Privacy Policy
This Privacy Policy describes how Bookflow ("Bookflow", "we", "us", or "our") collects, uses, shares, and protects information when you use the Bookflow mobile application (the "App") and our website at getbookflow.co (together, the "Service").
By using the Service you agree to the practices described here. If you don't agree, please don't use the Service.
1. Who we are
Bookflow is an independent reading-companion app operated by an individual developer based in Lagos, Nigeria. You can reach us anytime at support@getbookflow.co.
2. Information we collect
2.1 Information you give us
- Account info — your email address, your name, and your marketing-consent preference, collected when you create an account via magic link.
- Profile info — an optional avatar photo you upload.
- Your library — books you add, reading progress, highlights, notes, and any tags or lists you create.
- Support correspondence — anything you send us when you email support@getbookflow.co.
2.2 Information collected automatically
- Device & app data — device model, operating system version, app version, language, time zone, and a randomly generated install ID.
- Usage events — pages opened, features used, time spent reading, and similar product-analytics events. These are pseudonymous and not tied to your email address inside our analytics provider.
- Crash & error reports — stack traces, device state at the moment of a crash, and the app version. We strip identifiers we don't need.
2.3 Information we do not collect
- We do not collect your contact list, photos (other than the avatar you choose), location, microphone, or calendar.
- We do not run advertising and do not use advertising trackers.
- We do not see, store, or have access to your payment-card details. Purchases are processed entirely by Apple App Store or Google Play.
3. How we use information
- To provide the App's core reading-companion features (your library, progress, notes).
- To authenticate you when you sign in (magic-link emails).
- To generate AI-assisted features such as summaries, recommendations, and text-to-speech narration when you request them.
- To manage subscriptions and confirm entitlement to paid features.
- To send transactional email (sign-in links, account notifications, receipts). We send marketing email only if you opted in.
- To diagnose crashes, improve performance, and understand which features are useful.
- To prevent abuse and comply with legal obligations.
4. Sub-processors and third parties
We use the following service providers ("sub-processors") to operate the Service. We share only the data each one needs to do its job, and each is bound by their own privacy commitments.
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication, database, file storage, realtime sync, serverless functions | Account info, your library, avatar, app events that need to persist |
| Anthropic (Claude) | AI features: summaries, chat, recommendations | Text you submit for AI processing (e.g. a passage you ask about) |
| ElevenLabs | Text-to-speech narration | Text segments you request to be read aloud |
| RevenueCat | Subscription management and entitlement checks | An anonymous app-user ID and your subscription state |
| PostHog | Product analytics (pseudonymous) | Usage events tied to a random install ID, not your email |
| Sentry | Crash and error reporting | Stack traces, device model, app version |
| Resend | Transactional email delivery (magic links, receipts) | Your email address and the email body |
| Apple App Store / Google Play Billing | Purchase processing | Whatever Apple or Google needs for the transaction; we never see your card details |
We do not sell your personal information. We do not share it with advertisers.
5. Legal basis (for users in the EEA / UK)
If you are in the European Economic Area or the United Kingdom, our legal basis for processing your personal information is:
- Contract — to provide the Service you signed up for.
- Legitimate interests — to keep the Service secure, prevent abuse, and improve features.
- Consent — for marketing email and any optional feature you explicitly enable.
- Legal obligation — to comply with applicable law.
6. Data retention
- Account data — retained while your account exists. When you delete your account (see Section 8), we delete it within 30 days.
- Backups — encrypted backups may persist for up to 90 days before they age out.
- Analytics events — retained for up to 24 months in pseudonymous form.
- Crash reports — retained for up to 12 months.
- Email logs — retained by Resend for up to 30 days for deliverability diagnostics.
7. Your rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your account and personal information.
- Export a copy of your data.
- Object to or restrict certain processing.
- Withdraw consent at any time (e.g. unsubscribe from marketing email).
- Complain to your local data-protection authority.
To exercise any of these, email support@getbookflow.co. We respond within 30 days.
8. How to delete your account
You can delete your account and the personal data tied to it in two ways:
- In the app — open the You tab → Account → Delete account. You'll be asked to confirm. Deletion happens immediately and is irreversible.
- By email — send a request from your account email to support@getbookflow.co with the subject "Delete my account". We will verify and process the deletion within 7 days.
When you delete your account, we delete: your profile, your library, highlights and notes, avatar, and authentication records. Pseudonymous analytics events and encrypted backups may persist for up to 90 days before they are purged on their normal schedule. We do not retain anything that can re-identify you after that window.
9. Children's privacy
Bookflow is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact support@getbookflow.co and we will delete it.
10. International data transfers
Some of our sub-processors are based outside your country. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms to protect your data.
11. Security
We use industry-standard safeguards including TLS in transit, encryption at rest, scoped API tokens, row-level security on user data, and least-privilege access controls. No system is perfectly secure; if you believe your account has been compromised, contact support@getbookflow.co immediately.
12. Changes to this policy
We may update this Privacy Policy. When we make material changes we will update the "Last updated" date at the top and, where appropriate, notify you in-app or by email. Continued use of the Service after a change means you accept the updated policy.
13. Contact
Questions about this Privacy Policy or how we handle your data?
Email: support@getbookflow.co