Privacy Policy

1. Introduction

Welcome to LibRoom. This Privacy Policy explains how Nikita Kurnosov ("we," "us," or "our") collects, uses, and shares information about you when you use our mobile application, LibRoom (the "App"), and our marketing website, libroom.app (the "Website").

This single policy covers both the App and the Website. We will clearly indicate where a practice applies only to one platform.

By using our App or Website, you agree to the collection and use of information in accordance with this policy.

2. What Data We Collect

We collect information in a few different ways to provide and improve our services.

Data You Provide Directly (App & Website)

• Account Information: When you create an account, we collect your name, email address, and a hashed version of your password. If you sign up using "Continue with Google," we receive your name and email address from your Google account.
• Your Book Library: We collect all the data you add to your library, including book titles, authors, cover images you upload, reviews, ratings, reading statuses (e.g., "Unread," "Finished"), reading session dates, and your annual Book Challenge goals.
• Support Communications: If you contact us for support through the App or by email, we collect the content of your message and any other information you provide to help us resolve your query.

Data We Collect Automatically (App-Specific)

• Usage Analytics: We use an EU in-app analytics provider to collect anonymous data about your interactions with the App, such as which features you use and which buttons you tap. This helps us understand how the App is used so we can improve it. This data is not used to identify you personally.
• Technical Information: We collect basic technical information, such as your device type (e.g., iPhone 15), operating system version (e.g., iOS 17), and App version, to help us diagnose bugs and improve compatibility.
• Camera Access for Barcode Scanning: The App will ask for permission to access your device's camera. This permission is used exclusively to enable the barcode scanning feature for adding books. We do not store or transmit any images or videos from your camera. The processing happens on your device.

Data Related to LibRoom Pro Purchases (App-Specific)

If you subscribe to LibRoom Pro or purchase the LibRoom Pro Lifetime upgrade, we store a minimal subscription record linked to your account so we can unlock the features you have paid for:

• Your subscription tier (Free, Pro Monthly, Pro Yearly, or Pro Lifetime).
• Your subscription expiry timestamp and billing grace-period flag.
• A customer identifier issued to your account by our subscription-management provider.
• The last time we synchronised this record from the App Store or Google Play.

We do not collect or store your payment-card number, bank account details, billing address, or the amount you were charged. All payment processing is performed by Apple (for iOS purchases) and Google (for Android purchases); their handling of your payment information is governed by their own privacy policies, not ours.

Data We Collect Automatically (Website-Specific)

• Website Analytics:When you visit our Website, we use a privacy-first, cookieless analytics provider (Umami), hosted in the European Union, to collect anonymous, aggregated information about your visit — such as the pages you viewed, the site that referred you, and your approximate country, browser, and device type. No cookies are used and your IP address is not stored, so this does not identify you. For more details, see the "Website Analytics & Cookies" section below.

3. How and Why We Use Your Data

We use the data we collect for the following purposes:

• To Provide and Maintain the Service: To create your account, host your cloud library, track your reading progress, and manage your Book Challenge.
• To Improve and Personalize the App: To analyze usage patterns with our EU in-app analytics provider to fix bugs, develop new features, and make the App more useful for you.
• To Communicate with You: To send essential service-related communications, such as password reset codes and account verification emails, via our EU cloud-mail service; we also use your information to respond to your support requests.
• To Secure Our Services: To protect your account from unauthorized access and to monitor for and prevent fraudulent activity.
• To Fulfill API Requests: To search for books when you use the search or barcode scanning features. Your personal account data is not shared with these services.
• To Provide and Manage LibRoom Pro (if you subscribe): To verify your subscription status, unlock the Pro features you have paid for, process upgrades or downgrades, and handle billing lifecycle events (renewals, cancellations, failed-payment grace periods, and refunds).

4. Our Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA) or the UK, we only process your personal data when we have a valid legal basis to do so:

• Performance of a Contract (Art. 6 (1)(b) GDPR): We process your data to provide the services you signed up for, such as managing your account and book library and, if you have purchased LibRoom Pro, processing your subscription and unlocking the Pro features you have paid for. This is necessary to fulfill our Terms of Service.
• Legitimate Interest: We process your data for our legitimate interests, such as improving the App with analytics, securing our services, and responding to your support queries, provided these interests are not overridden by your rights and interests.
• Consent: We rely on your consent for any future marketing communications, and you can withdraw it at any time. Our Website uses no analytics cookies, so no cookie consent is required to visit it.
• Legal Obligation (Art. 6 (1)(c) GDPR): We process and retain certain data because the law requires us to — for example, keeping billing and tax records relating to LibRoom Pro purchases, and retaining records of your consent in order to demonstrate our compliance.

