Privacy Policy

Last updated: January 30, 2026

1. Introduction

ChapterPanion (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered book analysis platform (“the Service”).

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our Service, you consent to the data practices described in this policy.

2. Data Controller

The data controller responsible for processing your personal data is:

ChapterPanion
[Company Name]
[Street Address]
[City, Postal Code]
[Country]
Email: [Your Contact Email]
Phone: [Your Phone Number]

If you have any questions about this Privacy Policy or our data practices, please contact us using the information provided above.

3. Information We Collect

3.1 Information You Provide

We collect information that you provide directly to us, including:

Account Information: Name, email address, password, and profile information
Content: Books, documents, and other files you upload to the Service
Communication Data: Messages, feedback, and correspondence you send to us
Payment Information: Billing address and payment details (processed by third-party payment processors)
Preferences: Language preferences, learning goals, and other settings

3.2 Information Automatically Collected

When you use our Service, we automatically collect certain information:

Usage Data: Pages visited, features used, time spent, and interaction patterns
Device Information: Device type, operating system, browser type, and IP address
Log Data: Access times, error logs, and system events
Cookies and Tracking Technologies: See our Cookie Policy section below

3.3 Information from Third Parties

We may receive information about you from third-party services, such as authentication providers (e.g., Clerk) and analytics services (e.g., Google Analytics, Vercel Analytics).

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Contractual Necessity: To provide the Service and fulfill our contractual obligations
Consent: When you have given explicit consent for specific processing activities (e.g., marketing communications)
Legitimate Interests: To improve our Service, ensure security, and prevent fraud
Legal Obligations: To comply with applicable laws and regulations

5. How We Use Your Information

We use the collected information for the following purposes:

To provide, maintain, and improve the Service
To process your transactions and manage your subscription
To generate AI-powered analyses, summaries, and personalized recommendations
To communicate with you about the Service, updates, and support
To detect, prevent, and address technical issues and security threats
To analyze usage patterns and improve user experience
To comply with legal obligations and enforce our Terms of Service
To send marketing communications (with your consent)

6. Data Sharing and Disclosure

We may share your information in the following circumstances:

6.1 Service Providers

We share data with third-party service providers who perform services on our behalf, including:

Cloud hosting and storage providers (e.g., Vercel, Supabase)
Authentication services (e.g., Clerk)
Payment processors
Analytics providers (e.g., Google Analytics, Vercel Analytics)
AI service providers for content processing

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

6.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of our users or others.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6.4 With Your Consent

We may share your information with third parties when you have given explicit consent to do so.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions by the European Commission
Other appropriate safeguards as required by GDPR

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Our retention periods are as follows:

Account Data: Retained while your account is active and for a reasonable period after account closure
Content: Retained until you delete it or close your account
Usage Data: Retained for up to [X] years for analytics purposes
Legal Records: Retained as required by applicable law (e.g., financial records for [X] years)

When data is no longer needed, we will securely delete or anonymize it in accordance with our data retention policies.

9. Your Rights (GDPR)

Under the GDPR and other applicable data protection laws, you have the following rights regarding your personal data:

9.1 Right of Access

You have the right to request access to your personal data and receive a copy of the data we hold about you.

9.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure (“Right to be Forgotten”)

You have the right to request deletion of your personal data under certain circumstances.

9.4 Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain situations.

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

9.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time.

9.8 Exercising Your Rights

To exercise any of these rights, please contact us at [Your Contact Email]. We will respond to your request within one month (or as required by applicable law). We may need to verify your identity before processing your request.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier.

10.1 Types of Cookies

Essential Cookies: Required for the Service to function properly
Analytics Cookies: Help us understand how users interact with the Service (e.g., Google Analytics, Vercel Analytics)
Functional Cookies: Remember your preferences and settings
Marketing Cookies: Used to deliver relevant advertisements (with your consent)

10.2 Cookie Consent

We obtain your consent before placing non-essential cookies on your device. You can manage your cookie preferences at any time through our cookie settings.

11. Automated Decision-Making and Profiling

Our Service uses AI to generate analyses and personalized recommendations. This may involve automated processing of your data. You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

If you have concerns about automated decision-making, please contact us to discuss your options.

12. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

13. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Regular security assessments and updates
Access controls and authentication mechanisms
Employee training on data protection
Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

14. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay, as required by GDPR.

15. Right to Lodge a Complaint

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

For users in the European Union, you can find your local supervisory authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. We may also notify you via email or through the Service.

Your continued use of the Service after such modifications constitutes your acceptance of the updated Privacy Policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ChapterPanion
[Company Name]
[Street Address]
[City, Postal Code]
[Country]
Email: [Your Contact Email]
Phone: [Your Phone Number]

Data Protection Officer: [If applicable, provide DPO contact information]