← Back to Bookula

Privacy Policy

Last updated: March 11, 2026

1. Introduction

Bookula ("we", "our", or "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information when you use the Bookula mobile application (the "App").

This Policy applies to all users of the App regardless of location. Depending on where you reside, additional rights and protections may apply, as described in Section 7.

2. Information We Collect

Information You Provide Directly

  • Account Information: Name, email address, and profile picture.
  • User-Generated Content: Book titles, authors, and descriptions you add to your library.
  • Communications: Chat messages, borrowing requests, and other communications sent through the App's direct messaging and group features.
  • Group Information: Names and membership details of groups you create or join.

Information from Third-Party Services

  • Authentication Data: If you choose to log in using third-party providers (such as Google or Apple), we receive your name, email address, and authentication tokens from these services to create and manage your account.

Information Collected Automatically

  • Device Information: Device type, operating system version, and unique device identifiers.
  • App Usage Data: Log data, crash reports, and interactions with the App to improve performance and user experience.
  • Local Storage & Identifiers: While traditional web cookies are not used in our mobile app, we utilize local device storage and secure mobile identifiers to maintain your session, remember your preferences, and track app performance.
  • Push Notification Tokens: Firebase Cloud Messaging (FCM) tokens or Apple Push Notification service (APNs) tokens to deliver alerts.
  • Analytics Data: Aggregated, de-identified analytics data (such as feature usage frequency and session duration) to improve the App. This data is not linked to your identity.

3. How We Use Your Information & Legal Bases

We use the collected information based on the following legal grounds under applicable data protection law (including GDPR and CCPA):

  • Performance of a Contract: To create, authenticate, and manage your account; facilitate book lending, borrowing, and tracking; and enable direct messaging.
  • Legitimate Interests: To improve the App, provide customer support, detect technical issues, enforce our Terms of Service, and conduct de-identified analytics.
  • Consent: To send push notifications (which you can opt out of via device settings) and to access specific device features (such as the camera for profile pictures).
  • Legal Obligation: To comply with applicable laws and lawful governmental requests.

4. Data Storage, Security & International Transfers

Storage & Security

Your data is stored securely using Supabase, a trusted cloud database provider. We implement strict Row-Level Security (RLS) policies and industry-standard encryption in transit (TLS) and at rest. While we take these precautions, no method of internet transmission is 100% secure. Direct messages are stored on our servers to sync across your devices but are not end-to-end encrypted.

International Transfers

Your personal information may be transferred to, and processed in, countries other than your country of residence — primarily the United States, where our Supabase and Firebase servers are located. These countries may have data protection laws that differ from those in your country. Where required by law, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) to protect your data during such transfers.

5. Sharing of Information

We do not sell or rent your personal information to third parties. Your information is shared only in the following limited circumstances:

  • With Other Users: Your display name, profile picture, shared books, and chat messages are visible to other members of groups you join or users you communicate with.
  • With Service Providers: We use Supabase (database and authentication) and Google Firebase (push notifications) to operate the App. These providers process data on our behalf under strict data processing agreements and are prohibited from using your data for their own purposes.
  • For Legal Requirements: We may disclose your information if required by law, court order, or to protect the rights, property, and safety of Bookula, our users, or the public.
  • Business Transfers: If Bookula is involved in a merger, acquisition, or asset sale, your personal information may be transferred as part of that transaction. We will notify you via email or in-App notice at least 30 days before your data becomes subject to a different privacy policy.

6. Data Retention

We retain your personal information for specific periods based on the nature of the data:

  • Account Data: Retained for as long as your account is active.
  • Logs & Crash Reports: Retained for a maximum of 90 days for debugging and security purposes, after which they are deleted or permanently de-identified.
  • Account Deletion: If you delete your account, your profile data, library, and active requests will be permanently deleted from our active databases within 30 days of your request.
  • Chat Messages: Messages you have sent will remain in other users' chat history to preserve conversation context. However, all identifying information (name, avatar, user ID) will be permanently stripped and replaced with a "Deleted User" label within 30 days of account deletion.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

  • Access & Portability: Request access to the personal information we hold about you and receive it in a structured, machine-readable format.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Delete your account and associated data directly within the App (Settings > Delete Account). Deletion may be temporarily restricted if you have outstanding borrowed books that must be returned first.
  • Objection & Restriction: Object to our processing of your personal data or request that we restrict processing under certain circumstances.
  • Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
  • Opt-Out of Notifications: Disable push notifications at any time via your device's native settings.

California Residents (CCPA/CPRA)

You have the right to know what personal information we collect and how it is used, to delete your personal information, and to opt out of the sale or sharing of your personal information. We do not sell or share personal information. To submit a CCPA request, contact us at support@bookula.app.

EEA & UK Residents (GDPR / UK GDPR)

If you are located in the EEA or UK, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable law.

To exercise any of these rights, contact us at support@bookula.app. We will respond to verifiable requests within 30 days (or within the timeframe required by applicable law).

8. Children's Privacy (COPPA Compliance)

Bookula is not directed at, nor do we knowingly collect personal information from, children under the age of 13 (or under 16 in certain European jurisdictions). If we gain actual knowledge that a child under the applicable age has provided us with personal information without verifiable parental consent, we will take immediate steps to delete that information and terminate the associated account within 14 days.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@bookula.app with the subject line "COPPA Data Deletion Request."

9. Dispute Resolution

If you have a concern or complaint about how we handle your personal information, we encourage you to contact us first at support@bookula.app. We will make reasonable efforts to resolve your concern within 30 days.

If you are not satisfied with our response, you may have the right to escalate your complaint to the relevant data protection authority or other regulatory body in your jurisdiction. EEA and UK users may contact their local supervisory authority at any time.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will provide at least 30 days' advance notice of material changes by posting the new policy within the App and sending an email to the address associated with your account. Non-material changes (such as typographical corrections) may take effect immediately.

Your continued use of the App after material changes take effect constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer at:

  • Email: support@bookula.app
  • Response time: We aim to respond to all privacy-related inquiries within 5 business days.