5. When We Share Your Data

We never sell your personal data. We disclose it only to the following categories of service providers, all bound by strict data-processing agreements:

• EU Cloud-Hosting Provider (European Union): To run the LibRoom backend and send account-related emails.
• EU In-App Analytics Provider (European Union): To gather aggregated usage statistics that help us improve our features.
• Website Analytics Provider (Umami, European Union): When you visit our Website, cookieless page-view data is processed by Umami (Umami Cloud, EU region) without storing personal data — see Section 7.
• Authentication Provider (Google Sign-In, optional; United States): To let you create or access an account with your Google credentials. This transfer is protected by the EU–US Data Privacy Framework & SCCs.
• Subscription-Management Provider (RevenueCat, United States): If you subscribe to LibRoom Pro, we use a third-party subscription-management provider to validate your App Store or Google Play purchase receipts and to keep the status of your subscription up to date on your account. The provider only receives the minimal subscription record described above; it does not receive your payment-card number or billing address. This transfer is protected by the European Commission's Standard Contractual Clauses (SCCs).
• App Store and Google Play (Apple Inc. and Google LLC, United States): When you purchase LibRoom Pro, Apple and Google process your payment and issue your receipt directly. They act as independent data controllers for the payment and transaction information you provide to them, under their own privacy policies. We receive only a confirmation that the purchase succeeded and the subscription record described above — we never see or store your card number, bank account, or billing address.
• External Book-Metadata Databases (Various): To return book details when you search by title, ISBN, or scan a barcode.
• Legal or Regulatory Bodies (As required): To comply with legal obligations that require us to share data.

6. International Data Transfers

Our primary data servers are located in the European Union. However, some of our third-party service providers are based in the United States — including the optional Google Sign-In authentication flow and, if you purchase LibRoom Pro, our subscription-management provider (RevenueCat) and the App Store / Google Play operators described in Section 5.

When we transfer your data outside the EEA or UK, we protect it with legally recognised safeguards such as the EU–US Data Privacy Framework and/or the European Commission's Standard Contractual Clauses (SCCs).

By using our service, you acknowledge that your data may be transferred to and processed in the United States.

7. Website Analytics & Cookies

We want to understand how visitors use our Website without tracking you. To do this we use Umami, a privacy-first, cookieless analytics service hosted in the European Union.

• No cookies: Umami sets no cookies and stores nothing on your device, so our Website shows no cookie banner and asks for no analytics consent.
• No personal data: We collect only anonymous, aggregated metrics — page views, the referring site, which download links are used, and your approximate country, browser, and device type. Your IP address is used only in transit to derive your country and is never stored; you are not identified, and you are not tracked across websites or over time.
• EU data residency: Analytics data is processed and stored on servers located in the European Union.
• Purpose: Measuring overall traffic and which pages and download links are most useful, so we can improve the Website.

How to Opt-Out:

Because no cookies or personal identifiers are used, there is nothing for you to opt out of. If you would still prefer not to be counted, any browser or extension that blocks analytics scripts will stop the Umami script from loading, and our Website will continue to work normally.

8. Data Retention

We keep your personal data, including your account and library information, for as long as your account is active.

If you choose to delete your account, your data will be permanently deleted from our live systems immediately. This data may remain in our server backups for up to 30 days, after which it will be permanently erased.

In addition to your account data, we retain other types of information for specific periods:

• Security & audit logs: Up to 12 months for fraud prevention and security analysis.
• Consent records: Up to 6 years to demonstrate compliance with legal obligations.
• Subscription records (LibRoom Pro): Kept for as long as your account is active; deleted on account deletion subject to the same 30-day backup window as the rest of your account. Apple and Google retain their own transaction records independently for their accounting, tax, and audit obligations; we cannot cause those records to be deleted. Our subscription-management provider (RevenueCat) likewise retains its own transaction records independently of your LibRoom account deletion.

Aggregated analytics data, from which direct personal identifiers have been removed, may be retained for longer periods to help us with long-term service improvement.

9. How to Delete Your Account

If you wish to permanently delete your LibRoom account and all associated data, follow the steps described on our dedicated deletion page: Delete your LibRoom account.

That page explains both the in-app path (My Info → Delete account) and the e-mail method, plus exactly what data is removed and when.

10. Your Data Protection Rights

You have specific rights regarding your personal data. Depending on your location, these may include:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification:You can ask us to correct any inaccurate or incomplete data. You can edit your name and email in the App's profile settings.
• Right to Erasure (or “Right to be Forgotten”): You can request that we delete your personal data. The easiest way to do this is by using the “Delete Account” feature in the App.
• Right to Restrict Processing: You can ask us to temporarily stop processing your data under certain conditions.
• Right to Data Portability: You can request your data in a structured, machine-readable format.
• Right to Object: You can object to us processing your data for our legitimate interests.
• Right to Withdraw Consent: Where we rely on your consent, you can withdraw it at any time.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, please use the relevant features in the App (like profile editing or account deletion) or contact us at the email address provided below. You also have the right to lodge a complaint with your local data-protection authority.

11. Children's Privacy

Our services are not directed to or intended for use by children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us. If we become aware that we have collected personal data from a child, we will take steps to delete that information from our servers.

12. Security

We take the security of your data seriously and use reasonable administrative, technical, and physical safeguards to protect it. These measures include using TLS/SSL encryption for data in transit, hashing passwords, and restricting access to our systems.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the “Last Updated” date at the top of this policy and may provide a more prominent notice within the App. We encourage you to review this policy periodically.

14. How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us: