Privacy Policy
Effective date: June 29, 2026
This Privacy Policy explains how Bookisty(“we”, “us”, “our”) collects, uses, and protects your information when you use Bookisty(the “Service”). We designed it to be readable while meeting our obligations under major privacy laws, including the GDPR, UK GDPR, CCPA/CPRA, PIPEDA, LGPD, COPPA, and the ePrivacy Directive.
By using the Service, you agree to this Privacy Policy.
1. Information We Collect
We collect the following categories of information:
- Account information — your name, username, email address, and password (stored hashed by our authentication provider).
- Profile information — optional details you add, such as your education level or study goals.
- Uploaded content — the readings you add (PDFs, pasted text, and links) and the summaries, explanations, quizzes, and flashcards generated from them.
- Payment information — processed by our third-party payment processor. We do not receive or store your full card number.
- Device and technical information — IP address, browser type, operating system, and device identifiers.
- Usage, log, and diagnostic data — interactions with the service, log data, analytics, and crash reports.
- Cookies and similar technologies — as described in the Cookies section below.
2. How We Use Information
- To provide, operate, and maintain the service.
- To authenticate you and secure your account.
- To provide customer support and respond to your requests.
- For security, fraud prevention, and abuse detection.
- For analytics and to improve and develop the service.
- To communicate with you about your account and service updates.
- To comply with legal obligations and enforce our terms.
3. Legal Bases for Processing (GDPR / UK GDPR)
If you are in the European Economic Area or the United Kingdom, we process your personal data on these legal bases:
- Performance of a contract — to provide the service you sign up for.
- Legitimate interests — to secure, analyze, and improve the service, balanced against your rights.
- Consent — for non-essential cookies and optional communications, which you may withdraw at any time.
- Legal obligation — where processing is required to comply with the law.
5. Third-Party Services
We share data with trusted service providers who process it only on our behalf:
- Authentication & cloud hosting — [e.g., Supabase] for accounts, database, and file storage.
- Payment processor — [e.g., Stripe] for subscriptions and billing.
- AI providers — [e.g., Anthropic, OpenRouter] to generate summaries and study materials from your readings. Under their API terms, your content is not used to train their models.
- Email provider — [e.g., Resend] for transactional email.
- Analytics — [Analytics Provider], if enabled.
6. International Data Transfers
We operate globally, and your information may be processed in countries other than your own, including the United States. Where required, we rely on appropriate safeguards for international transfers, such as the European Commission’s Standard Contractual Clauses or equivalent mechanisms.
7. Data Retention
We retain your information for as long as your account is active or as needed to provide the service, and afterward only as required to comply with legal obligations, resolve disputes, and enforce our agreements. You can delete individual readings at any time, and you may request deletion of your account and associated data.
8. Your Rights
Depending on where you live, you may have the following rights over your personal information:
- Access a copy of the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data (the right to erasure).
- Receive your data in a portable format.
- Object to or restrict certain processing.
- Withdraw consent at any time, without affecting prior processing.
California (CCPA/CPRA): you have the right to know, delete, correct, and opt out of the sale or sharing of personal information, and not to be discriminated against for exercising these rights. Canada (PIPEDA) and Brazil (LGPD) residents have comparable rights. To exercise any right, contact us using the details below; we may need to verify your identity first.
9. Children's Privacy
Bookisty is not directed to children under 13 (or the minimum age required in your country), and we do not knowingly collect their personal information (COPPA). If you believe a child has provided us data, contact us and we will delete it.
10. Security Measures
We use reasonable technical and organizational measures to protect your information, including encryption in transit and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
11. Do Not Sell or Share My Personal Information
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. If this ever changes, we will update this policy and provide an opt-out mechanism as required by the CCPA/CPRA.
12. Changes to This Privacy Policy
We may update this policy from time to time. We will revise the effective date above and, for material changes, provide additional notice where appropriate.
13. Contact Information
For privacy questions or to exercise your rights, contact Bookisty at support@bookisty.com.