Privacy Policy

What we collect

When you create an account, we store your name, email address, and a hashed password. We never store your password in plain text.

As you use Bookshelf, we store the books you add, your shelves, reading progress, ratings, notes, and reading goals. This is the core data that makes the app work for you.

How we use it

Your data is used solely to provide the Bookshelf service - organizing your library, tracking your reading, and generating your personal statistics. That's it.

Email

We send transactional emails only: a welcome email when you sign up and password reset emails when you request them. We use Resend as our email provider. We will never send marketing emails or share your email with third parties.

Cookies

We use two cookies, both essential for the app to function:

• Session cookie - keeps you logged in (expires after 7 days)
• Guest cookie - enables guest mode without an account (expires after 24 hours)

We have no analytics, tracking, or advertising cookies. No cookie consent banner is needed because all cookies are strictly functional.

Data storage

Your data is stored in a PostgreSQL database hosted on Neon (serverless Postgres). The application is hosted on Vercel. Both services operate data centers in the United States.

Passwords are hashed using scrypt before storage. We cannot read your password.

Third-party services

When you search for books, we query Open Library and Google Books on the server side. Your search queries are sent to these APIs but no personal information is shared with them.

Your rights

You can delete your account at any time from Settings → Danger Zone. This permanently removes all your data - account, shelves, books, progress, notes, and statistics. This action is irreversible.

Data export will be available in a future update.

Changes

If this policy changes, we'll update the date at the top. For a portfolio project of this nature, changes will be infrequent.