Privacy Policy

At Must Read ("we," "our," or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website.

1. Information We Collect

Information You Provide

When you use Must Read, you may provide us with:

• Account Information: When you sign in with Apple or Google, we receive your email address (which may be hidden with Apple), name, and a unique identifier.
• Reading Data: Books you add, reading progress, reading sessions (duration, pages read), ratings, reviews, and notes.
• Search Queries: What you search for within the app, used to improve search results and recommendations.
• Purchases: Subscription plan and status, managed through Apple's App Store and RevenueCat.
• Preferences: Your reading goals, notification settings, and app preferences.
• Photos: Only when you choose to scan a barcode (camera) or set a profile photo (camera or photo library). We do not access your photos without your explicit action.

Information Collected Automatically

We automatically collect certain information when you use the app:

• Usage Analytics: We track how features are used (e.g., screens viewed, books added, reading sessions started) to improve the app. Events are linked to an anonymous device identifier, not your personal identity.
• Crash Reports: If the app crashes, we collect diagnostic information to help us fix bugs. This may include device type, OS version, and crash logs.
• Performance Data: API response times and error rates, used to monitor and improve service reliability.
• Device Information: Device model, operating system version, app version, locale, and language.
• Anonymous Device ID: A randomly generated identifier stored on your device, used for analytics. It is not linked to your identity and cannot be used to identify you personally.
• Approximate Location (IP-based): When you open the app, we use your IP address to determine your approximate location (city, country) via the ipapi.co service. This is used for analytics and to show region-appropriate content such as curated book lists. We do not track your movements or record precise GPS coordinates for analytics.

Information We Do NOT Collect

• We do not access your contacts, calendars, health data, or other personal data
• We do not sell your data to third parties
• We do not use advertising trackers or third-party ad networks
• We do not use Apple's Advertising Identifier (IDFA)

Precise Location

If you use the "Libraries Near You" feature, the app will request permission to access your device's location (GPS). This is used solely to calculate distances to nearby libraries and is not stored on our servers or used for any other purpose. You can deny or revoke this permission at any time in your device settings.

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the Must Read service
• Sync your reading data across devices
• Send you notifications about your reading goals and streaks (if enabled)
• Improve the app based on anonymized usage patterns
• Respond to your support requests
• Process subscription payments through Apple
• Send you marketing communications about new features, promotions, and updates (see Section 2.1)

2.1 Marketing Communications

By creating an account, you consent to receive marketing communications from us, including:

• New feature announcements
• Special offers and promotions
• Reading tips and recommendations
• Product updates and newsletters

Opt-out: You can disable marketing communications at any time in your Profile settings within the app. This will not affect transactional messages (e.g., password resets, subscription confirmations).

3. Data Storage and Security

Your data is stored securely using industry-standard practices:

• Local Storage: Your reading data is stored locally on your device first, ensuring you always have access even offline.
• Cloud Sync: Data is synced to our servers (powered by Supabase) using encrypted connections (TLS 1.3).
• Authentication: We use Sign in with Apple for secure, privacy-preserving authentication.
• Encryption: All data transmitted between your device and our servers is encrypted.

4. Data Sharing

We do not sell, trade, or rent your personal information. We may share data only in these limited circumstances:

• Service Providers: We use trusted third-party services (see Section 7) who process data on our behalf to provide the Service.
• Legal Requirements: If required by law, court order, or government request.
• Safety: To protect the rights, property, or safety of Must Read, our users, or others.

4.1 Affiliate Links

Must Read may include links to purchase books from third-party retailers such as Bookshop.org and Amazon. These are affiliate links, meaning we may earn a small commission if you make a purchase through them. Clicking an affiliate link takes you to the retailer's website, which is subject to their own privacy policy. We do not share your personal data with these retailers.

5. Your Rights and Choices

You have control over your data:

• Access: You can view all your data within the app.
• Delete: You can delete your account and all associated data from within the app settings. This permanently removes your profile, library, reviews, reading history, and all other data.
• Notifications: You can enable or disable notifications at any time.
• Location: You can revoke location permission in your device settings at any time.
• Camera & Photos: You can revoke camera or photo library access in your device settings at any time.

6. Children's Privacy

Must Read is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

7. Third-Party Services

Must Read integrates with the following third-party services:

• Apple (Sign in with Apple, App Store): Apple Privacy Policy
• Google (Sign in with Google): Google Privacy Policy
• Supabase (Backend & Authentication): Supabase Privacy Policy
• Firebase (Crashlytics & Performance Monitoring): Firebase Privacy Policy
• RevenueCat (Subscription Management): RevenueCat Privacy Policy
• Cloudflare (Content Delivery & Hosting): Cloudflare Privacy Policy
• ipapi.co (IP Geolocation): Used to determine your approximate location from your IP address. ipapi.co Privacy Policy

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Significant changes will be communicated through the app.

10. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

• Privacy: privacy@mustreadapp.com
• General: hello@mustreadapp.com

11. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

• Account & Reading Data: Retained until you delete your account.
• Analytics & Usage Data: Retained for up to 24 months, then aggregated or deleted.
• Error Logs & Diagnostics: Retained for up to 90 days.
• Search Queries: Retained for up to 12 months.

When you delete your account, all associated personal data is permanently removed from our servers.

12. Cookies and Web Tracking

When you use Must Read on the web (mustreadapp.com), we use the following:

• Anonymous ID Cookie: A persistent cookie containing a randomly generated anonymous identifier, used for analytics. Expires after 1 year. Not linked to your identity.
• Session ID: A temporary session identifier stored in your browser's session storage. Cleared when you close the tab.
• Authentication Cookies: If you sign in on the web, session cookies are used to keep you logged in.

We do not use third-party tracking cookies, advertising cookies, or cross-site tracking.

13. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to request deletion of your data. To exercise these rights, please contact us at the email above.

14. European Privacy Rights

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to data portability
• Right to object to processing

To exercise these rights, please contact us at privacy@mustreadapp.com.