Privacy Policy

1. Introduction

Welcome to LibRoom. This Privacy Policy explains how Nikita Kurnosov ("we," "us," or "our") collects, uses, and shares information about you when you use our mobile application, LibRoom (the "App"), and our marketing website, libroom.app (the "Website").

This single policy covers both the App and the Website. We will clearly indicate where a practice applies only to one platform.

By using our App or Website, you agree to the collection and use of information in accordance with this policy.

2. What Data We Collect

We collect information in a few different ways to provide and improve our services.

Data You Provide Directly (App & Website)

• Account Information: When you create an account, we collect your name, email address, and a hashed version of your password. If you sign up using "Continue with Google," we receive your name and email address from your Google account.
• Your Book Library: We collect all the data you add to your library, including book titles, authors, cover images you upload, reviews, ratings, reading statuses (e.g., "Unread," "Finished"), reading session dates, and your annual Book Challenge goals.
• Support Communications: If you contact us for support through the App or by email, we collect the content of your message and any other information you provide to help us resolve your query.

Data We Collect Automatically (App-Specific)

• Usage Analytics: We use an EU in-app analytics provider to collect anonymous data about your interactions with the App, such as which features you use and which buttons you tap. This helps us understand how the App is used so we can improve it. This data is not used to identify you personally.
• Technical Information: We collect basic technical information, such as your device type (e.g., iPhone 15), operating system version (e.g., iOS 17), and App version, to help us diagnose bugs and improve compatibility.
• Camera Access for Barcode Scanning: The App will ask for permission to access your device's camera. This permission is used exclusively to enable the barcode scanning feature for adding books. We do not store or transmit any images or videos from your camera. The processing happens on your device.

Data We Collect Automatically (Website-Specific)

• Website Analytics: When you visit our Website, we use Google Analytics to collect information about your visit, such as your IP address (which is anonymized), browser type, the pages you visited, and the time and date of your visit. This helps us understand our website traffic. For more details, see the "Cookies & Website Analytics" section below.

3. How and Why We Use Your Data

We use the data we collect for the following purposes:

• To Provide and Maintain the Service: To create your account, host your cloud library, track your reading progress, and manage your Book Challenge.
• To Improve and Personalize the App: To analyze usage patterns with our EU in-app analytics provider to fix bugs, develop new features, and make the App more useful for you.
• To Communicate with You: To send essential service-related communications, such as password reset codes and account verification emails, via our EU cloud-mail service; we also use your information to respond to your support requests.
• To Secure Our Services: To protect your account from unauthorized access and to monitor for and prevent fraudulent activity.
• To Fulfill API Requests: To search for books when you use the search or barcode scanning features. Your personal account data is not shared with these services.

4. Our Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA) or the UK, we only process your personal data when we have a valid legal basis to do so:

• Performance of a Contract (Art. 6 (1)(b) GDPR): We process your data to provide the services you signed up for, such as managing your account and book library. This is necessary to fulfill our Terms of Service.
• Legitimate Interest: We process your data for our legitimate interests, such as improving the App with analytics, securing our services, and responding to your support queries, provided these interests are not overridden by your rights and interests.
• Consent: We rely on your consent for using non-essential cookies on our Website (for visitors from the EEA/UK) and for any future marketing communications. You can withdraw your consent at any time.

5. When We Share Your Data

We never sell your personal data. We disclose it only to the following categories of service providers, all bound by strict data-processing agreements:

• EU Cloud-Hosting Provider (European Union): To run the LibRoom backend and send account-related emails.
• EU In-App Analytics Provider (European Union): To gather aggregated usage statistics that help us improve our features.
• Authentication Provider (Google Sign-In, optional; United States): To let you create or access an account with your Google credentials. This transfer is protected by the EU–US Data Privacy Framework & SCCs.
• External Book-Metadata Databases (Various): To return book details when you search by title, ISBN, or scan a barcode.
• Legal or Regulatory Bodies (As required): To comply with legal obligations that require us to share data.

6. International Data Transfers

Our primary data servers are located in the European Union. However, some of our third-party service providers, such as Google, are based in the United States.

When we transfer your data outside the EEA or UK, we protect it with legally recognised safeguards such as the EU–US Data Privacy Framework and/or the European Commission's Standard Contractual Clauses (SCCs).

By using our service, you acknowledge that your data may be transferred to and processed in the United States.

7. Cookies & Website Analytics

Cookies are small text files stored on your device when you visit a website. Our Website uses cookies for analytics purposes.

We use Google Analytics to understand how visitors engage with our site. Google Analytics uses cookies to collect information, which is then used to compile reports about website activity.

• Cookies Used: _ga, _ga_<container-id>
• Purpose: These cookies are used to distinguish users and analyze website traffic.
• Cookie Lifetime: The _ga cookie has a default lifetime of 2 years, which resets with each visit.
• Server-Side Data Retention: The user and event data we store on Google's servers is automatically deleted after 14 months.

How to Opt-Out:

You can prevent your data from being used by Google Analytics by installing the Google Analytics Opt-Out Browser Add-on, available at: https://tools.google.com/dlpage/gaoptout.

LibRoom blocks Google Analytics cookies by default and sets them only after you tap 'Accept analytics' on our cookie banner.

For visitors from the EEA and UK, we will ask for your consent via a cookie banner before placing any non-essential analytics cookies on your device.

8. Data Retention

We keep your personal data, including your account and library information, for as long as your account is active.

If you choose to delete your account, your data will be permanently deleted from our live systems immediately. This data may remain in our server backups for up to 30 days, after which it will be permanently erased.

In addition to your account data, we retain other types of information for specific periods:

• Security & audit logs: Up to 12 months for fraud prevention and security analysis.
• Consent records: Up to 6 years to demonstrate compliance with legal obligations.

Aggregated analytics data, from which direct personal identifiers have been removed, may be retained for longer periods to help us with long-term service improvement.

9. How to Delete Your Account

If you wish to permanently delete your LibRoom account and all associated data, follow the steps described on our dedicated deletion page: Delete your LibRoom account.

That page explains both the in-app path (My Info → Delete account) and the e-mail method, plus exactly what data is removed and when.

10. Your Data Protection Rights

You have specific rights regarding your personal data. Depending on your location, these may include:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can ask us to correct any inaccurate or incomplete data. You can edit your name and email in the App's profile settings.
• Right to Erasure (or “Right to be Forgotten”): You can request that we delete your personal data. The easiest way to do this is by using the “Delete Account” feature in the App.
• Right to Restrict Processing: You can ask us to temporarily stop processing your data under certain conditions.
• Right to Data Portability: You can request your data in a structured, machine-readable format.
• Right to Object: You can object to us processing your data for our legitimate interests.
• Right to Withdraw Consent: Where we rely on your consent, you can withdraw it at any time.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, please use the relevant features in the App (like profile editing or account deletion) or contact us at the email address provided below. You also have the right to lodge a complaint with your local data-protection authority or with the French CNIL (our lead DPA).

11. Children's Privacy

Our services are not directed to or intended for use by children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us. If we become aware that we have collected personal data from a child, we will take steps to delete that information from our servers.

12. Security

We take the security of your data seriously and use reasonable administrative, technical, and physical safeguards to protect it. These measures include using TLS/SSL encryption for data in transit, hashing passwords, and restricting access to our systems.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the “Last Updated” date at the top of this policy and may provide a more prominent notice within the App. We encourage you to review this policy periodically.

14. How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us: