Privacy & Data Protection Notice
Effective date: 2025-12-14
Introduction
EpubReader ("we", "us", "the App") is committed to protecting your privacy and handling personal data transparently. This notice explains what personal data we collect, how we use it, who we share it with, your rights under applicable laws (including GDPR, CCPA/CPRA, PIPEDA, BC PIPA, Quebec Law 25, and similar privacy laws internationally), and how to contact us.
Scope
This policy applies to personal data collected by the EpubReader mobile and desktop applications and related services. Cloud sync features are optional and require explicit user sign-in and consent.
What data we collect
- Account information: your email address and basic account identifiers when you sign in with Google. Collected only if you choose to sign in to enable cloud sync or account features.
- User content: EPUB files, metadata (title, author), and reading progress you create or import into the app. Files are stored locally by default; they are uploaded to cloud sync only when you enable sync.
- Usage data: analytics events, feature usage, and anonymized usage patterns to improve the app (processed by Firebase Analytics).
- Diagnostics & crash data: crash reports, stack traces, device model, OS version, and telemetry useful for debugging (processed by Firebase Crashlytics).
- Identifiers & device information: installation identifiers, platform identifiers, and similar technical identifiers used for analytics and diagnostics.
Sources of personal data
Most data is provided directly by you (account sign-in, files you open, settings you choose). Analytics, crash, and device data are collected automatically when the app runs.
Purposes for processing
- Provide app functionality (open/read EPUBs, preserve reading position, display library)
- Optional cloud sync of reading progress and settings across devices (only with explicit opt-in)
- Authentication and account management (Google Sign-In via Firebase Authentication)
- Improve and maintain the app (analytics and crash reporting)
- Security, fraud prevention, and legal compliance
Legal bases and user choices
Where applicable (for example under the GDPR), we rely on the following legal bases:
- Consent: for optional features such as cloud sync and certain analytics where required by law. You may withdraw consent at any time (see Controls below).
- Contractual necessity: to provide features you request (for example, when you sign in to enable sync).
- Legitimate interests: for product improvement and security where allowed by law, balanced against user privacy.
Third parties and international transfers
We use third-party processors to operate services. Key processors include Google Firebase (Authentication, Analytics, Crashlytics). These services may transfer and store data outside your jurisdiction, including in the United States. We require processors to implement appropriate safeguards. You can review Firebase's privacy documentation for further details.
Data retention
We retain personal data only as long as necessary to provide services, comply with legal obligations, and for legitimate business purposes (for example, debugging or improving the product). Specific retention periods:
- Account/sync data: retained while your account is active and for a limited period after account deletion to support legal obligations and restore services if requested.
- Analytics and crash logs: retained according to Firebase settings and our retention policy for a reasonable period to diagnose issues and analyze usage.
Your rights (summary)
This section summarizes major rights under several jurisdictions. Exact rights and procedures differ by law; contact us (see below) for details.
- GDPR (EU/EEA): Right of access, rectification, deletion (right to be forgotten), restriction of processing, data portability, and to object to processing. You may also lodge a complaint with a supervisory authority.
- CCPA/CPRA (California, USA): Right to know categories of personal information collected, right to request deletion, right to opt-out of sale (we do not sell personal information), right to non-discrimination for exercising privacy rights.
- PIPEDA / BC PIPA (Canada and British Columbia): Right to access, correct personal information, and to complain to the Office of the Privacy Commissioner (federal) or BC OIPC for provincial complaints.
- Quebec Law 25 (Canada — Quebec): Rights to transparency, data minimization, and to exercise access, correction, retention, and deletion rights.
- Other laws listed (CPA, CTDPA, DOPPA, ICDPA, MPIPA, UCPA, VCDPA, etc.): these generally provide rights to access, correction, deletion, objection, and transparency about processing — we implement comparable controls where applicable.
How to exercise your rights
Contact us at: ne0rmatrix@gmail.com with the subject line "Privacy Request" and include the nature of your request and sufficient information to locate your data (for example, account email if applicable). We will respond in accordance with applicable law. We may require identity verification for certain requests. If you are in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority.
Children's privacy
The App is not directed to children under the age of 13. We do not knowingly collect personal information from children under the applicable minimum age. If you believe we have collected data from a child, contact us to request deletion.
Security
We use administrative, technical, and physical safeguards designed to protect personal data. Data transmitted to cloud services is sent over TLS/HTTPS. However, no system is completely secure; if you suspect misuse, contact us promptly.
CCPA/CPRA — California residents
If you are a California resident, you may request: (i) the categories and specific pieces of personal information we collected about you in the prior 12 months; (ii) the categories of sources and third parties with whom we shared personal information; and (iii) the business purpose for collecting and sharing that information. To exercise these rights, contact ne0rmatrix@gmail.com.
BC PIPA & PIPEDA — Canadian residents
If you are located in British Columbia or elsewhere in Canada, you may request access to and correction of your personal information and may contact the Office of the Privacy Commissioner of Canada or the BC OIPC to lodge a complaint if you believe your rights are not respected.
Quebec — Law 25
Under Quebec's Law 25, you have the right to transparency about processing purposes and to require deletion or portability where applicable. Contact us to exercise these rights.
Opt-out and controls
- Cloud sync: enable or disable in Settings → Account & Sync. Deleting cloud data is available via Settings → Account & Sync → Delete Cloud Data.
- Analytics and crash reporting: these services are used to improve the app. Where required by law, we will provide a mechanism to opt out of non-essential analytics; otherwise you can disable analytics by not signing in and by opting out at the device level where available.
No sale of personal information
We do not sell personal information. If any change in our practices would create a sale as defined by applicable law, we will provide notice and any required opt-out mechanisms.
Changes to this policy
We may update this policy from time to time. Material changes will be communicated via the app or by updating the "Last updated" date at the top of this document.
Contact
For privacy questions, to exercise rights, or to request deletion of cloud data contact: ne0rmatrix@gmail.com
Legal compliance note
This policy is drafted to align with GDPR, CCPA/CPRA, PIPEDA, BC PIPA, Quebec Law 25, and other international privacy laws. It is provided for informational purposes and does not constitute legal advice. We recommend that you seek independent legal review for jurisdiction-specific compliance requirements.