Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored in hashed form using bcrypt).

Billing Information

When you subscribe to a paid plan, payment is processed by Stripe, Inc. We store your Stripe customer ID and subscription details. We do not store credit card numbers, bank account information, or other payment credentials—these are handled entirely by Stripe pursuant to their privacy policy.

Book and Reading Data

You may add books to your collection by entering titles, ISBNs, authors, and other metadata. We also store your reading status, dates, ratings, and personal reader notes. Book metadata may be auto-filled from the Open Library API when you provide an ISBN.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, browser type, and device information. This data is collected through:

• Vercel Analytics — for performance monitoring and page view tracking

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Store and display your book collection, reading history, and statistics
• Look up book metadata from Open Library when you provide an ISBN
• Process payments and manage subscriptions
• Send transactional emails (e.g., password reset notifications)
• Monitor usage to enforce tier limits (Free, Plus)
• Analyze usage patterns to improve the Service
• Protect against fraud and abuse

3. Third-Party Data Processors

We share data with the following third-party services, solely for the purposes described:

4. Data Retention

• Account data is retained for as long as your account is active.
• Book and reading data is retained until you delete individual books or your account is closed.
• Usage analytics are retained per Vercel's standard retention policies.

Upon account deletion, we will delete your account data, books, reading history, and subscription records within 30 days.

5. Data Security

We implement reasonable security measures to protect your data, including:

• Passwords hashed using bcrypt (12 salt rounds)
• HTTPS encryption for all data in transit
• Database access restricted to authorized application services
• Stripe webhook signature verification for payment events
• Environment-based secret management (API keys never exposed to the client)
• Per-user data isolation (users can only access their own books)

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Delete your account and associated data
• Object to processing based on legitimate interests

To exercise these rights, contact us at support@mybookvault.me.

7. Cookies and Tracking

The Service uses cookies and similar technologies for:

• Authentication — session cookies to keep you logged in
• Theme preference — localStorage to remember your light/dark mode choice
• Analytics — Vercel Analytics for usage tracking

You may disable cookies in your browser settings, though this may affect Service functionality.

8. Children's Privacy

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notice. Continued use of the Service after changes constitutes acceptance.

10. Contact Us

If you have questions about this Privacy Policy, contact us at hello@mybookvault.me.