Our Privacy Commitment
🎯 Core Principle: We collect the absolute minimum data required for functionality. You can use tBook completely anonymously - no email, no account, no tracking.
This policy explains what data is collected, how it's used, and the consequences of opting in or out of optional data collection features.
What Data We Collect
| Data Type | Required? | Purpose | Stored Where |
|---|---|---|---|
Reader IDabc123-def456... |
Required | Anonymous identifier for subscriptions | Your browser only (localStorage) |
Device Fingerprintx7k9m2p |
Optional | Security verification, admin support | Your browser (localStorage) + server database (if you subscribe) |
| Subscription Data Which authors you follow |
Optional | Book delivery to your library | Server database (if you subscribe) |
| Downloaded Books Encrypted .vbook files |
Optional | Offline reading | Your browser only (IndexedDB) |
| Email Address For account recovery |
Optional | Recover Reader ID if lost | Server database (only if you opt-in) |
Device Fingerprint: What It Is & Isn't
What is a Device Fingerprint?
A simple hash created from your browser's characteristics:
- User agent (browser type and version)
- Language preference (e.g., "en-US")
- Screen resolution (e.g., "1920x1080")
- Color depth (e.g., 24-bit)
- Timezone offset
- Storage availability (sessionStorage, localStorage)
Result: A short string like x7k9m2p that helps identify your device.
✅ What We USE It For:
- Security Verification: Detect if someone else tries to access your subscriptions from a different device
- Admin Support: When you contact us for help, we can verify "Is this the same device?"
- Diagnostics: Troubleshoot technical issues specific to your browser/device
- Future Feature: Optional multi-device sync (detect when you add a new device)
❌ What We DON'T Use It For:
- ❌ Cross-site tracking (we only use it on tBook)
- ❌ Advertising or behavioral profiling
- ❌ Selling data to third parties
- ❌ Account recovery (we use email opt-in for that)
- ❌ Identifying your real-world identity
⚖️ Consequences of Opting Out
If you decline device fingerprinting, the app will still work perfectly!
What you'll lose:
- Reduced Security: We can't verify if someone else accesses your Reader ID from another device
- Limited Support: Admin can't verify your device when helping with technical issues
- Future Features: Multi-device detection won't work (you'd need to manually export/import)
What will still work:
- ✅ All subscriptions and book downloads
- ✅ Manual backup and restore (export/import JSON file)
- ✅ Email-based account recovery (if you opt-in separately)
- ✅ Offline reading
- ✅ Complete anonymous usage
What We NEVER Collect
Personal Information
- Real name (unless you provide it for recovery)
- Phone number
- Physical address
- Date of birth
- Government ID
Financial Data
- Credit card numbers
- Bank account info
- Payment history
- Bitcoin addresses (anonymous)
Behavioral Data
- Reading habits
- Browsing history
- Location data
- Social media profiles
- Analytics tracking
How We Use Your Data
✅ We DO Use Data For:
- Book Delivery: Send subscribed books to your library (core functionality)
- Account Recovery: Help you recover your Reader ID if you opted in with email
- Security: Verify device fingerprint to detect suspicious activity (if you opted in)
- Technical Support: Diagnose and fix issues when you contact us
- System Maintenance: Ensure the platform runs smoothly
❌ We NEVER Use Data For:
- ❌ Marketing or promotional emails (we don't even have your email unless you opt-in)
- ❌ Advertising or ad targeting
- ❌ Analytics or user profiling
- ❌ Selling or sharing with third parties
- ❌ Cross-site tracking
Where Your Data Lives
1. Your Browser (Local Storage)
Stored in your browser only (never leaves your device):
- Reader ID (anonymous UUID)
- Device fingerprint (if you opted in)
- Downloaded books (encrypted .vbook files)
- User preferences and settings
- Pending book queue
You control this data: Clear your browser data anytime to delete everything.
2. Our Server Database
Only stored if you subscribe to authors or opt-in to recovery:
- Reader ID (anonymous UUID) - linked to subscriptions
- Device fingerprint (if provided and you opted in)
- Subscription list (which authors you follow)
- Email address (only if you opted in to account recovery)
- Recovery codes (temporary, 15-minute expiration)
NOT stored on server: Your actual books, reading history, or any behavioral data.
3. Third Parties
We share ZERO data with third parties. No analytics services, no advertising networks, no data brokers. Period.
How We Compare to Other Services
| Feature | Google/Facebook | Amazon Kindle | tBook |
|---|---|---|---|
| Account Required | ✅ Yes | ✅ Yes | ❌ No |
| Email Required | ✅ Yes | ✅ Yes | ❌ Optional |
| Password Required | ✅ Yes | ✅ Yes | ❌ No |
| Anonymous Usage | ❌ No | ❌ No | ✅ Yes |
| Device Tracking | ✅ Extensive | ✅ Yes | ❌ Optional only |
| Reading Analytics | ✅ Yes | ✅ Yes | ❌ Never |
| Ad Targeting | ✅ Yes | ✅ Yes | ❌ Never |
| Data Export | ⚠️ Limited | ⚠️ Limited | ✅ Full export |
| Privacy Grade | D | C | A |
Your Privacy Rights
You Have Complete Control:
- ✅ Export All Data: Download your Reader ID, subscriptions, and books as a JSON file anytime
- ✅ Delete All Data: Clear your browser data to remove everything stored locally
- ✅ Opt Out of Fingerprinting: Decline device fingerprinting during onboarding or in settings
- ✅ Opt Out of Recovery: Remove your email from account recovery anytime
- ✅ Generate New ID: Create a fresh Reader ID whenever you want (start over)
- ✅ Use Anonymously: Never provide email or personal information - use tBook 100% anonymously
- ✅ Request Data Deletion: Contact us to delete your server-side data (subscriptions, recovery profile)
📧 Exercise Your Rights: Contact support to request data deletion, portability, or clarification about your data.
Account Recovery Options
You have THREE ways to recover your Reader ID if you lose it:
1. Manual Backup (Primary - Recommended)
How it works:
- Go to Settings → Backup
- Download a JSON file with your Reader ID, books, and settings
- Store the file securely (cloud, USB, email to yourself)
- Later: Settings → Restore → Upload the JSON file
Privacy: 100% under your control. No server involved.
2. Email Recovery (Optional - Opt-In Required)
How it works:
- Go to Settings → Account Recovery → Opt In
- Provide your email address (stored on server)
- If lost: Contact support → Get 6-digit code → Enter code → Recovered
Privacy: Requires providing email, but only used for recovery (never marketing).
3. Start Fresh (Always Available)
How it works:
- Generate a new Reader ID
- Re-subscribe to authors
- Re-download books (if still available)
Privacy: No recovery data needed. Start completely fresh.
Security Measures
- Encrypted Storage: Books stored encrypted in IndexedDB (upcoming Phase 3 enhancement)
- HTTPS Only: All communication encrypted in transit
- No Passwords: No passwords to steal or forget
- Time-Limited Codes: Recovery codes expire in 15 minutes
- One-Time Use: Recovery codes can only be used once
- IP Logging: Security event logging for audit purposes only
- Content Security Policy: Protection against XSS attacks (upcoming Phase 3)
Policy Updates
We may update this privacy policy to reflect new features or legal requirements. Changes will be posted here with an updated "Last Updated" date.
Significant changes will be announced via:
- Banner notification in the app
- Email (if you opted in to recovery)
Questions or Concerns?
If you have questions about this privacy policy or how your data is handled, please contact:
Privacy Support: [Your support email or contact form]
Response Time: We aim to respond within 48 hours