Privacy Policy

Last updated: April 10, 2026

1. Introduction

Hearth & Page ("the App") is a social reading companion developed by zackraidl@hearth-and-page.com. This Privacy Policy explains how we collect, use, and protect your personal information. By using Hearth & Page, you agree to this Privacy Policy.

2. Data We Collect

We collect the following types of information:

• Account data: email address, display name, and password (hashed — never stored in plain text).
• Reading activity: books added to your shelf, reading statuses, page progress, ratings, and personal notes.
• Social data: club memberships, discussion messages, quiz attempts, quiz votes, quiz flags, and shared reviews.
• Device data: push notification tokens (via Expo Push Notification Service), used solely for delivering notifications.
• Usage data: points earned, achievements unlocked, rank progression, and quest completions.

3. How We Use Your Data

• Provide and personalize your reading experience (shelves, progress, stats).
• Enable social features (clubs, discussions, leaderboards, quizzes).
• Send push notifications with your permission (discussion replies, milestones, club activity).
• Calculate points, achievements, ranks, and leaderboards.
• Moderate user-generated content (quiz flagging).

4. Third-Party Data Sharing

• Google Books API: when you search for books, your search query is sent to Google's servers via a server-side proxy (Supabase Edge Function). Google receives the search text but does not receive your email, user ID, or IP address.
• Expo Push Notification Service: your push notification token is sent to Expo's servers to deliver notifications. See Expo's Privacy Policy.
• Apple Sign-In: if you sign in with Apple, authentication is handled by Apple's identity service. See Apple's Privacy Policy.

We do not sell your data to any third party.

5. Data Retention

• Account data is retained until you delete your account.
• Upon account deletion, your personal data is permanently removed. Discussion messages you posted are anonymized (author information removed) but the message content is retained to preserve conversation context.
• Push notification tokens are deleted when you sign out or delete your account.
• Notification logs are retained for operational purposes and are not publicly accessible.

6. Your Rights

• Access: request a copy of your data by emailing zackraidl@hearth-and-page.com.
• Deletion: delete your account at any time via Settings > Delete Account. This action is immediate and irreversible. All personal data is deleted; discussion messages are anonymized.
• Correction: update your display name in your profile at any time.
• Portability: request a data export by emailing zackraidl@hearth-and-page.com.
• EU residents: you may lodge a complaint with your local data protection authority.

7. Children's Privacy

Hearth & Page is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. During sign-up, users must confirm they are at least 13 years old. If you believe a child under 13 has created an account, please contact us at zackraidl@hearth-and-page.com and we will promptly delete the account.

8. Security

• All data is transmitted over HTTPS/TLS.
• Passwords are hashed using industry-standard algorithms (bcrypt via Supabase Auth).
• Row Level Security (RLS) policies enforce data access boundaries at the database level — users can only access their own data and data shared with them through clubs.
• Quiz scores are computed server-side to prevent tampering.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify users via in-app notification. Continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or your data, contact us at:
zackraidl@hearth-and-page.com