Política de Privacidad

Effective date: March 4, 2026  |  Last revised: March 4, 2026

The Book Summaries ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you use our website at app.thebooksummaries.com and related services (collectively, the "Service"). Please read this policy carefully. By using the Service, you consent to the practices described herein.

1. Information We Collect

1.1 Information You Provide Directly

• Account Information: When you create an account, we collect your email address and display name.
• Communications: When you contact us via email or other channels, we retain the content of your messages and our responses.

1.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with the Service, including pages viewed, books accessed, search queries, reading lists, and feature usage.
• Device and Access Data: We automatically collect your IP address, browser type, operating system, referring URLs, access timestamps, and general geographic location (country/region level).
• Cookies and Session Data: We use essential cookies strictly for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

1.3 Payment Information

All payment processing is handled exclusively by our Merchant of Record, Paddle.com Market Limited. We do not collect, store, process, or have access to your credit card numbers, bank account details, or other financial payment instruments. For information about how Paddle handles your payment data, please refer to Paddle's Privacy Policy.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, and maintain the Service, including authenticating your identity, displaying content, and managing your account.
• Subscription Management: To process and manage subscription status, enforce free-tier usage limits, and coordinate with Paddle for billing.
• Personalization: To maintain your reading lists, favourites, reading progress, and language preferences.
• Service Improvement: To analyze aggregated, anonymized usage patterns in order to improve content, features, and user experience.
• Communications: To send essential account-related notifications, such as password resets, subscription confirmations, and critical service updates. We do not send marketing emails without your explicit opt-in consent.
• Security and Compliance: To detect, prevent, and address fraud, abuse, security incidents, and technical issues, and to comply with applicable legal obligations.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing your personal data include:

• Contract Performance: Processing necessary to fulfill our agreement with you (account management, service delivery, subscription management).
• Legitimate Interests: Processing for our legitimate business interests (service improvement, security, fraud prevention), where such interests are not overridden by your rights.
• Consent: Where you have given explicit consent for a specific processing activity (e.g., optional marketing communications).
• Legal Obligation: Processing necessary to comply with applicable laws and regulations.

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers who process data on our behalf, subject to contractual obligations of confidentiality and data protection:

• Supabase, Inc. — Authentication and database hosting (AWS infrastructure, US region).
• Paddle.com Market Limited — Payment processing, invoicing, and tax compliance (Merchant of Record).
• Vercel, Inc. — Application hosting and content delivery.
• Cloudflare, Inc. — Content delivery network (CDN) and asset optimization.

4.2 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of such transaction. We will notify you of any such change and any choices you may have regarding your information.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Upon account deletion, we will remove or anonymize your personal data within thirty (30) days, except where retention is required by applicable law, necessary to resolve disputes, or needed to enforce our agreements.

Aggregated, anonymized data that cannot be used to identify you may be retained indefinitely for analytical and service improvement purposes.

6. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/HTTPS) and at rest;
• Secure authentication with HTTP-only cookies and JWT tokens;
• Row-level security (RLS) policies enforced at the database layer;
• Regular security reviews of our codebase and infrastructure.

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers maintain infrastructure. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request restriction of processing of your personal data.
• Portability: Request transfer of your personal data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing purposes.
• Withdrawal of Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hello@thebooksummaries.com. We will respond to your request within thirty (30) days. We may request verification of your identity before processing your request.

9. Children's Privacy

The Service is not directed to individuals under the age of sixteen (16). We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us immediately.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party services you interact with.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email or through a prominent notice on the Service at least fifteen (15) days before they take effect. The "Last revised" date at the top of this page indicates when this policy was most recently updated.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

The Book Summaries
Data Protection Inquiries
Email: hello@thebooksummaries.com
Website: app.thebooksummaries.com