Privacy Policy

Last updated: February 26, 2026

1. Information We Collect

Account Information

When you register, we collect your email address, username, display name, and password (hashed — we never store plain-text passwords). For OAuth logins (Google, Apple), we receive your name, email, and profile picture from the provider.

Usage Data

We collect data about how you use BookBuddy, including books you add, loan records, reviews you write, friends you connect with, and wishlist items. This data is used to provide the Service and personalize your experience.

2. How We Use Your Data

  • To provide, maintain, and improve the BookBuddy service.
  • To personalize AI-powered book recommendations based on your reading history.
  • To process payments and manage subscriptions via Stripe.
  • To communicate with you about your account and service updates.
  • To enforce our Terms of Service and prevent abuse.
  • To generate anonymized, aggregated analytics about Service usage.

3. Cookies and Tracking

We use session cookies for authentication (via NextAuth.js) and may use analytics tools to understand how users navigate the Service. We do not use third-party advertising cookies. You can disable cookies in your browser settings, but this may affect functionality.

4. Third-Party Services

  • Google / Apple (OAuth): We receive basic profile information if you sign in via these providers. Their use of your data is governed by their own privacy policies.
  • Stripe: Payment processing is handled by Stripe. We never store your full card details. Stripe's use of your data is governed by their Privacy Policy.
  • OpenAI: When you search for books or request recommendations, your query (ISBN or title) and reading history summary are sent to OpenAI's API. We do not send your personal identity to OpenAI. OpenAI's API is operated under a data processing agreement that prohibits using API inputs to train models.

5. Data Sharing

We do not sell your personal data. We share data only with the third-party processors described above, or when required by law (e.g., legal process or to protect rights and safety).

6. Your Rights

  • Access: You can view your personal data in your account settings at any time.
  • Correction: You can update your profile information in settings.
  • Deletion: You can delete your account, which will permanently remove your personal data within 30 days.
  • Export: Premium subscribers can bulk export their library data.
  • Opt-out: You can disable recommendation features that send data to OpenAI in your settings.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, your personal data is deleted within 30 days. Aggregated, anonymized analytics data may be retained indefinitely. Stripe retains payment records as required by financial regulations.

8. Security

We implement industry-standard security measures including password hashing (bcrypt), HTTPS encryption, JWT-based sessions, and access controls. While we take security seriously, no system is 100% secure. Report security vulnerabilities to security@bookbuddy.app.

9. Children's Privacy

BookBuddy is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us immediately.

10. Contact

For privacy-related questions or to exercise your rights, contact us at privacy@bookbuddy.app.