May 28, 2026
Privacy Policy
Detailed Bookleap Privacy Policy: what data we process, why it is needed, who may receive it, and how it is stored, synced, and deleted.1. About This Policy
This Privacy Policy explains how Bookleap processes information when you use the website, the iOS or Android mobile apps, server sync, support, online book search, subscriptions, advertising, and other related Bookleap features.
Bookleap is a personal reading tracker and book journal. Some data may remain local on your device, and some data may sync with Bookleap servers if you create an account or use features that require cloud processing.
2. Who Is Responsible for Your Data
Bookleap is responsible for the processing of personal data within Bookleap. In this Policy, "we", "us", and "our" mean Bookleap as the owner and operator of the app and website.
For privacy questions, data access, correction, export, or deletion requests, contact us at bookleap.tracker@gmail.com.
3. Quick Summary
We process data needed to operate a reading journal: account data, your book library, statuses, pages, reading sessions, quotes, notes, characters, genres, tags, goals, settings, covers, and technical app data.
We use this data to show your library, calculate statistics, run the timer, sync progress across devices, restore access, process subscriptions, show ads in free experiences, improve app stability, and respond to support requests.
We do not sell your personal library, notes, or quotes to third parties. Certain third-party services, such as Apple, Google, Firebase, Google AdMob, RevenueCat, cloud storage, or book metadata providers, may process limited data under their own terms, policies, and roles.
- You can use some features locally, but sync, data recovery, and some server features require an account or network connection.
- Your books, notes, quotes, and characters remain your user content.
- We do not use the contents of notes or quotes to sell data to advertisers.
- You can contact support for data access, correction, export, or deletion requests.
4. Account and Sign-In Data
When you create an account or sign in to Bookleap, we may process your user identifier, email, name, login, password hash, authentication tokens, account creation date, last update date, session state, linked sign-in provider, and technical records needed for secure authentication.
If you sign in with Apple or Google, we may receive from that provider an account identifier, email, email verification status, and name if available and shared by the provider. We do not receive your Apple or Google account password.
If you register with a login and password, the password is stored as a cryptographic hash. We do not store your password in plain text and cannot recover it as readable text.
5. Library and Reading Content
Bookleap may process data that you add to the app: book titles, authors, translators, publishers, ISBNs, page counts, language, book type, reading status, start and finish dates, ratings, tags, genres, categories, comments, favorite markers, reading goals, reading streaks, and other fields used to organize your library.
We may also process reading sessions: the related book, start and end time, pages read, starting and ending page, duration, activity history, and statistical summaries.
Notes, quotes, characters, character descriptions, traits, roles, note pages, and related book records are your user content. You choose what to add. Do not add information to Bookleap that you do not want stored or synced.
6. Covers, Images, and Files
If you add or upload book covers, character images, or other files, Bookleap may process the file, file name, file type, size, checksum, storage key or path, linked book or character, upload date, and update date.
Files may be stored in cloud storage or on Bookleap server infrastructure. Temporary signed links may be used to access files so that private files do not need to be publicly available.
7. Online Book Search and External Metadata Sources
When you use online book search, the search query, ISBN, or other text you enter may be sent to Bookleap servers and then to external metadata sources such as Google Books or Open Library. These services may return title, author, cover image, description, page count, categories, ISBN, and other book metadata.
Bookleap uses this information to help you add books to your library faster. If you open or use data from external providers, their processing may also be governed by the relevant provider's own terms and policies.
8. Technical Data, Device Data, and Logs
When you use the app or website, we may process technical data such as device type, operating system, app version, app language, theme, time zone, network state, errors, sync events, diagnostic messages, request URL, request date and time, and similar information.
This data is used for security, stability, error detection, abuse prevention, performance improvements, and user support. We try not to include the contents of your notes, quotes, or private library in technical logs unless needed for a specific support request or error investigation.
9. Analytics
Bookleap may use Firebase Analytics or similar tools to understand how the app works: screen views, app launches, tab changes, creating or editing books, sessions, and quotes, search events, import errors, paywall interactions, Premium status, language, theme, and other usage events.
Analytics helps us find problems, improve features, understand general usage patterns, and make product decisions. Analytics is not intended to read the contents of your notes or quotes. Events may include technical parameters, shortened values, or identifiers needed to measure feature behavior.
The availability, scope, and settings of analytics may depend on the platform, app version, device settings, and legal requirements.
10. Advertising
In free experiences, Bookleap may show ads, including through Google AdMob. To do this, ad services may process device data, advertising identifiers, IP address, approximate location, app information, ad interactions, and other data needed to show ads, measure ads, limit frequency, prevent fraud, and comply with advertising rules.
