Substack has become one of the most popular platforms for independent newsletters and long-form writing. But its convenience for readers and writers comes with significant privacy trade-offs. In a recent privacy audit, Substack scored just 40 out of 100 -- a grade D -- due to extensive data collection, activity tracking, and data sharing with advertising and analytics partners. Here is how to protect your privacy on Substack in 2026.
What Data Substack Collects About You
Whether you are a subscriber reading newsletters or a writer publishing content, Substack collects a substantial amount of data about your activity on the platform:
- Account information: Your name, email address, payment details, and any profile data you provide during registration
- Activity tracking: Which newsletters you open, which links you click, how long you spend reading, and your browsing patterns across the platform
- Device and connection data: Your IP address, browser type, operating system, device identifiers, and approximate location
- Subscription and payment history: Records of every newsletter you subscribe to, including paid subscriptions and transaction details
- Content you create: Posts, comments, notes, and any other content you publish or interact with
Substack does not honor Do Not Track browser signals, meaning your browser's privacy preferences are effectively ignored. The platform also shares data with advertising partners and analytics providers, expanding the reach of your personal information beyond Substack itself.
Your Subscriber Data Fuels Network Recommendations
Substack uses subscriber activity and subscription lists to power its recommendation engine. When you subscribe to a newsletter, that data may be used to recommend other publications to you -- and to recommend the newsletter you subscribed to other readers. This means your reading habits are not just tracked for analytics but actively used to shape the experience of other users, creating a web of connections that can reveal your interests and identity.
Essential Privacy Settings to Adjust
Log in to your Substack account and navigate to your account settings to make the following changes:
Profile Visibility
- Review your display name: Your Substack profile is publicly visible. If you do not want your real name associated with your subscriptions or activity, change your display name to something that does not identify you.
- Minimize your bio: Remove any personal details such as your location, employer, or links to other social media accounts. Every detail you add makes it easier to connect your Substack presence to your real identity.
- Profile photo: Consider using a generic avatar instead of a personal photo, especially if you want to keep your reading habits private.
Email and Notification Settings
- Digest emails: Review and adjust how frequently Substack sends you digest emails. Each email interaction is tracked, so reducing email frequency limits the data points Substack collects about your engagement.
- Recommendation emails: Turn off recommendation emails to reduce the amount of behavioral data generated by your interactions with Substack's suggestion engine.
- Activity notifications: Disable notifications for likes, comments, and new subscriber milestones if you are a writer. These features encourage engagement but also generate trackable activity.
Recommendation Sharing
- Recommendation network participation: Writers can control whether their publication participates in Substack's recommendation network. If you run a newsletter and want to protect your subscribers' privacy, review your recommendation settings carefully. Participating means Substack may surface your subscribers' activity to fuel cross-publication suggestions.
- Subscriber list visibility: As a writer, be aware that your subscriber count is often visible. While individual subscriber identities are not publicly listed, the network effects of the recommendation system can indirectly expose subscriber interests.
Use a Pseudonym for Writing and Subscribing
Substack does not require you to use your legal name. If privacy is a priority, create your account under a pseudonym. This applies whether you are subscribing to newsletters or publishing your own. A pseudonymous account limits the ability of other users, data brokers, and search engines to connect your Substack activity to your real-world identity.
If you already have an account under your real name, you can update your display name in your profile settings. Keep in mind that past activity may still be associated with your previous name in cached pages.
Use Email Aliases When Subscribing
Every newsletter you subscribe to receives your email address. Over time, subscribing to dozens of newsletters means your email is shared with dozens of independent writers and their associated mailing infrastructure. If any of those accounts are compromised or the writer shares their subscriber list, your email is exposed.
To limit this risk, use an email alias service when subscribing to Substack newsletters. Services like Apple's Hide My Email, Firefox Relay, or SimpleLogin generate unique forwarding addresses for each subscription. If one alias is compromised or starts receiving spam, you can disable it without affecting your other subscriptions or your primary email address.
Check What Data Substack Has on You
You can request a copy of your data from Substack to see exactly what information the platform has collected. Go to your account settings and look for the data export or data request option. Reviewing this data can be eye-opening -- you may find detailed records of every email you opened, every link you clicked, and every interaction you had on the platform. Understanding what Substack knows about you is the first step toward taking control of your privacy.
Skip the manual opt-outs
One opt-out won't stop them — brokers relist your data. PrivacyOn removes your info from 100+ sites and keeps it removed.
Start your free scanLimit Data Sharing Through Account Settings
Substack's default settings favor engagement and data collection. Take time to review every option in your account settings and disable features you do not actively need:
- Third-party tracking: While Substack does not offer granular controls over all analytics partners, you can use browser-level tools to block trackers. Install a privacy-focused browser extension like uBlock Origin or Privacy Badger to prevent third-party scripts from loading on Substack pages.
- Connected accounts: If you have linked your Substack account to Twitter/X or other social media platforms, disconnect those integrations. Connected accounts create data bridges that allow cross-platform tracking.
- Payment privacy: For paid subscriptions, consider using a virtual credit card number to prevent your real financial details from being stored across multiple writers' Stripe-connected accounts.
CCPA Rights for California Users
If you are a California resident, the California Consumer Privacy Act gives you specific rights regarding your personal data on Substack:
- Right to know: You can request that Substack disclose what personal information it has collected about you, the sources of that information, and who it has been shared with.
- Right to delete: You can request that Substack delete the personal information it has collected from you.
- Right to opt out of sale: You can direct Substack not to sell your personal information to third parties.
- Right to non-discrimination: Substack cannot penalize you for exercising your CCPA rights.
To exercise these rights, look for the privacy or data rights section in Substack's settings or contact their support team directly.
Managing Subscriptions and Email Exposure
Over time, it is easy to accumulate subscriptions to newsletters you no longer read. Each active subscription maintains a data relationship between you and that publication. Periodically audit your subscriptions and unsubscribe from newsletters you no longer follow. This reduces the number of parties who have access to your email address and limits ongoing data collection tied to your account.
When unsubscribing, keep in mind that the writer may still retain your email address in their records or in a third-party email platform. Unsubscribing stops future emails but does not guarantee deletion of your data from the writer's systems.
How to Delete Your Substack Account
If you decide that Substack's privacy practices are not acceptable, you can delete your account entirely:
- Log in to your Substack account
- Go to Settings from your account menu
- Scroll to the bottom and look for the Delete account option
- Follow the prompts to confirm deletion
Before deleting, export any content or data you want to keep. Account deletion removes your profile and content from Substack, but cached versions may persist in search engines and web archives. Individual writers may also retain subscriber data they previously exported.
Protect Your Privacy Beyond Substack
Adjusting Substack's settings is an important step, but your privacy extends well beyond any single platform. Data brokers and people-search websites aggregate information from hundreds of sources -- including email addresses, subscription histories, and public profiles -- to build detailed dossiers that anyone can access.
PrivacyOn continuously monitors and removes your personal information from over 200 data broker and people-search sites, closing the gaps that platform settings alone cannot address. Combined with dark web monitoring that alerts you when your email or credentials appear in a breach, PrivacyOn helps ensure that the information you share on platforms like Substack does not become a permanent part of your searchable public record. When your email address and personal details are not sitting in broker databases, the data Substack and its partners collect becomes far less useful to anyone trying to profile you.