Privacy Policy

Last updated: 2 August 2025

1. Introduction

Bookworm ("Bookworm", "we", "our" or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect when you use the Bookworm application and related services (collectively, the "Service"), why we collect it, how we use and share it, and your choices regarding your data.

Please read this Policy carefully. By accessing or using the Service you acknowledge that you have read and understood it.

2. Definitions

"Personal Data"
means any information that identifies or can be used to identify an individual.
"Processing"
means any operation performed on Personal Data.
"User" (or "you")
means a person who registers for or otherwise uses the Service.

3. Information We Collect

Category Examples Purpose
Account Data Email address, hashed password, verification status Create and secure your account; authenticate log‑in; allow password reset/change
Reading Data Books you add or modify, reading entries (page numbers, notes, timestamps), progress toward finishing a book Provide core functionality (track reading, show statistics)
Usage & Device Data Browser/OS details, referrer, timestamps, log messages, visualised metrics Operate, secure, debug, and improve the Service; generate aggregated statistics
Communications Support requests, email messages, responses to surveys Respond to you and improve our relationship
Cookies & Similar Technologies Session cookies, CSRF tokens, analytics cookies (only with consent) Maintain your session, remember preferences, measure audience

4. How We Use Personal Data

We process your Personal Data only when we have a lawful basis, including to:

  • Provide and maintain the Service (e.g., track reading progress, allow account recovery).
  • Authenticate and secure the Service, detect fraud, and protect against abuse.
  • Respond to your requests and provide customer support.
  • Improve and personalize features, performance, and user experience.
  • Send service‑related communications such as verification emails, password‑reset links or important updates.
  • Comply with legal obligations and enforce our Terms of Service.
  • With your consent – e.g., for optional analytics or marketing.

5. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area or the United Kingdom, our legal bases include:

  • Contract performance (Art. 6 (1)(b) GDPR)
  • Legitimate interests (Art. 6 (1)(f) GDPR), such as securing and improving the Service, provided these interests are not overridden by your rights.
  • Consent (Art. 6 (1)(a) GDPR) where we rely on optional cookies or marketing communications.
  • Legal obligation (Art. 6 (1)(c) GDPR).

6. Sharing of Personal Data

We never sell your Personal Data. We share it only as described below:

  • Service providers that host our infrastructure or provide analytics, email delivery, customer‑support tools, or security monitoring – bound by confidentiality and data‑processing agreements.
  • Legal and regulatory authorities when required by law or to protect rights, property, or safety.
  • Business transfers if we undergo a reorganization, merger, or sale, in which case Personal Data may be transferred as permitted by law.

7. International Data Transfers

Our primary servers are located in the EU. If we transfer Personal Data outside the European Economic Area/United Kingdom, we will rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

8. Data Retention

We retain Personal Data only for as long as necessary:

Data Typical Retention Deletion/Anonymization
Account Data While account is active; deleted instantaneously after request Securely purged from production DB and in 7 days from backups
Reading & Usage Data Until you delete the relevant book/entry or close your account Aggregated/anonymous data may be kept for analytics
Logs 30 days Automatically purged

We may retain data longer if required to comply with legal obligations or resolve disputes.

9. Security

We use industry‑standard measures to protect Personal Data, including:

  • Transport‑layer encryption (HTTPS/TLS)
  • Password hashing
  • Role‑based access controls
  • Continuous monitoring via Grafana and alerts
  • Regular security testing and patch management

No system is 100% secure; please contact us immediately if you believe your account or data has been compromised.

10. Your Rights

Subject to local law, you may have the right to:

  • Access, correct, or delete Personal Data we hold about you
  • Restrict or object to certain processing
  • Receive an electronic copy in a portable format
  • Withdraw consent at any time (without affecting processing already performed)
  • Lodge a complaint with a supervisory authority

To exercise your rights, email us at info [at] lotsansm.com.

11. Children's Privacy

Bookworm is not directed to children under 16. We do not knowingly collect Personal Data from children. If you learn that a child has provided us Personal Data, please contact us and we will delete it.

12. Changes to This Policy

We may update this Policy from time to time. We will post the new version and, if the changes are material, notify you by email or through the Service at least 14 days before they take effect. Your continued use of the Service after the effective date will constitute acceptance.

13. Contact Us

If you have questions about this Policy or your Personal Data, please contact us at:

Email: info [at] lotsansm.com

Postal address: Rigoczki Tamas EV, Akac utca 4, Rakocziujfalu, Hungary, 5084