BookPal (“we,” “us,” or “our”) operates the BookPal mobile application (“App”). This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use the App.
By using the App, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the App.
1. Information We Collect
1.1 Information You Provide
Account Information
When you create a BookPal account, we collect:
- Email address
- Password (stored in hashed form; we never have access to your plain-text password)
- Name (if you choose to provide it via Apple Sign-In)
If you sign in with Apple, Apple may share your name and email address (or a private relay email address if you choose to hide your email). We receive only the information Apple provides based on your Apple ID sharing preferences.
User Content
When you use BookPal, you may provide:
- EPUB book files that you upload
- Chat messages and questions you ask about your books
- Reading position updates
Subscription Information
If you purchase a BookPal Unlimited subscription, your payment is processed by Apple’s App Store or Google Play. We do not receive or store your credit card number, bank account details, or other financial payment information. We receive subscription status information (active, expired, canceled) and transaction identifiers from our subscription management provider, RevenueCat.
1.2 Information Collected Automatically
Usage Data
When you use the App, we automatically collect:
- Reading progress and position data (which pages/sections you have read)
- Reading session timestamps and duration
- Book processing status
- AI feature usage metrics (number of tokens processed, which AI operations you use, estimated cost)
Device and Technical Data
We collect limited device information necessary for the App to function:
- Device type and operating system version
- App version
- IP address (collected by our cloud infrastructure provider as part of standard server operations)
1.3 Information We Do Not Collect
- We do not use advertising identifiers or tracking pixels.
- We do not track your activity across other apps or websites.
- We do not collect precise geolocation data.
- We do not collect biometric data.
- We do not collect contacts, call logs, or SMS data.
- We do not use third-party analytics or advertising SDKs in the App.
Our iOS Privacy Manifest explicitly declares that the App performs no cross-app tracking.
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Data Used |
|---|---|
| Provide core App functionality | Account info, uploaded books, reading progress |
| AI-powered features (summaries, chat, insights) | Book text excerpts, chat messages, reading position |
| Subscription management | Subscription status, transaction IDs, user ID |
| Reading progress tracking | Position data, session timestamps |
| Offline access | Cached books, progress, and summaries stored locally on your device |
| Account security | Email, authentication tokens, IP address |
| Service improvement | Aggregated, non-identifying usage patterns |
| Customer support | Account info, usage data as needed to resolve issues |
| Legal compliance | Any data as required by law |
We do not use your personal information for advertising, profiling, or selling to third parties.
3. AI Data Processing
BookPal uses Google’s Gemini AI technology to power summaries, chat, action insights, and session recaps. When you use AI-powered features:
3.1 What Data Is Sent to Google
- Book text excerpts: Relevant text chunks (approximately 1,500 characters each) from sections you have already read are sent to Google’s Gemini API for processing.
- Your questions and prompts: When you use the AI chat feature, your messages are sent to Gemini along with relevant book context.
- Book metadata: Title and author information may be included in AI prompts for context.
3.2 What Data Is Not Sent to Google
- Your email address or account credentials
- Your payment or subscription information
- Content from sections you have not yet read (our system prevents spoilers)
- Your full EPUB files (only relevant text chunks are sent)
3.3 Google’s Use of Your Data
We use Google Gemini’s paid API tier. Under Google’s Gemini API Terms of Service, data sent through the paid API is not used by Google to train or improve their general AI models. Google processes AI requests in accordance with its Privacy Policy.
3.4 AI Usage Tracking
We log metadata about your AI usage, including the type of AI operation, the AI model used, token counts (input and output), and estimated processing cost. This data is linked to your account and helps us manage service costs and provide you with usage transparency. You can view your AI usage history within the App.
4. How We Share Your Information
We do not sell, rent, or trade your personal information. We share your data only with the following categories of service providers, solely for the purposes described below:
4.1 Service Providers
| Provider | Data Shared | Purpose |
|---|---|---|
| Supabase (cloud infrastructure) | Account data, books, reading progress, conversations, all App data | Database hosting, user authentication, file storage |
| Google Gemini (AI processing) | Book text excerpts, chat prompts | AI-powered summaries, chat, and insights |
| RevenueCat (subscription management) | User ID, subscription events | Managing subscriptions, verifying entitlements |
| Apple App Store / Google Play | Payment information you provide directly to them | Processing subscription payments |
Each of these providers processes data on our behalf and is contractually obligated to protect your data and use it only for the purposes we specify.
4.2 Legal Requirements
We may disclose your information if required to do so by law, court order, or governmental request, or if we believe in good faith that disclosure is necessary to:
- Comply with a legal obligation.
- Protect and defend our rights or property.
- Prevent fraud or address security issues.
- Protect the safety of our users or the public.
4.3 Business Transfers
If BookPal is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
5. Data Storage and Security
5.1 Where Your Data Is Stored
Cloud Storage: Your account data, books, reading progress, and other App data are stored on servers operated by Supabase, located in the United States. Uploaded EPUB files and book cover images are stored in Supabase’s cloud storage infrastructure.
Local Storage: For offline access and performance, the App stores data locally on your device using:
- SQLite database: Cached copies of your books, reading progress, summaries, conversations, and other App data.
- Device file system: Downloaded EPUB files and book cover images.
