Readbinder
← Home

Privacy Policy

Last updated: 2026-04-26

Readbinder (“we,” “us”) is a personal reading tracker built and operated by Leonardo Goulart. This policy explains what data we collect, why, and what choices you have. If you have any questions, email support@readbinder.com.

The short version

Readbinder is local-first. Your books, notes, tags, and concepts live in your browser’s IndexedDB by default and never leave your device. If you choose to sign in, your data syncs to a private Supabase database we host on your behalf. We don’t run analytics, we don’t track you across the web, and we don’t sell your data to anyone.

What we collect

If you don’t sign in

  • Local storage only.Your library, notes, tags, and concepts are stored in your browser’s IndexedDB. We never see this data.
  • Standard server logs. Our hosting provider keeps short-term logs (IP, user-agent, timestamp) to detect abuse and debug issues.

If you sign in

  • Email address. Used to send you a one-time magic link and to identify your account. Stored by Supabase.
  • Authentication cookies.A session cookie set by Supabase keeps you signed in. It’s strictly necessary for the service to work.
  • Your library data. Books, notes, tags, concepts, and the relationships between them, scoped to your account on the server.

How we use it

  • To run the service: store and sync your library across devices.
  • To authenticate you and prevent abuse.
  • To respond to support requests when you email us directly.

We do not sell your data. We do not use it for advertising. We do not share it with third parties except the processors below.

Third-party processors

  • Supabase — database and authentication. Stores your email and synced library data. Privacy policy.
  • Vercel — hosting and CDN. Sees standard request metadata (IP, user-agent, URL). Privacy policy.
  • Cloudflare Turnstile — when bot protection is enabled on the sign-in form, the widget loads from challenges.cloudflare.com and performs a privacy-preserving challenge. Cloudflare states that Turnstile does not use cookies or fingerprint visitors for advertising. Privacy policy.
  • Buy Me a Coffee — only if you choose to support us, you leave Readbinder for buymeacoffee.com. Their policy governs that interaction. Privacy policy.

Cover images

When you add a book with a cover image URL, your browser fetches the image directly from whatever host you specified. Those hosts can see your IP address and that someone using your browser viewed an image. We never proxy or store the image ourselves.

Data retention

  • Local data: stays on your device until you clear it. You can wipe it any time from Settings → Clear local data, or via your browser’s site-data settings.
  • Cloud data: kept until you delete your account or ask us to delete it.
  • Backups:cloud data may persist briefly in our database provider’s automated backups (typically a few days to a few weeks, depending on retention policy) before being purged.

Your rights

Depending on where you live, you may have rights to access, correct, export, anonymize, or delete the data we hold about you, and to object to or restrict certain processing. To exercise any of these, email support@readbinder.com. We’ll respond within 30 days (15 days for requests under Brazil’s LGPD).

Brazil (LGPD): Under the Lei Geral de Proteção de Dados (Lei nº 13.709/2018) you have the right to confirmation of processing, access to your data, correction, anonymization or deletion of unnecessary or excessive data, portability, information about who we share data with, and revocation of consent. The data controller is Leonardo Goulart; you can reach the controller at the contact email above.

EU/EEA & UK (GDPR): The legal basis for processing your email and synced library data is the performance of the contract between you and us (Article 6(1)(b)). For server logs used to detect abuse, the basis is our legitimate interest (Article 6(1)(f)). You can lodge a complaint with your local supervisory authority.

California (CCPA/CPRA): We do not sell or share your personal information as those terms are defined under the CCPA, and we do not use it for cross-context behavioral advertising.

Children

Readbinder is not directed at children under 13 (or 16 in the EU/EEA). We do not knowingly collect data from children. If you believe a child has signed up, email us and we’ll delete the account.

Security

We use HTTPS everywhere, scope all server-side records to your user ID via row-level security, and store passwords nowhere (we use passwordless magic-link sign-in). No system is perfectly secure; if you spot something concerning, email us.

Changes to this policy

If we make material changes we’ll update the “last updated” date and, where reasonable, notify signed-in users by email. Continued use of the service after changes means you accept the updated policy.

Contact

Questions or requests: support@readbinder.com.