Privacy Policy

Last updated: May 21, 2025

1. Overview

Bookstack ("we", "us", "our") is a personal reading tracker app. This Privacy Policy explains what data we collect, how we use it, and your rights. We are committed to keeping your data private and secure.

2. Data We Collect

  • Account data: email address and password hash (if registered with email), or your Google account email (if using Google Sign-In).
  • Reading data: books you add, including title, author, reading status, progress, ratings, and personal comments.
  • Settings: language preference, annual reading goal, notification preferences.
  • Usage data: anonymised interaction events (e.g. views opened, searches performed) used only for improving the service. This data is never sold or shared with third parties.

3. How We Use Your Data

  • To provide and maintain the Bookstack service.
  • To authenticate your account securely.
  • To display your reading library and statistics.
  • To generate AI-powered book recommendations and metadata (via Google Gemini API — only your search query is sent, never your personal data).
  • To send optional email digests if you opt in.

4. Third-Party Services

  • Supabase: our database and authentication provider. Data is stored in EU-based servers.
  • Google Sign-In: used for optional OAuth authentication. We only receive your email address.
  • Google Gemini API: used for AI book search and chat. Only your search queries are sent — no personal or reading data.
  • Resend: used to send transactional and recap emails if you opt in.
  • Vercel: our hosting provider. Processes requests to serve the app.

5. Data Retention

Your data is retained as long as your account is active. You can request deletion of your account and all associated data at any time by contacting us.

6. Your Rights

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and data.
  • Opt out of email communications at any time.

7. Security

Passwords are stored as bcrypt hashes and never in plain text. All communications are encrypted via HTTPS. We do not share your personal data with third parties for marketing purposes.

8. Children

Bookstack is not directed at children under 13. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page.

10. Contact

For any privacy-related questions or data deletion requests, contact us at: privacy@bookstack.ink