Privacy Policy of BookGeist

Last modified: 2026-06-13

1. Introduction

This Privacy Policy explains how BookGeist processes information when you use the app.

BookGeist is designed for personal use and works primarily with local storage on the device. Core library and reading features can be used offline. Some features use external services when available, including in-app purchases, search and enrichment of public book/author metadata, cover images, optional error telemetry, and optional AI or vision features.

2. Controller

Controller: Luis Gonzalez Lopez

Contact: contact@bookgeist.app

3. Data BookGeist may process

BookGeist may process books and their metadata, ISBNs, reading status, reviews, ratings, private notes, reading sessions, objectives, collections, sagas, loans, app preferences, images, imported or exported files, structured author data when available or confirmed by the user, public bibliographic identifiers, anonymous RevenueCat identifiers when purchases are active, purchase or subscription status, local AI credit ledgers when AI is available, and technical data needed for diagnostics or external connections.

When the BookGeist metadata proxy is configured, the app may store on the device an invitation code entered by the user, a random installation identifier (installId), and a temporary session token. The proxy may receive the invitation code, installation identifier, platform, app version, approximate device language, search query or ISBN, pagination, and language parameters. These data are used to validate access, issue temporary tokens, apply rate limits, protect provider keys, diagnose operational errors, and forward book, ISBN, cover, or author queries to external bibliographic services when needed. Although these identifiers do not include a name, email, or BookGeist account, they may allow one installation to be distinguished or requests to be linked, so they are treated as pseudonymous identifiers.

Premium subscription features that require servers (cross-device sync, cloud backup, and social features such as book clubs or reading guides) need an account. These features are not active in the current internal beta; when they are activated, BookGeist may process account identity data (email, or Apple’s private relay email if you choose it, display name, and the sign-in provider’s user identifier), authentication data (sign-in is performed with Sign in with Apple or Google; BookGeist receives a provider identity token and issues its own access and refresh session tokens), synced reading data and cloud backups (library, sessions, notes, notebook, and preferences you choose to sync, linked to your account), and social-feature data (your profile and the content you share in clubs or reading guides). These data are linked to your identity and stored in the BookGeist account and sync backend; your previous purchases are preserved by associating the anonymous purchase identifier with the account. You can delete your account and associated data as described in section 12 and in the account-deletion document.

If the user expressly enables error reports, BookGeist may send anonymous technical data to Sentry to diagnose crashes and errors: app version, build number, platform, operating system, sanitized stack trace, technical error message, and limited technical breadcrumbs. BookGeist does not send aliases, email, name, library contents, book titles, notes, quotes, contacts, local files, full URLs, or personal content entered by the user in error telemetry.

When the user chooses to report a problem from the app, BookGeist may send a user-initiated bug report. It may include a written description, a screenshot of the app that the user optionally attaches, and technical device context (app version, build number, platform, and operating system). Sending is voluntary and started by the user. Unlike the anonymous error telemetry above, a screenshot may contain personal content visible at that moment (book titles, notes, library) and, where applicable, third-party data shown on screen, so the user decides whether to attach it and what it shows. The report is sent to a BookGeist-owned serverless endpoint hosted on Cloudflare, which delivers it to the controller to diagnose and fix the issue.

4. Purposes

Data are used to operate the app, record reading progress, save notes and statistics, import and export data, personalize the app, download covers or metadata, consult public sources to structure author names and improve sorting or cataloguing, validate metadata-proxy invitation codes, issue temporary tokens, apply rate limits, protect external bibliographic-service keys, diagnose crashes and errors if anonymous error reports are enabled, manage Pro purchases and Premium subscriptions when active, restore purchases, manage your account, authenticate sign-in, sync data and backups, and provide social features when the Premium account subscription is active, process optional AI/OCR/vision features with prior consent when available, receive and diagnose user-initiated bug reports (including any screenshot the user attaches) to reproduce and fix issues, and limit abuse or AI cost through credits and rate limits. Error telemetry is not used for advertising, tracking, or profiling.

5. User control

The user controls most content because they enter, import, edit, export, or delete it manually. Core local features do not require an account or connection.

Metadata lookups may run automatically during ISBN imports, book searches, or author enrichment. If there is no connection or no reliable source is found, the user can enter or correct data manually.

AI or visual-recognition features show a notice before sending content to an external service and allow cancellation. If the user cancels, no content is sent and no credits are consumed.

6. Storage model

BookGeist stores most information locally on the device. In the current version, no BookGeist account is required, there is no mandatory sync to BookGeist-owned servers, and no automatic backup is offered on a BookGeist-owned server.

The current internal beta has no active login, in-app purchases are marked as coming soon, and AI features are temporarily unavailable.

