Privacy Policy

1. Introduction

Welcome to Bibliotheca ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience using our mobile application ("App" or "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our reading tracker application.

By using Bibliotheca, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account and use Bibliotheca, we may collect:

• Account Information: Email address, display name, and profile picture when you create an account using email, Apple Sign In, or Google Sign In.
• Reading Data: Information about books you add to your library, including titles, authors, ISBN numbers, page counts, reading status, progress, ratings, reviews, and notes.
• Goal Data: Reading goals you set, including target books, pages, or time periods.
• Session Data: Reading session information including start/end times, duration, and pages read.
• Social Data: Friend connections, reading buddy pairings, circle memberships, challenge participations, and messages you send within the app.
• Preference Data: App settings, theme preferences, notification preferences, and privacy settings.
• Subscription Data: If you subscribe to premium features, we collect transaction identifiers and subscription status (actual payment processing is handled by Apple or Google).
• User-Generated Content: Custom book entries, shelf names, notes, reviews, and any other content you create.

2.2 Device Permissions and Integrations

With your explicit permission, we may access certain device features:

• Camera: Used solely to scan book barcodes for quick adding to your library. No images are stored or transmitted.
• Photo Library: Used to select custom book covers or profile photos. Only photos you explicitly select are accessed.
• Apple Health / Health Connect: With your permission, Bibliotheca can log reading sessions as mindfulness time. This data is written to your device's health platform and is never stored on our servers. You can revoke this permission at any time through Settings.
• Calendar: With your permission, Bibliotheca can add reading-related events to your calendar, such as book club meetings and reading goal reminders.

All device permissions are optional. The App functions fully without granting any of these permissions.

2.3 Information Collected Automatically

When you use our App, we automatically collect certain information:

• Device Information: Device type, operating system version, unique device identifiers, and mobile network information.
• Usage Information: App feature usage, session duration, screens viewed, and interaction patterns.
• Crash and Diagnostic Data: Error logs, crash reports, and performance data collected via Firebase Crashlytics. This data is retained for 90 days.
• IP Address: Your IP address may be collected for security, fraud prevention, and general analytics purposes.

2.4 Guest Mode

If you use Guest Mode, your data is stored locally on your device only. We do not collect, transmit, or store any of your reading data on our servers when using Guest Mode. Guest Mode data cannot be synced across devices and will be lost if you delete the app or clear its data.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing the Service

• To create and manage your account
• To sync your reading data across your devices
• To enable social features including friend connections, reading circles, challenges, and buddy systems
• To provide personalized book recommendations (premium feature)
• To generate your reading statistics and Year in Review
• To process and manage your subscription
• To send you notifications about your reading progress, goals, and social activity (if enabled)

3.2 Improving and Maintaining the Service

• To analyze usage patterns and improve the user experience
• To identify and fix bugs, crashes, and technical issues
• To develop new features based on user needs
• To ensure the security and integrity of our systems

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

4.1 Service Providers

We use trusted third-party service providers to help operate our Service:

• Firebase (Google): Authentication, database storage, cloud functions, analytics, and crash reporting.
• Google Books API: Book metadata retrieval.
• Open Library API: Additional book metadata retrieval.
• Apple and Google: Payment processing for subscriptions through their respective app stores.

4.2 Social Features

When you use social features, certain information is shared with other users:

• Your display name and profile picture are visible to friends and circle members
• Your reading activity may be visible to friends based on your privacy settings
• Challenge participants can see each other's progress
• Reading buddies can see each other's activity and send messages

You control what information is shared through your Privacy Settings in the app.

4.3 Affiliate Links

Our App may contain affiliate links to third-party book retailers, including Amazon, Bookshop.org, and Apple Books. We do not share your personal information with affiliate partners; only the click-through is tracked by the retailer.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Storage and Security

Your data is stored using Firebase/Google Cloud infrastructure, primarily in data centers located in the United States. We implement industry-standard security measures including:

• Encryption in transit (TLS/HTTPS) for all data transmission
• Encryption at rest for stored data
• Firebase Security Rules to restrict data access
• Cloud Functions for sensitive operations to prevent unauthorized client-side access
• Regular security audits and updates
• Access controls limiting employee access to user data

6. Data Retention

We retain your information for as long as your account is active or as needed to provide you with the Service:

• Account and reading data: Retained until you delete your account
• Reading sessions: Retained for the duration of your account for statistics
• Messages and social content: Retained until you delete them or your account
• Analytics data: Aggregated and anonymized data may be retained indefinitely
• Backup data: May be retained for up to 30 days after deletion

When you delete your account, we delete or anonymize your personal information within 30 days.

7. Your Rights and Choices

7.1 Access and Export

You can access your data at any time through the App. Premium subscribers can export their complete reading history and data through Settings.

7.2 Correction

You can update or correct your personal information, including your profile, books, and reading data, directly within the App at any time.

7.3 Deletion

You can delete your account and all associated data through Settings > Account > Delete Account. This action is permanent and cannot be undone.

7.4 Privacy Controls

You have granular control over your privacy through Settings > Privacy Settings, including:

• Profile visibility (public, friends only, private)
• What reading activity is shared
• Who can send you friend requests and invitations
• Whether you appear in search and buddy matching
• Activity feed participation
• Ghost Mode for anonymous browsing sessions

8. Your Privacy Rights by Region

8.1 European Economic Area (GDPR)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation, including the right to access, rectification, erasure, restrict processing, data portability, object to processing, and withdraw consent at any time.

8.2 California (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, delete your personal information, and opt-out of the sale or sharing of personal information (we do not sell your data).

9. Children's Privacy

Bibliotheca is not directed at children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at contact@wolpertinger.org and we will delete such information from our servers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy in the App and updating the "Last Updated" date at the top of this policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: contact@wolpertinger.org
Subject Line: "Privacy Inquiry - Bibliotheca"

We will respond to your request within 30 days (or sooner as required by applicable law).