Substack vs Medium

Most disputes must be resolved through individual arbitration in San Francisco County, and you waive class or representative actions. This makes collective claims and court litigation harder for users.

You keep ownership of your posts, but Substack gets a royalty-free, perpetual, irrevocable, worldwide license to use and distribute them. That license can continue even after you stop using the service.

If something goes wrong, Substack broadly disclaims warranties and caps most liability at the greater of $100 or what you paid in the prior 12 months. Users may have very limited practical recourse for losses.

Substack can suspend or terminate your account for any reason at its discretion, sometimes without notice. Public posts may also remain available after account deletion.

Substack shares personal information with affiliates, creators, service providers, integrated third parties, buyers in a business transfer, and authorities when required. Creator interactions may also be governed by the creator’s own privacy practices rather than Substack’s.

Substack says it may collect information about your online activity after you leave its site, and it does not honor Do Not Track signals. Users who want minimal tracking do not get that by default.

Substack states that users may request access, correction, deletion, restriction, portability, and objection, and says it will respond within one month. These are meaningful user controls, especially for EEA/UK-style privacy rights.

You may have to cover Substack’s costs, damages, and attorneys’ fees for third-party claims tied to your use of the platform or violations of the terms. This can shift substantial legal risk onto users.

Direct messages are not end-to-end encrypted, and Substack personnel may access them for support, safety, or enforcement. Users should not treat Substack DMs as a secure messaging channel.

You can edit some profile data and delete your account from account settings without needing to contact support. This is a practical and user-friendly control, even though some public content may persist.

Substack expressly says original content you post remains yours. That is better than terms that claim ownership outright, even though the platform still takes a very broad license.

Substack says marketing emails are based on consent where required and can be unsubscribed from at any time. This is a basic but useful control over promotional communications.

Most disputes must be handled through individual arbitration in California, and class or representative actions are waived. That can make it harder and more expensive to bring a claim, especially for small harms.

Any dispute must be filed within one year of when the claim arose, or it is permanently barred. This is much shorter than many users would expect and can cut off claims if you wait too long.

You keep ownership of your posts, but Medium receives a worldwide, royalty-free, sublicensable license to use and adapt them across its services. Practically, this allows Medium to reuse your content in ways you might not expect, though it says the license is limited to its services.

Medium collects account details, your posts, reading history, device identifiers, IP address, and activity data, and it also uses cookies and web beacons. This creates a fairly detailed profile of how you read and interact with the platform.

Medium may stop offering the service or features, limit storage and distribution, and suspend or terminate accounts with or without notice. Users therefore have limited assurance that access or published content will remain available indefinitely.

Medium states it does not sell your personal information, which is a meaningful privacy benefit compared with services that monetize user data that way. It also says California users can opt out if that ever changes in the future.

You can access, correct, delete, and export your account information from Settings. That gives users a practical way to retrieve their data and start closing an account without having to file a separate legal request.

Medium shares personal information with vendors, service providers, and other users, and says those vendors may scan and review your content, messages, AI interactions, and metadata. That means your material may be exposed beyond Medium itself for processing.

If you interact with embedded third-party content, the third party can collect information directly from that interaction. Medium says it does not control that collection, so off-site tools like videos or embeds can create separate privacy exposure.

Medium explicitly describes GDPR-style rights for EEA, UK, and Swiss users, including access, erasure, objection, restriction, and complaint rights. It also names how to contact a regulator if issues are unresolved.

For EEA users, Medium says account data is deleted within 14 days after account closure, which is relatively clear. Other data may still be kept longer for legal or business reasons, so deletion is not total.