Depending on your region, device settings, and consent choices, ads may be personalized or non-personalized. You can manage tracking permissions, advertising identifiers, and ad personalization in iOS, Android, Google settings, or through in-app consent dialogs where they are available in your region.
We do not provide ad services with the contents of your private notes, quotes, or library for sale. However, advertising SDKs may independently process technical and advertising identifiers under their own policies.
11. Subscriptions, Purchases, and Premium
Purchases, subscriptions, trials, purchase restoration, and Premium status may be processed through the App Store, Google Play, and RevenueCat. We may receive or store a RevenueCat user identifier, active entitlements, subscription identifiers, purchase status, update date, and technical information needed to provide Premium features.
Bookleap generally does not receive full payment card details. Payment information is processed by the platform or payment provider under their own rules. App Store or Google Play rules may apply to payment questions, refunds, and subscription management.
12. Sync, Backups, and Server Processing
If you sign in or use sync, your library, sessions, notes, quotes, characters, categories, files, settings, and related technical identifiers may be sent to Bookleap servers to keep a backup, sync devices, resolve conflicts, and restore data after reinstalling the app.
Sync may use revisions, deletion markers, timestamps, and change queues. This lets the app understand which records are newer, which records were deleted, and which records should be updated on another device.
If you use Bookleap without an account, some core data may remain only on your device. Local data may be lost if you delete the app, clear device data, or lose access to the device, unless the data has been synced.
13. How We Use Data
We use data to provide Bookleap features: library management, reading journal, timer, statistics, calendar, goals, quotes, notes, characters, book search, import, sync, backups, Premium access, advertising, support, and security.
Data may also be used to diagnose errors, improve the interface, measure performance, prevent spam and fraud, comply with legal obligations, protect the rights of Bookleap, users, or third parties, and communicate with you about support or important service changes.
14. Legal Bases for Processing
If GDPR, UK GDPR, or similar laws apply to you, our legal bases may include: performance of a contract with you when data is needed to provide the app; your consent, for example for certain advertising or analytics scenarios; our legitimate interest in maintaining security, stability, and service improvement; compliance with legal obligations; vital interests or legal claims where applicable.
| Data category | Purpose | Legal basis |
|---|---|---|
| Account and sign-in data | Account creation, authentication, access recovery, sync across devices | Performance of a contract; legitimate interest in security |
| Library, sessions, notes, quotes, characters, and settings | Core reading journal features, statistics, sync, and backup recovery | Performance of a contract |
| Covers, images, and other files | Storing and displaying attachments across your devices | Performance of a contract |
| Technical logs, errors, and diagnostics | Stability, security, bug fixing, abuse prevention | Legitimate interest |
| Analytics | Understanding feature behavior, product improvement, performance measurement | Consent or legitimate interest depending on region and settings |
| Advertising | Showing ads in free experiences, measuring ads, frequency capping, fraud prevention | Consent or legitimate interest depending on region and ad type |
| Subscriptions and purchases | Providing Premium features, checking active purchases, supporting purchase restoration | Performance of a contract; legal obligations |
You may withdraw consent where processing is based on consent. Withdrawal does not affect processing that happened before withdrawal and may limit the availability of some features.
15. Who May Receive Data
We may share limited data with providers that help operate Bookleap: hosting and database providers, cloud file storage, analytics, advertising, authentication, subscription processing, technical support, error monitoring, email communications, book metadata providers, and other infrastructure services.
- Authentication providers: Apple and Google for account sign-in when you choose that sign-in method.
- Purchase and subscription platforms: App Store, Google Play, and RevenueCat for Premium access verification.
- Analytics, diagnostics, and advertising: Firebase, Google AdMob, or similar services if enabled in the relevant app version.
- Book metadata providers: Google Books, Open Library, or other sources when you use online search.
- Infrastructure providers: hosting, database, object storage, file delivery, logging, and monitoring systems.
These providers may include Apple, Google, Firebase, Google AdMob, RevenueCat, cloud infrastructure providers, Open Library or Google Books, and other services used by the relevant version of the app or website.
We may also disclose data if required by law, court order, competent authority request, rights protection, safety, abuse investigation, or as part of a reorganization, merger, asset sale, or transfer of the service to another operator with appropriate data protections.
16. International Data Transfers
Bookleap and our providers may process data in different countries. The level of data protection in those countries may differ from the level in your jurisdiction.
Where required by law, we rely on appropriate safeguards such as contractual obligations, standard contractual clauses, platform rules, technical and organizational security measures, or other lawful data transfer mechanisms.
