Privacy Policy

1. Introduction

Welcome to BookEnds ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our service at bookends.backus.agency.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, username, and password when you create an account
• Profile Information: Display name, profile picture, and other optional profile details
• Content: Stories, book endings, comments, and other content you create or upload
• Communications: Messages you send to us or other users through our platform

2.2 Information Collected Automatically

• Usage Data: Pages viewed, features used, time spent on the platform
• Device Information: Browser type, operating system, IP address
• Cookies: Session cookies and authentication tokens (see Cookie Policy below)

2.3 Information from Third Parties

• OAuth Providers: When you sign in with GitHub, Google, or Amazon, we receive your email address and basic profile information
• AI Services: We use OpenRouter for AI-powered story generation; your prompts are processed but not stored by third parties

3. How We Use Your Information

• Provide Services: Create and manage your account, enable story creation and sharing
• Communication: Send verification emails, password resets, and important service updates
• Improvement: Analyze usage patterns to improve our platform and user experience
• Security: Protect against fraud, abuse, and security threats
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service

4. Third-Party Services

We use the following third-party services that may collect or process your data:

• Supabase: Database and authentication services (data stored in our self-hosted instance)
• OpenRouter: AI model API for story generation
• GitHub OAuth: Optional authentication method
• Google OAuth: Optional authentication method
• Amazon Login with Amazon: Optional authentication method
• Email Service: Gmail SMTP for sending verification emails

5. Data Storage and Security

We implement industry-standard security measures to protect your personal information:

• Encryption: All data transmitted to and from our servers is encrypted using SSL/TLS
• Password Protection: Passwords are hashed and salted using bcrypt
• Access Control: Limited employee access to personal data on a need-to-know basis
• Data Location: Data is stored on secure servers located in the United States

6. Cookie Policy

We use cookies and similar technologies for:

• Authentication: Session cookies to keep you logged in
• Preferences: Theme preferences (light/dark mode)
• Analytics: Understanding how users interact with our platform

You can control cookies through your browser settings, but disabling certain cookies may limit platform functionality.

7. Your Rights (GDPR & CCPA)

You have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your account and personal data (see Data Deletion)
• Portability: Request your data in a machine-readable format
• Opt-Out: Opt out of marketing communications
• Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, please contact us at [email protected]

8. Children's Privacy

BookEnds is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete such information.

9. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Most data deleted within 30 days; some data may be retained for legal compliance
• Backups: Data in backups may persist for up to 90 days

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new privacy policy on this page and updating the "Last Updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: [email protected]
• Website: https://bookends.backus.agency