- Secure storage (iOS Keychain / Android Keystore): Authentication tokens are stored using your device’s secure storage mechanism.
5.2 Security Measures
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption of data in transit using HTTPS/TLS.
- Encryption of data at rest through our cloud infrastructure provider.
- Secure token storage using platform-native secure storage (iOS Keychain, Android Keystore).
- Authentication and access controls on all API endpoints.
- Signed, time-limited URLs for EPUB file downloads (URLs expire after 1 hour).
While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with the App’s services.
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Uploaded books and processed data | Until you delete your account |
| Reading progress and history | Until you delete your account |
| Conversations and chat messages | Until you delete your account |
| AI-generated summaries and insights | Until you delete your account |
| AI usage logs | Until you delete your account |
| Subscription records | Until you delete your account (may be retained longer for legal/tax obligations) |
| Locally cached data | Until you clear cache, sign out, or delete the App |
After account deletion, your personal data is permanently deleted from our systems. Certain data may persist temporarily in encrypted backups before being purged during our regular backup rotation cycle.
7. Account Deletion and Your Data
You can delete your account at any time through the App’s profile settings. When you delete your account, we permanently delete:
- Your account information (email, authentication data)
- Your reading progress and reading history
- Your conversations, chat messages, and AI interactions
- Your AI-generated summaries, session summaries, and action insights
- Your AI usage logs
- Your subscription records
- Your user-book library associations
What is not deleted: Book files and their processed data (text chunks, embeddings, chunk summaries) that serve as shared resources are not tied to individual users and are not deleted. These contain no personally identifiable information.
Local data: When you sign out or delete your account, the App automatically clears locally cached data from your device, including the SQLite database, downloaded EPUB files, and cached cover images.
Account deletion is permanent and irreversible. We cannot recover your data after it has been deleted.
8. Your Privacy Rights
8.1 All Users
Regardless of your location, you have the right to:
- Access your personal data through the App.
- Delete your account and associated data at any time.
- Update your account information.
- Clear locally cached data through the App’s settings.
8.2 European Economic Area (EEA) and United Kingdom Residents
If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR):
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate personal data.
- Right to erasure: Request deletion of your personal data (you can do this directly by deleting your account).
- Right to restrict processing: Request that we limit how we use your data.
- Right to data portability: Request a copy of your data in a structured, machine-readable format.
- Right to object: Object to our processing of your personal data.
- Right to withdraw consent: Where processing is based on consent, withdraw your consent at any time.
- Right to lodge a complaint: File a complaint with your local data protection authority.
Legal Basis for Processing (GDPR):
| Processing Activity | Legal Basis |
|---|---|
| Providing App services (account, library, reader) | Performance of contract |
| AI-powered features | Performance of contract |
| Subscription management | Performance of contract |
| Account security and fraud prevention | Legitimate interest |
| Service improvement (aggregated data) | Legitimate interest |
| Legal compliance | Legal obligation |
8.3 California Residents
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA/CPRA):
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected.
- Right to delete: Request deletion of your personal information.
- Right to correct: Request correction of inaccurate personal information.
- Right to opt-out of sale/sharing: We do not sell or share your personal information with third parties for cross-context behavioral advertising. No opt-out is necessary.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
- Right to limit use of sensitive personal information: We only use sensitive personal information (such as account login credentials) as necessary to provide the App’s services.
Categories of Personal Information Collected (past 12 months):
| Category | Examples | Business Purpose |
|---|---|---|
| Identifiers | Email address, user ID, IP address | Account management, service delivery |
| Commercial Information | Subscription status, transaction IDs | Subscription management |
| Internet/Electronic Activity | Reading progress, AI feature usage, App interactions | Service delivery, improvement |
| Inferences | AI-generated summaries and insights about book content | Core App feature |
We do not sell personal information. We do not use or disclose sensitive personal information for purposes other than providing the App’s services.
8.4 Exercising Your Rights
To exercise any of the above rights, please contact us at tarek.kekhia@emeraldlake.io. We will respond to verified requests within the timeframes required by applicable law (generally 30 days for GDPR, 45 days for CCPA).
9. International Data Transfers
Your data may be transferred to and processed in the United States, where our cloud infrastructure (Supabase) and AI service provider (Google) are located. If you are located outside the United States, your data will be transferred internationally.
For users in the EEA and UK, we rely on appropriate transfer mechanisms as required by the GDPR, including Standard Contractual Clauses (SCCs) incorporated into our agreements with service providers.
10. Children’s Privacy
BookPal is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to promptly delete such information.
If you are a parent or guardian and believe your child under 13 has provided personal information to us, please contact us at tarek.kekhia@emeraldlake.io.
11. Third-Party Links and Services
The App may contain references to third-party services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you interact with.
Relevant third-party privacy policies:
- Supabase: supabase.com/privacy
- Google (Gemini): policies.google.com/privacy
- RevenueCat: revenuecat.com/privacy
- Apple: apple.com/privacy
- Google Play: policies.google.com/privacy
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the “Last Updated” date at the top of this policy.
- Provide notice through the App or via email for significant changes.
We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes become effective constitutes your acceptance of the updated Privacy Policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
BookPal
Email: tarek.kekhia@emeraldlake.io