Privacy Policy

1. Information We Collect

1.1 Information You Provide

We collect information you directly provide when you:

• Create an account: Name, email address, password
• Use the service: Book data, ratings, reviews, notes, reading goals
• Contact us: Support inquiries, feedback
• Subscribe: Payment information (processed securely by Stripe)

1.2 Automatically Collected Information

When you use our service, we automatically collect:

• Usage data: Pages visited, features used, time spent
• Device information: Browser type, operating system, IP address
• Log data: Access times, error logs, performance data

1.3 Third-Party Information

We receive book metadata from:

• OpenLibrary: Book titles, authors, covers, descriptions
• Stripe: Payment processing and subscription status

2. How We Use Your Information

We use your information to:

• Provide our service: Maintain your library, sync data, enable features
• Account management: Authentication, password resets, account verification
• Communication: Service updates, security alerts, support responses
• Improve our service: Analytics, bug fixes, feature development
• Legal compliance: Fraud prevention, legal obligations

3. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Consent: Marketing communications, beta testing participation
• Contract performance: Providing the service you signed up for
• Legitimate interests: Service improvement, security, analytics
• Legal obligation: Compliance with applicable laws

4. Information Sharing

We do not sell your personal information. We may share information with:

4.1 Service Providers

• Stripe: Payment processing (subject to their privacy policy)
• Email service: Transactional emails and notifications
• Hosting providers: Secure data storage and service delivery

4.2 Legal Requirements

We may disclose information if required by law, regulation, or legal process, or to protect our rights, users, or others from harm.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction.

5. Data Security

We implement appropriate security measures including:

• Encryption: Data encrypted in transit and at rest
• Access controls: Limited access to personal data
• Regular audits: Security assessments and updates
• Secure hosting: Industry-standard infrastructure

6. Data Retention

We retain your information:

• Account data: Until you delete your account
• Usage data: Up to 2 years for analytics
• Support data: Up to 1 year after resolution
• Legal data: As required by applicable laws

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate information
• Erasure: Request deletion of your data
• Portability: Export your data in a standard format
• Restriction: Limit how we process your data
• Objection: Opt out of certain processing activities
• Withdraw consent: Revoke previously given consent

8. Communication Preferences

You can control communications in your account settings:

• Essential notifications: Account security, service updates (cannot be disabled)
• Marketing emails: Newsletter, product updates (opt-in)
• Beta testing: Early access programs (opt-in)

9. Cookies and Tracking

We use cookies and similar technologies for:

• Authentication: Keep you logged in
• Preferences: Remember your settings
• Analytics: Understand service usage
• Security: Detect and prevent fraud

You can control cookies through your browser settings.

10. International Data Transfers

Your information may be processed in countries other than your own. We ensure adequate protection through:

• Standard contractual clauses
• Adequacy decisions by data protection authorities
• Appropriate safeguards for international transfers

11. Children's Privacy

Our service is not intended for users under 13 years old. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

12. Changes to Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

• Notify users of significant changes via email
• Post updates on our website
• Maintain a history of policy versions

13. Contact Information

For privacy-related questions or to exercise your rights:

• Email: [email protected]
• Support: [email protected]
• Website: https://bookitup.chrisnicholl.com

14. Data Protection Officer

If you are in the EU and have concerns about our data processing, you may contact your local data protection authority.