BookSparker

Privacy Policy

Last updated: 2 April 2026

1. Introduction

BookSparker Ltd ("BookSparker," "we," "us," or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website at booksparker.com and all related services (the "Service").

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.

By using BookSparker, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use our Service.

2. Data We Collect

2.1 Information You Provide

  • Account data: Email address, name, password (hashed), account role (author or reader).
  • Profile data: Author/pen names, profile picture, bio, mailing list information.
  • Content data: Books you upload, book metadata (titles, descriptions, categories, cover images), landing page content.
  • Communication data: Messages sent to other users through the platform, swap requests, and support inquiries.
  • Payment data: Billing information is processed and stored by Stripe. We do not store your full credit card number, but we may receive and store your name, email, billing address, and the last four digits of your card from Stripe for record-keeping.

2.2 Information from Social Login

When you sign in with Google or Facebook, we receive:

  • Your email address
  • Your name
  • Your profile picture (if available)
  • A unique identifier from the social platform

We do not receive or store your social media passwords, friends lists, or posts.

2.3 Information Collected Automatically

  • Usage data: Pages visited, features used, clicks, downloads, swap activity, and general platform interactions.
  • Device data: Browser type, operating system, screen resolution, and device type.
  • Log data: IP address, access times, referring URLs, and request data (collected for security and debugging purposes).
  • Cookies: We use essential cookies for authentication and session management. See Section 8 for details.

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

PurposeLegal Basis
Account creation and managementPerformance of contract (Art. 6(1)(b))
Processing payments and subscriptionsPerformance of contract (Art. 6(1)(b))
Delivering books, landing pages, and swapsPerformance of contract (Art. 6(1)(b))
Platform security, fraud prevention, abuse detectionLegitimate interest (Art. 6(1)(f))
Service improvement and analyticsLegitimate interest (Art. 6(1)(f))
Essential service emails (account, security, billing)Performance of contract (Art. 6(1)(b))
Marketing communicationsConsent (Art. 6(1)(a))
Compliance with legal obligationsLegal obligation (Art. 6(1)(c))

4. How We Use Your Data

  • To create, manage, and secure your account.
  • To process subscriptions, payments, and payouts.
  • To enable core platform features: book uploads, reader magnet delivery, landing pages, newsletter swaps, group promotions, paid promotions, and messaging.
  • To connect authors with swap partners and display relevant information (author name, genre, list size) to facilitate swaps.
  • To send transactional emails (account verification, password resets, swap notifications, billing receipts).
  • To detect and prevent fraud, abuse, and terms violations.
  • To improve the Service through aggregated, anonymised analytics.
  • To respond to your support requests.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We share data only in these limited circumstances:

5.1 Service Providers

We use trusted third-party services to operate the platform:

  • Supabase (database and authentication) — stores account and application data.
  • Cloudflare (hosting, CDN, and file storage) — serves the website and stores uploaded files.
  • Stripe (payment processing) — processes subscriptions, paid swaps, and payouts.
  • Resend (transactional email) — sends account and notification emails.
  • Sentry (error monitoring) — captures technical errors for debugging (may include anonymised request data).
  • Upstash (rate limiting) — manages request rate limits for security.

All service providers are bound by data processing agreements and process data only on our instructions.

5.2 Other Users

When you participate in swaps or promotions, certain profile information (author name, genre, mailing list size, book details) is visible to other authors on the platform. Messages you send through the platform are visible to the recipients.

5.3 Legal Requirements

We may disclose your data if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, property, or safety of BookSparker, our users, or the public.

6. International Data Transfers

Some of our service providers process data outside the UK and the European Economic Area (EEA). When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions where the recipient country has been deemed to provide adequate data protection.
  • Data processing agreements with all third-party processors.

7. Data Retention

  • Account data: Retained while your account is active and for up to 30 days after deletion to allow for recovery.
  • Content data: Deleted when you remove content or close your account.
  • Payment records: Retained for up to 7 years as required by tax and financial regulations.
  • Log data: Retained for up to 90 days for security and debugging purposes.
  • Communication data: Retained while your account is active; deleted upon account closure.

8. Cookies

We use only essential cookies that are strictly necessary for the Service to function:

  • Authentication cookies: To maintain your login session.
  • Security cookies: To prevent cross-site request forgery and other attacks.
  • Preference cookies: To remember your settings (e.g., billing cycle preference).

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. Because we only use strictly necessary cookies, consent is not required under the ePrivacy Directive. You can control cookies through your browser settings, but disabling essential cookies may prevent the Service from functioning properly.

9. Your Rights (GDPR)

Under the UK GDPR and EU GDPR, you have the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing (Art. 18): Request that we limit how we use your data.
  • Right to data portability (Art. 20): Request your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interest.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at info@booksparker.com. We will respond within 30 days (or within the timeframe required by applicable law).

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

10. Account and Data Deletion

You can request deletion of your account and all associated personal data by:

  • Using the account deletion feature in Dashboard → Settings (when available).
  • Emailing info@booksparker.com with the subject line "Data Deletion Request" and your account email address.

We will process deletion requests within 30 days and send a confirmation email upon completion. Account deletion is permanent and cannot be undone. Some data may be retained as required by law (e.g., financial records for tax purposes).

11. Children's Privacy

BookSparker is not intended for individuals under 18 years of age. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected personal data from a minor, we will take steps to delete that data promptly. If you believe we have inadvertently collected data from a minor, please contact us immediately.

12. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Secure password hashing (provided by Supabase Auth).
  • Row-level security policies on all database tables.
  • Rate limiting and abuse prevention mechanisms.
  • Virus scanning of all uploaded files.
  • Regular security reviews of our infrastructure and code.
  • Content Security Policy (CSP) headers and other security headers.

While we take security seriously, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:

Data Controller: BookSparker Ltd
Email: info@booksparker.com
Subject: Privacy / Data Protection Inquiry

← Back to Home