Skip to main content

Privacy policy

Last updated: 7 July 2026

This policy describes the personal data Reader's Spirit collects, why, and the rights you have. We apply data minimisation: we only collect what is necessary to run the service.

Data controller

The data controller is Kélian, reachable at contact@readersspirit.com.

Data we collect

  • Account: email address, password (stored encrypted by our authentication provider), display name, and optionally a profile picture. If you sign in with Google, we receive your email address, name and profile picture from Google.
  • Library and reading: books you add, reading statuses and progress, ratings, annotations, collections, loans, sagas.
  • Social (optional): follows, recommendations, reading clubs, and your public profile if you enable it.
  • Technical: preferences (theme, language), notification state, and — if you enable push notifications — a device identifier provided by your browser.

Purposes and legal basis

  • Providing the service (managing your library, profile and social features) — legal basis: performance of the terms of use.
  • Sending you reminders and notifications — legal basis: your consent, revocable at any time in the settings.
  • Ensuring security and preventing abuse — legal basis: legitimate interest.

Recipients and processors

We rely on processors that handle data on our behalf:

  • Supabase (database hosting, authentication, and sending authentication emails — account confirmation and password reset) — data hosted in the European Union.
  • Vercel (application hosting and aggregated, anonymous audience measurement, without cookies).
  • Resend (sending the application's notification emails: recommendations, security alerts, loan reminders and digests).
  • Google Books, Open Library, the National Library of France and Wikidata (enriching book metadata) — no personal data is shared with them.
  • Amazon and partner booksellers (affiliate purchase links) — triggered only when you click a “Find this book” link, without sharing your data.

Transfers outside the European Union

Your account and library data are hosted in the European Union (Supabase, Ireland). Some providers (Vercel for application hosting, Resend for sending emails) are based in the United States and may process technical data there; these transfers are framed by appropriate safeguards (the European Commission's Standard Contractual Clauses).

Retention

Your data is kept for as long as your account exists. When you delete your account, it is erased immediately and in cascade (library, annotations, collections, social data).

Your rights

Under the GDPR, you have rights of access, rectification, erasure, portability, objection and restriction. Two of these can be exercised directly in the app:

To exercise the other rights, write to contact@readersspirit.com. You may also lodge a complaint with your supervisory authority (in France, the CNIL — cnil.fr).

Cookies and trackers

Reader's Spirit only uses strictly necessary technical cookies: your theme and language preferences, an optional referral link, your display preference and the authentication session cookie. Audience measurement (Vercel Analytics) is performed without cookies and without profiling. No consent is therefore required, and no cookie banner is shown.

Security

Traffic is encrypted in transit (HTTPS) and data is protected at rest. Each user's data is isolated at the database level.

Minors

The service is reserved for people aged at least 15 (the consent threshold in France). Below that age, the agreement of a holder of parental authority is required.

Contact

For any question about your personal data, write to contact@readersspirit.com.