of Buttondown's core ethos, which is that Buttondown is a tool rather than an ecosystem — a piece of software, rather than a platform. It's important to me that people using Buttondown are, at the end of the day, writing newsletters, not Buttondowns.

WCAG compliance

Buttondown follows the compliance checklist as outlined by HHS.

If you have any other specific questions regarding Buttondown's accessibility, I'd be happy to answer — and if there are any specific accessibility gaps that you identify in Buttondown, please let me know! I'd be happy to prioritize a fix.