17. How Long We Keep Data
We keep account data and synced reading data for as long as your account is active or as long as needed to provide Bookleap features. Data may be kept longer when needed for security, backups, legal obligations, dispute resolution, accounting requirements, or abuse prevention.
| Data type or state | Typical retention |
|---|---|
| Active account and synced reading data | While the account is active or while the data is needed to provide Bookleap features |
| Local data without an account | Stored on your device until you delete it, clear app data, or delete the app |
| Account deletion request | After request verification, server data is deleted or deactivated except where limited lawful retention applies |
| Backups | Purged gradually during a limited technical period according to backup cycles |
| Technical logs and diagnostics | Kept only as long as needed for security, stability, support, or error investigation |
| Subscription and purchase data | May be kept longer when needed for purchase restoration, accounting, disputes, or platform rules |
Technical logs, analytics events, advertising data, and subscription data may have separate retention periods depending on their purpose, service settings, and the relevant provider's rules.
After account deletion, we delete or deactivate associated server data except where limited retention is needed for lawful, security, or technical reasons. Backups may be purged gradually over a limited period.
18. Account Deletion and Local Data
You can request account deletion through the account deletion page or by emailing bookleap.tracker@gmail.com from the email associated with your account. We may ask you to verify that the account belongs to you.
After verification, we delete the server account and associated server records, including library records, categories, sessions, notes, quotes, characters, files, authentication accounts, tokens, and other related records unless retention is required by law or for security.
Deleting the server account may not automatically erase copies that remain locally on your device. To delete local data, use in-app data clearing features if available, or delete the app and its local data from your device.
19. Your Rights and Choices
Depending on your country or state, you may have the right to request access to personal data, a copy of data, correction, deletion, restriction, portability, objection to processing, withdrawal of consent, opt-out from certain advertising uses, or to lodge a complaint with a data protection authority.
- Access: ask whether we process your data and receive a copy of available data.
- Correction: update inaccurate or incomplete data when it cannot be changed directly in the app.
- Deletion: ask us to delete your account and related server records where no lawful retention basis applies.
- Restriction or objection: ask us to limit certain processing or object to processing based on legitimate interest.
- Portability: request an export of your data in a structured format where technically possible and legally applicable.
- Withdrawal of consent: change settings or withdraw consent where processing depends on consent.
- Complaint: contact the competent data protection authority in your jurisdiction.
To exercise your rights, email bookleap.tracker@gmail.com. We may ask for information needed to verify your identity and account access. If we cannot complete a request fully, we will explain why when allowed by law.
You can also manage many choices directly: edit or delete library records, manage device permissions, advertising identifiers, tracking permissions, push notifications, photo access, network access, subscriptions, and local data through the app or operating system settings.
20. Private Content and Sensitive Data
Book titles, quotes, or notes may indirectly reveal your interests, views, health, religion, political beliefs, or other sensitive information if you choose to add that content. Bookleap does not require sensitive data and is not intended to store medical, financial, government, or other highly sensitive records.
Please do not add data about other people without an appropriate basis or permission, and do not add information that you do not want stored, synced, or processed as described in this Policy.
21. Security
We use technical and organizational measures to protect data, including authentication, access tokens, password hashing, access restrictions, signed file links, server-side access controls, backups, and other security practices appropriate for the nature of the service.
- Passwords, where used, are stored as cryptographic hashes and not as plain text.
- Access tokens and authentication data should be handled through secure platform or server infrastructure mechanisms.
- Private files may use signed or temporary links instead of permanent public access.
- Local security also depends on your device, system passcode, OS updates, and Apple or Google account protection.
No method of transmission or storage is completely secure. You are also responsible for securing your device, account, password, Apple or Google account access, and keeping the app up to date.
22. Children
Bookleap is not intended for young children and is not directed to intentionally collect personal data from children where parental consent or another special legal basis is required.
If your country requires a minimum age or parental consent for online services, you may use Bookleap only when those requirements are met. Users in the EU or EEA may be subject to GDPR rules on the age of digital consent.
If you believe a child has provided us personal data without appropriate consent, contact bookleap.tracker@gmail.com, and we will review the request to delete or restrict that data.
23. Automated Decisions
Bookleap may automatically calculate statistics, reading streaks, goals, progress, feature availability, Premium status, ad rewards, or technical sync states. These automatic calculations are needed for the app to function.
We do not use your reading data for automated decision-making that produces legal or similarly significant effects concerning you under data protection laws.
24. Changes to This Policy
We may update this Policy when Bookleap features, providers, legal requirements, or data processing practices change. The latest update date is shown at the top of the page.
If changes are material, we may notify you in the app, on the website, or by another appropriate method. Continued use of Bookleap after an update means you have had the opportunity to review the current Policy.
25. Contact
For privacy, data access, correction, export, deletion, advertising, analytics, sync, or subscription questions, email bookleap.tracker@gmail.com.
To help us respond faster, include your Bookleap account email, platform, app version, country or region if relevant, and a short description of your request.
