Booklane Privacy Policy

Document version: v1.2
Effective date: 2026-05-07
Last updated: 2026-05-07

This Privacy Policy applies to users outside Mainland China who use the Booklane mobile app (iOS). We respect and protect your privacy and personal data rights.

For users in Mainland China, please refer to the Chinese privacy policy.

0. Controller Information

1. Scope

This policy covers data processing activities when you use the Booklane mobile app, including:

  • Local reading data management (SQLite)
  • Optional iCloud (CloudKit) sync
  • In-App Purchase (IAP) related workflows

Certain features rely on third-party services (such as Apple iCloud and App Store). These services are governed by their own privacy policies, and we encourage you to review them.

2. Categories of Data We Process

We do not actively collect personal information that directly identifies you, except as necessary to provide app functionality (such as purchase verification through Apple). However, if you choose to upload an avatar image, that image may contain information that can identify you, and we process it only as described in this policy, locally on your device or in your private iCloud storage when sync is enabled.

Based on current product features, we may process the following data:

2.1 Data you provide or generate in use

  • Book data: title, author, publisher, ISBN, reading status
  • Reading session data: start/end time, re-read count, reading duration
  • Tags and categorization data
  • Ratings and review notes
  • In-app preferences (e.g., theme, language, feature toggles)
  • Images you upload (since v1.2): user avatar, book covers. See "Image processing notes" below.

2.2 Basic device/app information (for app operation and display)

  • App version, build number, app name, Bundle ID
  • Network connectivity state (used for sync status decisions and UI hints)

2.3 Transaction and purchase-related data

  • Pro entitlement status and data required for purchase verification (processed through Apple IAP)

2.4 Optional cloud sync (via Apple iCloud / CloudKit)

  • Your reading data is synced to your private iCloud database via CloudKit
  • Sync status, last sync timestamp, and incremental sync metadata

2.5 Image processing notes (since v1.2)

  • Source: Images are read from your device's photo library or camera, only after you explicitly tap "Add/Change Avatar" or "Add/Change Cover".
  • Local processing: Selected images are cropped and compressed (capped at 200KB) on-device, then saved to the app's private directory.
  • Sync storage: If you have enabled iCloud, images are synced only to your personal iCloud private database. When iCloud is disabled, images are stored only on this device.
  • What we do not do: We do not upload your images to our servers, access your iCloud private database, or use your images for training, analytics, advertising, or any additional purpose. We do not perform face recognition, OCR, or any biometric/content recognition processing.
  • Deletion: You may remove avatars and covers in the app at any time. Local files will be cleaned up; if iCloud sync is enabled, related CloudKit assets may be cleaned up by Apple after the record no longer references them, subject to Apple's service-side processing schedule.
  • Permissions: Photo library or camera access requires your explicit consent. You may revoke either permission in system settings at any time without affecting other features.

3. How We Use Data

We use data only for the following purposes:

  • Deliver core reading management features (add, edit, archive, statistics)
  • Provide cross-device sync (when enabled by you)
  • Enable Pro purchase and restore purchase
  • Improve reliability and usability (e.g., sync UI adjustments by network state)
  • Comply with legal obligations and handle disputes

4. What We Do Not Do

  • No in-app ad tracking
  • No sale of your reading data to third parties
  • No cross-app behavioral profiling for advertising based on your reading data

5. Storage and Retention

  • Local data is stored on your device, including SQLite databases and the app's private file directory (for example, avatar and book-cover cache files)
  • If iCloud sync is enabled, synced data is stored in your private iCloud space
  • You can delete data within the app; uninstalling the app causes iOS to automatically clear local app data. Data previously synced to iCloud must be managed through your iCloud settings
  • Minimum records required for payment entitlement checks and dispute handling are retained only for legal obligations or dispute resolution, then deleted or anonymized

6. Sharing and Third Parties

To provide required functionality, data interactions may occur with:

  • Apple CloudKit (private iCloud data sync)
  • Apple App Store / StoreKit (in-app purchase and restore purchase)

Such sharing is limited to what is necessary for those functions.

7. International Data Transfers

If iCloud sync is enabled, data may be processed or stored in regions determined by Apple’s service architecture. Such processing is handled under Apple’s terms and privacy policy.

For this transfer scenario, recipients and processing details are:

  • Recipient: Apple Inc. and affiliated service entities (CloudKit/iCloud)
  • Purpose: cross-device sync and data recovery features
  • Method: encrypted transmission and cloud storage-based synchronization
  • Data categories: reading data entered in the app, avatar and book-cover images you choose to upload, and required sync metadata

You can stop future sync processing by turning off iCloud sync. Previously synced iCloud data can be managed through your Apple account and iCloud settings.

8. Compliance by Region and Your Rights (Outside Mainland China)

8.1 EEA/UK (GDPR/UK GDPR)

You may have the right to:

  • Access
  • Rectification
  • Erasure
  • Restriction of processing
  • Data portability
  • Objection
  • Withdraw consent
  • Lodge a complaint with a supervisory authority

Legal bases may include:

  • Contract performance (core app services)
  • Legitimate interests (security and stable operation)
  • Consent (optional features)
  • Legal obligations

Data subject request process:

  • You can submit privacy requests via the contact methods in Section 12
  • We will process requests within a reasonable timeframe based on complexity and data scope

8.2 California, United States (CCPA/CPRA)

California residents may have the right to:

  • Know categories of personal information collected/used/disclosed
  • Request deletion
  • Request correction
  • Limit use of sensitive personal information (if applicable)
  • Opt out of sale/share of personal information
  • Non-discrimination

Statement: We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

8.3 Other Jurisdictions

We will comply with applicable local laws regarding notice, consent, data subject requests, and data security.

9. Children’s Privacy

The app is intended for a general audience and is not specifically directed to children. If you are a minor, please use the app under guardian guidance. If we identify unauthorized collection from minors, we will handle it in accordance with applicable law.

Minors or their guardians who wish to exercise data rights (such as access, correction, or deletion) may submit requests via the contact methods in Section 12. If a guardian acts on behalf of a minor, please provide proof of guardianship.

10. Data Security

We use reasonable technical and organizational safeguards, including local storage isolation, data minimization, and sync-related security controls. No method is absolutely secure.

11. Policy Updates

We may update this policy when product features or legal requirements change. If a change materially affects your rights, we will provide notice through in-app messaging or other reasonable means.

12. Contact Us

For privacy requests, rights exercise, or complaints, contact: