Privacy Policy

Auf Deutsch lesen

Your privacy is important to us. This policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable German law.

1. Data Controller

The data controller responsible for processing your personal data is:

Germany

Email: moritz@devmtkl.com

2. Data We Collect

We collect and process the following categories of personal data:

Account Information

  • Email address — required for account creation and communication
  • Password — stored in encrypted (hashed) form; we never store plain-text passwords
  • Display name — optional, shown publicly on your profile and reviews
  • Profile picture — optional, uploaded by you

User-Generated Content

  • Book reviews and ratings you create
  • Comments on reviews
  • Images uploaded in reviews
  • Reading lists, goals, and challenges
  • Book club memberships and participation

Technical and Usage Data

  • IP address (anonymized for analytics)
  • Browser type and version
  • Device information
  • Pages visited and features used
  • Time and date of access
  • Error logs and crash reports

3. Legal Basis for Processing (Art. 6 GDPR)

We process your personal data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR) — Processing necessary to provide the BookNest service, including account management, storing your reading data, and enabling social features.
  • Legitimate interests (Art. 6(1)(f) GDPR) — Processing for service improvement, security, fraud prevention, and analytics. Our legitimate interests do not override your fundamental rights.
  • Consent (Art. 6(1)(a) GDPR) — For optional analytics cookies and marketing communications. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c) GDPR) — When required to comply with applicable laws.

4. How We Use Your Data

We use your personal data for the following purposes:

  • Provide the service — Create and manage your account, store your books and reading progress, enable reviews and comments
  • Communication — Send transactional emails (password resets, account notifications), respond to support requests
  • Service improvement — Analyze usage patterns to improve features and user experience
  • Security — Detect and prevent fraud, abuse, and security incidents
  • Content moderation — Review reported content and enforce Community Guidelines
  • Error tracking — Identify and fix technical issues

5. Third-Party Services and Data Processors

We use the following third-party services to operate BookNest. These providers process data on our behalf under data processing agreements:

Supabase

Purpose: Database hosting, user authentication, file storage

Data processed: Account data, user content, uploaded images

Location: EU and US servers

Supabase Privacy Policy

PostHog

Purpose: Product analytics and usage insights

Data processed: Anonymized usage data, feature interactions, session information

Location: EU (PostHog Cloud EU)

PostHog Privacy Policy

Sentry

Purpose: Error tracking and application monitoring

Data processed: Error logs, stack traces, device/browser information

Location: US

Sentry Privacy Policy

Resend

Purpose: Transactional email delivery

Data processed: Email address, email content

Location: US

Resend Privacy Policy

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), particularly in the United States. When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) — EU-approved contractual clauses ensuring data protection
  • Data Processing Agreements — Binding agreements with all processors
  • EU-US Data Privacy Framework — Where providers are certified (where applicable)

You can request a copy of the relevant safeguards by contacting us at moritz@devmtkl.com.

7. Cookies and Tracking Technologies

BookNest uses cookies and similar technologies. Here's what we use:

Essential Cookies (Always Active)

Required for the website to function. These include authentication cookies to keep you logged in and session cookies for security.

Analytics Cookies (Consent Required)

PostHog analytics cookies help us understand how users interact with BookNest. These cookies are only set after you consent via our cookie banner.

You can manage your cookie preferences at any time through your browser settings or our cookie consent tool. Disabling essential cookies may affect the functionality of the service.

8. Data Retention

We retain your personal data for as long as necessary to provide the service and fulfill the purposes described in this policy:

  • Account data — Retained until you delete your account
  • User content — Retained until you delete it or your account
  • Usage analytics — Anonymized and retained for up to 24 months
  • Error logs — Retained for up to 90 days
  • Backup data — Retained for up to 30 days after deletion

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.

9. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

  • Right of access (Art. 15) — Request a copy of your personal data
  • Right to rectification (Art. 16) — Correct inaccurate or incomplete data
  • Right to erasure (Art. 17) — Request deletion of your personal data ("right to be forgotten")
  • Right to restriction (Art. 18) — Request limited processing of your data
  • Right to data portability (Art. 20) — Receive your data in a machine-readable format
  • Right to object (Art. 21) — Object to processing based on legitimate interests
  • Right to withdraw consent (Art. 7) — Withdraw consent at any time for consent-based processing

To exercise your rights, contact us at moritz@devmtkl.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In Germany, this is the data protection authority of your federal state (Landesdatenschutzbeauftragter).

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest
  • Secure password hashing (bcrypt)
  • Regular security updates and monitoring
  • Access controls and authentication
  • Regular backups with secure storage

While we take security seriously, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to moritz@devmtkl.com.

11. Children's Privacy

BookNest is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16 years of age.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at moritz@devmtkl.com. We will promptly delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the bottom of this page
  • Notify you by email for significant changes
  • Post a notice on our website

We encourage you to review this Privacy Policy periodically. Your continued use of BookNest after changes indicates acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your data protection rights, please contact us:

Email: moritz@devmtkl.com

Postal Address:

Germany

You can also use our contact form for general inquiries.

Last updated: January 2, 2026

Diese Seite auf Deutsch lesen →