Substack vs Medium

Most disputes must be resolved through individual arbitration in San Francisco County, and users waive the ability to bring class or representative actions. This can make claims harder and more expensive to pursue.

You keep ownership of your posts, but Substack gets a royalty-free, perpetual, irrevocable, worldwide license to use and distribute them. That means rights you grant do not end just because you leave the platform.

Substack collects extensive information including payment data, device and IP data, location, social account info, subscription status, and direct message contents and metadata. This creates a fairly comprehensive profile of users.

Substack says it may collect information about your online activity after you leave its website, and it does not honor Do Not Track signals. Users who want minimal tracking may find this intrusive.

Substack says users may request access, correction, deletion, restriction, portability, and objection to some processing. It also commits to responding within one month, with limited extensions.

Substack can remove content or suspend accounts at its sole discretion, sometimes without notice. Users may have limited recourse if moderation or enforcement decisions affect their publication.

Deleting your account does not guarantee full removal of public posts or backup copies. Content may also remain visible if others copied or stored it.

When you subscribe to a publication, Substack shares your name and email with that creator, and creators govern their own downstream privacy practices. Your data protections may therefore vary by publication.

Substack direct messages are not end-to-end encrypted, and staff may access them for safety, support, or enforcement purposes. Recipients may also keep messages even if you delete them or your account.

Users can access, edit, or delete some profile information through account settings, and can delete their account from the account page. This gives users practical control without requiring manual support contact.

Substack says marketing messages are consent-based where required and can be unsubscribed from at any time. This limits unwanted promotional communications.

Substack says it will alert users to material changes to the privacy policy and terms by site notice, email, or other means. That is more transparent than silent updates.

Most disputes must go to individual binding arbitration, and you waive class actions unless you opt out within 30 days. This makes it harder to sue in court or join with other users over small-value claims.

If Medium harms you, its financial exposure is heavily limited. Most claims are capped at the greater of $50 or the amount you paid, which can leave users undercompensated.

Medium expressly says it does not sell personal information. That is a meaningful privacy protection compared with services that monetize user data through sale or sharing arrangements.

Users can access, correct, delete, and export account information through Settings. Self-service controls make it easier to leave the service or review what Medium holds about you.

You keep ownership of what you post, but you grant Medium a worldwide, sublicensable, royalty-free license to use and display it within the service. That is common for hosting platforms, but still gives Medium broad operational rights over your content.

Medium may remove content or suspend or terminate accounts at its discretion. For users who rely on the platform, that creates platform-dependence risk with limited recourse.

Medium tracks reading history, clicks, device data, and uses cookies plus third-party analytics to analyze behavior and target content to your interests. This means substantial behavioral monitoring beyond simple account operation.

For covered users, Medium says closed-account data will be deleted within 14 days. A specific deletion timeline is more user-friendly than an open-ended retention promise.

Medium says it will notify you about legal-process disclosures so you can challenge them, unless prohibited or safety concerns apply. It also says it will object to improper requests.

Your information may be processed in the United States and other countries where protections may differ from your home jurisdiction. This can reduce practical control or change the legal safeguards that apply.

Third-party embeds on Medium pages can send those companies information about your activity as if you visited them directly. Medium says it does not control what those third parties collect through embeds.