Privacy Policy

Effective: March 1, 2026

Tsundoku ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding your personal information.

1. Data We Collect

We collect the following information when you use Tsundoku:

  • Account information: email address, display name, and full name provided during registration
  • Reading data: books in your library, ratings, reading status, dates read, and reviews you provide
  • Preferences: reading preferences, genre interests, and onboarding responses used to personalize recommendations
  • Usage data: page views, feature interactions, and recommendation feedback (anonymous event tracking)
  • Imported data: book lists imported from Goodreads, StoryGraph, or bookshelf photos
  • Payment information: processed securely by Stripe; we do not store your credit card numbers

2. How We Use Your Data

  • Generate personalized book recommendations using AI
  • Display your reading library, statistics, and annual reviews
  • Improve recommendation accuracy based on your feedback and reading patterns
  • Process subscription payments
  • Analyze aggregate usage patterns to improve the service
  • Send transactional emails (account verification, password resets)

3. Third-Party Services

We use the following third-party services to operate Tsundoku:

  • Supabase: authentication and database hosting (your account and reading data are stored here)
  • Stripe: payment processing for Pro subscriptions (Stripe's own privacy policy governs payment data)
  • OpenAI: generates text embeddings of book metadata to power vector-based similarity search; no personal data is sent
  • Anthropic (Claude): powers AI recommendations and book metadata classification; your reading history summary (titles, genres, ratings) is sent to generate personalized suggestions
  • Vercel: application hosting and edge delivery
  • Google Books, Open Library, ISBNdb: book metadata enrichment (cover images, descriptions, ISBNs)

We do not sell your personal data to any third party.

4. Cookies

We use essential cookies to maintain your authentication session. We do not use third-party advertising or tracking cookies. Supabase Auth sets secure, HTTP-only cookies for session management.

5. Data Retention

We retain your account and reading data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Anonymous, aggregated usage data may be retained indefinitely for service improvement purposes.

6. Your Rights

You have the right to:

  • Export your data: download your complete library as a CSV file from your account settings
  • Delete your account: permanently remove your account and all associated data from your account settings
  • Access your data: view all personal information we store about you through your profile and library pages
  • Correct your data: update your profile information and reading data at any time

7. Data Security

We protect your data using industry-standard security measures including encrypted connections (TLS), secure authentication via Supabase Auth, and Row Level Security (RLS) on all database tables to ensure users can only access their own data.

8. Children's Privacy

Tsundoku is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it promptly. If you believe a child under 13 has provided us with personal data, please contact us.

9. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or a prominent notice on the service. The "Effective" date at the top of this page indicates when the policy was last revised.

10. Contact

If you have questions about this privacy policy or how we handle your data, please contact us at privacy@tsundoku.app.