Privacy Policy
Last updated: [15 August 2025]
1) Who We Are
Mythscribe is a book management and social reading platform (“Mythscribe”, “we”, “us”). We act as the data controller for personal data processed via our service.
Controller: Mythscribe LTD (to be updated)
Contact: info@mythscribe.net
2) Information We Collect
- Account data: username, email, encrypted password. Optional profile details: profile picture, background/theme, reading speed/targets.
- Google OAuth sign-in: email, profile picture, and [confirm the third field, e.g., display name]. We request the minimum scope needed.
- Library & social data: shelves, books, statuses/progress, ratings, reviews, comments.
- Usage & security data: login timestamps, IP address, device/browser info, session identifiers, audit/security logs.
- Third-party content/metadata: book information from Google Books, Open Library, ISBNdb; AI-generated suggestions via OpenAI (we send book metadata only).
3) How We Use Your Data & Legal Basis
| Purpose | Example Data | Legal Basis (UK/EU GDPR) |
|---|---|---|
| Provide and maintain your account & library | Account and library data | Contract performance (Art. 6(1)(b)) |
| Social features (comments, reviews, profiles) | Profile, posts | Contract performance (Art. 6(1)(b)) |
| Personalisation & recommendations | Reading history, ratings | Legitimate interests (Art. 6(1)(f)) |
| Security, fraud prevention, abuse control | Logs, IP, device info | Legal obligation & legitimate interests (Art. 6(1)(c)/(f)) |
| Analytics and product improvement | Aggregated usage | Legitimate interests (Art. 6(1)(f)); for non-essential cookies, consent (Art. 6(1)(a)) |
| Communications (account notices) | Contract performance (Art. 6(1)(b)) | |
| Optional marketing (if used later) | Email, preferences | Consent (Art. 6(1)(a)) |
4) Sharing & Processors
We use carefully selected processors to run Mythscribe. They process data on our behalf under data processing agreements:
- Hosting: Hostinger (infrastructure, database, backups).
- Identity: Google OAuth (sign-in).
- Security: Google reCAPTCHA (abuse/fraud prevention).
- Book data: Google Books API, Open Library API, ISBNdb API (metadata only).
- AI features: OpenAI API (we send book metadata only — no direct personal data).
- Analytics: [Your provider, e.g., Google Analytics] (with consent for non-essential cookies).
We do not sell personal data.
5) International Transfers
Some providers may process data outside the UK/EU (e.g., the United States). Where this occurs, we rely on appropriate safeguards such as the UK/EU Standard Contractual Clauses (SCCs), an adequacy decision, or equivalent lawful mechanisms. Providers potentially processing outside the UK/EU include Google (OAuth/Books/reCAPTCHA/Analytics), OpenAI, and ISBNdb.
6) Data Retention
- Active accounts: kept while your account remains active.
- Inactive accounts: if you do not log in for 3 years, we will delete your account and personal data.
- Soft delete: if you delete your account, it’s immediately disabled and removed from the service; full purge from backups within 30 days.
- We may retain certain security logs where legally required or necessary to protect our service.
7) Your Rights
Under UK/EU GDPR you may have the right to: access; rectify; erase; restrict processing; data portability; object; and withdraw consent at any time (where processing is based on consent). You also have the right to lodge a complaint with the ICO (UK) or your local supervisory authority.
8) Cookies
We use essential cookies for login and security, and (with your consent) analytics cookies. See our Cookie Policy for details and controls.
9) Children
Mythscribe is not intended for children under 13. If you believe a child has provided personal data, please contact us.
10) Changes to this Policy
We may update this policy from time to time. We will notify you of material changes via in-app notice or email.
11) Contact
Email: info@mythscribe.net