Book Binder
searchSign In

Legal

Privacy Policy

Effective April 2, 2026

Book Binder is built on the belief that your reading life is private. This policy explains exactly what data we collect, why, and how you can control it.

01.Who We Are

  • Book Binder ('we', 'us', 'our') is the data controller responsible for your personal data. We operate the web application at mybookbinder.com and the Book Binder Desktop Agent software.
  • Contact: support@mybookbinder.com

02.What We Collect

  • Account information (name, email address) provided when you register via Clerk Authentication.
  • Library metadata: book titles, authors, file paths, cover images, and reading progress. The text contents of your books are never read or processed by Book Binder.
  • Usage data: pages read, reading progress percentage, and devices used. This is used solely to power cross-device progress sync.
  • Cloud file cache: when you open a book through the Desktop Agent, a copy of that file is transmitted to your personal, private Supabase Storage bucket so it can be accessed on other devices. This transfer occurs with your knowledge and is not accessible to other users or to Book Binder staff.
  • Email address if you voluntarily submit it on our waitlist or contact form.

03.What We Do Not Collect

  • The text contents of your books. Book Binder never reads, indexes, or analyses the content of any file in your library.
  • Payment card details. Payments are processed entirely by Stripe. We receive only a transaction confirmation token and your subscription status.
  • Data from third-party accounts or services you have not explicitly connected to Book Binder.
  • We do not sell, rent, or trade your personal data to any third party.

04.Legal Basis for Processing (GDPR Article 6)

  • Contract performance (Art. 6(1)(b)): processing your account information and library metadata is necessary to provide the Book Binder service you have signed up for.
  • Legitimate interests (Art. 6(1)(f)): processing usage data to improve reliability and cross-device sync. Our interest in improving the service does not override your privacy rights.
  • Consent (Art. 6(1)(a)): sending marketing or product update emails to waitlist subscribers. You may withdraw consent at any time by emailing support@mybookbinder.com.
  • Legal obligation (Art. 6(1)(c)): retaining billing records as required by applicable tax and financial law.

05.How We Use Your Data

  • To create and manage your account and authenticate your identity.
  • To provide cross-device reading progress sync and library management.
  • To contact you about your account, billing, or important changes to the service.
  • To send product updates only if you have explicitly opted in via the waitlist.
  • To comply with legal obligations such as tax record-keeping.

06.Data Retention

  • Account data is retained for as long as your account is active.
  • Upon account deletion, all personal data (account info, library metadata, reading progress, and cloud file cache) is permanently deleted within 30 days.
  • Billing records required by law (e.g. invoices) may be retained for up to 7 years after the transaction.
  • Waitlist email addresses are retained until you request removal or the waitlist is closed.

07.Data Storage & Security

  • Account data is stored by Clerk (clerk.com), which is SOC 2 Type II certified.
  • Library metadata and reading progress are stored in Supabase (supabase.com), hosted on AWS, encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Cloud file caches are stored in your personal, isolated Supabase Storage bucket. No other user or Book Binder employee can access your files.
  • We apply reasonable technical and organisational measures to protect your data, but no system is entirely secure. In the event of a breach that affects your rights, we will notify you as required by law.

08.Third-Party Services

  • Clerk (clerk.com) — authentication and user management. Clerk's privacy policy applies to data they process.
  • Supabase (supabase.com) — database and file storage, hosted on AWS us-east-1.
  • Stripe (stripe.com) — payment processing. Stripe's privacy policy applies to payment data.
  • Open Library (openlibrary.org) — public metadata enrichment. Only book titles and ISBNs are sent. No personal data is transmitted.

09.Your Rights

  • Right of access: you may request a copy of all personal data we hold about you.
  • Right to rectification: you may ask us to correct inaccurate or incomplete data.
  • Right to erasure: you may request deletion of your account and all associated data.
  • Right to restriction: you may ask us to pause processing your data while a dispute is resolved.
  • Right to data portability: you may request your data in a machine-readable format (JSON).
  • Right to object: you may object to processing based on legitimate interests at any time.
  • Withdrawing consent: where processing is based on consent (e.g. marketing emails), you may withdraw it at any time without affecting the lawfulness of prior processing.
  • To exercise any of these rights, email support@mybookbinder.com. We will respond within 30 days.
  • If you are in the EU or UK and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local supervisory authority (e.g. the ICO in the UK, or your national DPA in the EU).

10.California Residents (CCPA)

  • We do not sell your personal information to any third party.
  • California residents have the right to know what personal information is collected, to request deletion, and to opt out of sale (not applicable here, as we do not sell data).
  • To exercise your California rights, email support@mybookbinder.com.

11.Cookies

  • We use only functional cookies strictly necessary for authentication and session management (set by Clerk).
  • We do not use advertising, analytics, or tracking cookies.
  • No consent banner is shown because no non-essential cookies are set.

12.Children's Privacy

  • Book Binder is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

13.Changes to This Policy

  • We may update this policy as the product evolves. We will notify you of significant changes by email at least 30 days before they take effect.
  • If you do not agree to the updated policy, you may delete your account before the effective date. Continued use after that date constitutes acceptance of the revised policy.

14.Contact

  • Data controller: Book Binder
  • Email: support@mybookbinder.com
  • We aim to respond to all privacy-related requests within 30 days.