Privacy Policy
Last updated: February 7, 2026
1. Introduction
Welcome to GetBooks. This Privacy Policy explains how Three Things Media ("we", "us", or "our"), the operator of GetBooks ("the Service"), collects, uses, discloses, and protects your personal information when you use our book discovery and buying platform at getbooks.app.
We are committed to protecting your privacy and handling your data transparently and in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Information We Collect
Account Information
When you create an account, we collect the following information through our authentication provider, Supabase:
- Email address
- Username
- Optional profile information you choose to provide, including display name, avatar, and bio
Usage Data
We automatically collect certain information about how you interact with the Service, including:
- Pages visited and navigation patterns
- Search queries and search history
- Book interactions (views, clicks, and browsing behavior)
Library Data
When you use the Service's library features, we store:
- Saved books and shelf organization
- Reviews and ratings you submit
- Reading goals and progress
Social Data
If you use our social features, we collect data related to:
- Users you follow and followers
- Book clubs and club memberships
- Buddy reads and shared reading activities
- Lists you create or contribute to
3. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and maintain the Service — to operate GetBooks, manage your account, and deliver the features you use
- Personalize your experience — to tailor book recommendations, search results, and content to your interests
- Communicate with you — to send service-related notifications, respond to inquiries, and provide support
- Improve the Service — to analyze usage patterns, diagnose technical issues, and develop new features
- Enforce our terms — to detect and prevent fraud, abuse, or violations of our Terms of Service
4. Third-Party Services
We integrate with the following third-party services to operate GetBooks. Each service has its own privacy policy governing how it handles data:
Book Data Providers
- Google Books API — used to retrieve book metadata, descriptions, and cover images
- Open Library — used to retrieve supplementary book metadata and edition information
- ISBNdb — used for ISBN lookups and book identification
Affiliate Partners
We provide links to purchase books through affiliate programs. When you click these links, we may earn a commission at no additional cost to you:
- Amazon Associates — affiliate links to Amazon for book purchases
- Bookshop.org — affiliate links supporting independent bookstores
- Books-A-Million — affiliate links for book purchases
Infrastructure & Security
- Supabase — provides authentication, database, and file storage services
- Upstash Redis — used for caching and rate limiting to ensure service performance and security
- Cloudflare Turnstile — used for bot protection and preventing automated abuse
- Vercel — hosts and serves the GetBooks application
No External Font Loading
All fonts used on GetBooks (DM Sans and Fraunces) are self-hosted on our own servers. We do not load fonts from Google Fonts or any other external font service, meaning no data is transmitted to third parties for the purpose of rendering typography on our website.
5. Cookies
GetBooks uses cookies to provide essential functionality. Our essential cookies handle authentication sessions, cookie consent preferences, and your theme and language settings. These are strictly necessary and do not require separate consent.
We also offer optional cookie categories — functionality and analytics — which are disabled by default and only activated with your explicit consent. A cookie consent banner is shown on your first visit, and you can manage your preferences at any time via Cookie Settings.
For a full list of cookies and their purposes, please see our Cookies Policy.
6. Data Storage and Security
Your personal data is stored securely using Supabase (PostgreSQL) for persistent data and Upstash Redis for temporary cached data. We implement industry-standard security measures to protect your information, including encryption in transit (TLS/SSL) and secure authentication protocols.
We do not sell, trade, or rent your personal information to third parties. While we take reasonable precautions to protect your data, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.
7. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the following rights regarding your personal data:
- Right of access — you may request a copy of the personal data we hold about you
- Right to rectification — you may request that we correct any inaccurate or incomplete personal data
- Right to erasure — you may request that we delete your personal data, subject to certain legal exceptions
- Right to restrict processing — you may request that we limit how we use your data
- Right to data portability — you may request your data in a structured, commonly used, machine-readable format
- Right to object — you may object to the processing of your personal data in certain circumstances
To exercise any of these rights, please contact us at info@getbooks.app. We will respond to your request within 30 days.
8. California Privacy Rights (CCPA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) regarding your personal information.
Your Rights
- Right to know — you may request that we disclose what personal information we have collected, used, disclosed, or sold about you in the preceding 12 months
- Right to delete — you may request that we delete personal information we have collected from you, subject to certain exceptions
- Right to opt-out of sale — you have the right to opt out of the sale of your personal information. We do not sell your personal information.
- Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights
Categories of Personal Information We Collect
In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:
| Category | Examples |
|---|---|
| A. Identifiers | Email address, username, display name, IP address |
| B. Personal information (Cal. Civ. Code § 1798.80(e)) | Name, email address |
| F. Internet or similar network activity | Browsing history, search queries, book interactions |
| G. Geolocation data | Approximate location derived from IP address |
| K. Inferences | Reading preferences, book recommendations |
Sale of Personal Information
We do not sell, rent, or trade your personal information to third parties. We have not sold personal information in the preceding 12 months. We do not have actual knowledge that we sell the personal information of consumers under 16 years of age.
California "Shine the Light"
Under California Civil Code § 1798.83, California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.
How to Exercise Your Rights
To submit a request under the CCPA, please contact us at info@getbooks.app or through our contact form. We will verify your identity before processing your request and respond within 45 days. You may also designate an authorized agent to make requests on your behalf by providing written authorization.
9. Data Retention
We retain your account data for as long as your account remains active. If you delete your account or request data deletion, we will remove your personal data within 30 days, except where we are required by law to retain it.
Cached data stored in Redis is temporary and automatically expires according to predefined time-to-live settings (ranging from 30 minutes to 24 hours depending on the data type).
10. Children's Privacy
GetBooks is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe that a child under 16 has provided us with personal data, please contact us at info@getbooks.app, and we will take steps to delete such information.
11. International Data Transfers
Your data may be processed and stored on servers located outside the European Economic Area (EEA), including in the United States, through our third-party service providers (such as Vercel, Supabase, and Upstash). Where data is transferred outside the EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your data in accordance with GDPR requirements.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by providing additional notice (such as an in-app notification or email).
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
13. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
- Email: info@getbooks.app
- Contact form: getbooks.app/legal/contact
- Postal address: Three Things Media, Postfach 101015, DE-85010 Ingolstadt, Deutschland