Privacy Policy

Last updated: March 2026

1. Information We Collect

Account Information

When you create an account, we collect your email address, display name, and profile information. If you sign in with Google, we receive your name, email, and profile picture from Google.

Google Drive Data

If you connect Google Drive, we request read-only access to your files. We access only the files you explicitly select. We do not scan, index, or store your Drive files unless you enable the R2 backup feature on a paid plan. Your PDFs are read on-demand through Google's API and served through our secure reader.

Usage Data

We collect anonymized usage data including page views, reader sessions, and feature usage to improve the Service. View counts are tracked using a hashed fingerprint (IP + User-Agent) for deduplication purposes. We do not sell this data.

Payment Information

Payments are processed by Polar.sh. We do not store your credit card information. We receive your subscription status and customer ID from Polar for plan management.

2. How We Use Your Information

• To provide and maintain the Service
• To manage your account and subscription
• To enforce plan limits (view counting)
• To deliver books to authorized readers
• To send important service notifications
• To improve the Service based on usage patterns

3. Content Protection

PDFs served through our reader are proxied server-side. We do not expose direct download URLs to readers. Your content is served in view-only mode through our protected reader. However, no digital content protection is absolute.

4. Data Storage

Account and flipbook metadata is stored in Supabase (PostgreSQL) hosted in the United States. Google Drive files remain in your Google account. If you enable R2 backup, a copy of your PDF is stored in Cloudflare R2.

5. Data Sharing

We do not sell your personal data. We share data only with:

• Supabase — Database and authentication
• Google — Drive API access (only files you select)
• Polar.sh — Payment processing
• Vercel — Hosting and analytics

6. Cookies

We use essential cookies for authentication and session management. We use a locale preference cookie for language selection. Password-protected book access uses a temporary cookie (24-hour expiry). We use Vercel Analytics which does not use cookies for tracking.

7. Your Rights

You have the right to:

• Access your personal data
• Update or correct your information
• Delete your account and associated data
• Disconnect Google Drive at any time
• Export your data
• Cancel your subscription at any time

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, we delete your personal data and book metadata within 30 days. Anonymized analytics data may be retained for longer.

9. Security

We implement industry-standard security measures including encrypted connections (HTTPS), hashed passwords, Row Level Security on our database, and OAuth 2.0 for third-party integrations. We regularly review our security practices.

10. Children

The Service is not intended for children under 13. We do not knowingly collect personal data from children under 13.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or through the Service.

12. Contact

For questions about this privacy policy, contact us at qiubitlabs@gmail.com.