Bibliopile logo

Privacy Policy

Last updated: 23 May 2026

1. Who we are

Bibliopile is a personal digital bookshelf application. The data controller for your personal data is Bibliopile, contactable at hello@bibliopile.com.

2. What data we collect

We collect only the data needed to provide the Bibliopile service:

  • Email address — collected when you sign in, used solely for authentication (magic link login). We do not send marketing emails.
  • Book data — titles, authors, cover images, page counts, and other book metadata cached from Hardcover when you add books to your shelf.
  • Your reading activity — reading status, ratings, personal notes, tags, read dates, and shelf organisation (section layout, book positions).
  • Display preferences — spine colours, fonts, and theme settings you configure.

We do not collect analytics, use tracking pixels, or process any sensitive personal data.

3. Why we process your data

All data is processed on the legal basis of contract performance (GDPR Art. 6(1)(b)) — it is necessary to provide the bookshelf service you signed up for. We do not process your data for any other purpose.

4. Cookies

Bibliopile uses a single session cookie to keep you signed in. This cookie is strictly necessary for the service to function and does not require your consent under the ePrivacy Directive. We do not use advertising, analytics, or any other non-essential cookies.

5. Third-party services

  • Supabase — our database and authentication provider. Your data (email address and bookshelf data) is stored on Supabase infrastructure in EU West. Supabase acts as a data processor on our behalf. See their privacy policy at supabase.com/privacy.
  • Hardcover — a book database used to search for and retrieve book metadata (titles, authors, cover images). When you search for a book, your search query is sent to Hardcover. No personal data is shared with Hardcover. See their privacy policy at hardcover.app/privacy.

6. Data retention

We retain your data for as long as your account is active. When you delete your account, all your personal data is permanently deleted from our systems within a few seconds. We do not keep backups of deleted accounts beyond Supabase's standard backup window (typically 7 days for point-in-time recovery).

7. Your rights

Under GDPR you have the right to:

  • Access your personal data — use the "Download my data" feature in Settings.
  • Portability — download a machine-readable copy of your data (JSON) from Settings.
  • Erasure — permanently delete your account and all associated data from Settings.
  • Rectification — update your book data or notes directly within the app.
  • Restriction or objection — contact us at hello@bibliopile.com.

You also have the right to lodge a complaint with your local data protection authority.

8. Contact

Questions about this policy or your data? Email us at hello@bibliopile.com.