Privacy Policy — openShelf

# Privacy Policy — openShelf

_Last updated: 2026-06-08_

openShelf is a free reading app that gives access to public-domain books from
Project Gutenberg. This policy explains what information the app collects, why,
and your choices.

---

## What we collect, locally on your device

The following stays on your phone unless you explicitly choose to sync (a future
feature):

- Reading progress for books you open
- Highlights, notes, and annotations you make
- "Private thoughts" you save while reading

Uninstalling the app removes all of it.

## What we collect when you choose to share

If you tap "Share to world" on a thought, we store on our servers (Supabase):

- The text of your thought
- The book id and page number
- An anonymous user id randomly generated on your device (never linked to your
  name or email)
- A country flag inferred from your device's timezone (e.g. 🇺🇸, 🇬🇧, 🇮🇳) — a
  coarse country signal only, never precise location

We never associate a shared thought with your real identity. We do not collect
your name, email address, or precise (GPS) location. Our infrastructure
providers (Cloudflare and Supabase) may process your device's IP address
transiently to deliver and protect requests, but we do not store your IP
address alongside your thoughts or use it to identify you.

## What we collect automatically

- **Advertising ID** — Google's AdMob SDK uses your device's advertising
  identifier to show ads to free users. You can reset or delete it in your
  Android settings under "Privacy → Ads".
- **Premium status** — whether you subscribe to Premium is cached locally on
  your device. Subscription purchases and renewals are verified through Google
  Play (tied to your Google account); we do not store payment details.

## Content moderation

Before any thought is published to other readers, its text passes through two
automated checks:

1. **OpenAI's moderation API** — flags clearly harmful content
2. **Claude (Anthropic)** — a literature-aware second check that allows
   emotional reactions about books, but blocks harassment, spam, sexually
   explicit content, and real-world threats

The text of a shared thought is sent to these providers solely for moderation.
We also offer a **Report** button on every shared thought. Reports are reviewed
and acted on promptly.

## Third-party services we use

- **Project Gutenberg** — source of the book texts.
  <https://www.gutenberg.org/policy/privacy_policy.html>
- **Cloudflare** — hosts our caching proxy.
  <https://www.cloudflare.com/privacypolicy/>
- **Supabase** — stores publicly shared thoughts. <https://supabase.com/privacy>
- **Google AdMob** — shows ads to free users. <https://policies.google.com/privacy>
- **OpenAI** — content moderation. <https://openai.com/policies/privacy-policy/>
- **Anthropic (Claude)** — secondary moderation.
  <https://www.anthropic.com/legal/privacy>
- **Google Play** — processes Premium subscriptions if you choose to subscribe.
  <https://policies.google.com/privacy>

## How long we keep your data

- Local data: until you uninstall or clear it.
- Shared thoughts: indefinitely, unless you ask us to delete them.
- Reports: 90 days for review, then deleted.
- Premium subscription records: as long as your subscription is active plus 90
  days for refund/support.

## Your rights

You can:
- Ask what data is associated with your anonymous device id (email us)
- Ask us to delete shared thoughts associated with your device id
- Delete the app — all local data goes with it

## Children

The app is rated for readers 13 and above. We do not knowingly collect data from
children under 13.

## Changes to this policy

We may update this policy. Material changes will be announced in the app on next
open.

## Contact

Email: **[email protected]**