When the Premium account subscription is activated, some of the information described in section 3 will also be stored on the BookGeist account and sync backend, linked to your account, to provide sync, cloud backup, and social features. Core local features will keep working without an account.

7. Internet connections, purchases, and third parties

BookGeist may connect to external services to download covers, search book or ISBN metadata directly or through the BookGeist metadata proxy, enrich author data through external sources or BookGeist services that consult external sources, process error telemetry with Sentry if the user allows it, manage purchases and subscriptions with RevenueCat, Apple App Store, and Google Play when active, send content to an AI proxy when AI is available and the user accepts an AI/OCR/vision feature, create or use a BookGeist account and sign in with Apple or Google and sync data or backups when using the Premium subscription, share/import/export files through the operating system, or send a user-initiated bug report with the screenshot and technical context the user chooses to attach through a BookGeist-owned serverless endpoint.

Expected processors or providers include RevenueCat, Apple App Store, Google Play, Sentry, AI providers, serverless hosting for the AI proxy, serverless hosting for the BookGeist metadata proxy, metadata APIs and cover CDNs, Open Library, Google Books, ISBNdb, Wikidata/Wikipedia, any configured bibliographic metadata proxy, sign-in providers (Sign in with Apple and Google) for account authentication, the BookGeist account and sync backend (serverless hosting) for server-side authentication, synced-data storage, backups, and social features when the Premium subscription is active, and the BookGeist-owned serverless endpoint (a Cloudflare Worker) that receives user-initiated bug reports with their optional screenshot and technical context.

BookGeist does not control the privacy policies of external sites or providers outside the controller’s responsibility.

When an AI feature is available, the app must inform the user before sending content: what will be sent, why it will be used, that the user can cancel before sending, that the feature may consume credits, and that consent can be revoked in Settings.

For AI visual reference, the expected content is the visual description written by the user, selected style, optional framing/tone/period settings, and an anonymous identifier needed for entitlements, credits, and abuse control. BookGeist does not send the full library, full notebook, contacts, backups, exports, or local files not explicitly selected for that feature.

The AI proxy should not persist sensitive payloads except for documented technical need. Remote retention must be limited to the minimum operational time needed to process the request, diagnose failures, and prevent abuse. Any change in retention or training use requires updating this policy before activation.

9. Device permissions

Depending on platform and user choices, BookGeist may request camera, photos/gallery, contacts, files/documents, microphone (to dictate or record voice notes), and notifications permissions. Notifications are local reminders generated on the device and are not sent through BookGeist-owned servers. Granting permissions is optional, but some features will not work without them.

BookGeist does not sell personal data and does not automatically share the user’s library or reading history with advertising networks. Data only leave the device when the user initiates an action that requires it or uses a documented feature requiring an external lookup, such as exporting or sharing a file, downloading a cover, searching external metadata, enriching author data, restoring purchases, managing a subscription, sending content to an AI/OCR/vision feature with prior consent, or sending a user-initiated bug report with a screenshot the user chooses to attach.

11. Retention

Local data are kept while the app remains installed or until the user deletes them manually from the app or by clearing app data. Exported files may remain wherever the user stores or shares them. Purchase data are retained according to Apple, Google, and RevenueCat policies. AI data must be retained only for the minimum operational time described in section 8.

Technical data processed by the BookGeist metadata proxy (installation identifier, invitation code, temporary session tokens, and operational logs) must be retained only for the minimum operational time needed to authenticate the session, apply rate limits, prevent abuse, and diagnose errors.

User-initiated bug reports (description, attached screenshot, and technical context) are kept only as long as needed to reproduce, diagnose, and fix the issue, and are deleted once no longer useful for that purpose.

Account data and synced data are kept while the account is active and are deleted when the account is deleted, except information that must be retained by legal obligation or that is managed by Apple, Google, or RevenueCat.

12. User rights

The user can access, modify, or delete content they have entered, export their data, delete the app and local data, delete their BookGeist account and associated synced data when accounts are available, restore purchases, and manage or cancel subscriptions through App Store or Google Play. To exercise legal rights with the controller, use the contact listed in this policy.

13. Children

BookGeist is not specifically designed to collect data from children without user intervention. If the app is distributed to children or regulated child contexts, this section must be reviewed with specific legal advice.

14. Security

BookGeist uses a local-storage-centered architecture to reduce unnecessary transfers. AI provider keys and external bibliographic-service keys must not be embedded in the mobile client; where applicable, calls go through a serverless proxy that protects them. No system can guarantee absolute security.

15. Changes to this policy

This Privacy Policy may be updated to reflect functional, technical, or legal changes. The last-modified date is shown at the beginning of the document.

This English text is a translation of the binding Spanish version and is provided for convenience.