Privacy Policy
⚠️ DRAFT TEMPLATE — NOT LEGAL ADVICE. Have a qualified attorney review and adapt before publishing. Fill all
[PLACEHOLDERS]. If you serve EU/UK/California users, confirm GDPR/UK-GDPR/CCPA specifics with counsel.
Effective date: [EFFECTIVE DATE]
This Privacy Policy explains how [COMPANY] ("we", "us") collects, uses, and shares information when you use [PRODUCT NAME] (the "Service").
1. Information we collect
- Email address — to verify you (one-time code), deliver your audiobook, and let you access past purchases.
- Uploaded files — the EPUB you submit, processed to generate your audiobook.
- Generated audiobooks — the
.m4boutput and related processing metadata (e.g., chapter list, character counts). - Purchase information — transaction records and your customer ID from our payment processor (Stripe). We do not store full card details; Stripe handles payment data.
- Usage & diagnostics — analytics events (e.g., pages viewed, steps completed), error reports, and technical data such as IP address, browser/device, and timestamps.
2. How we use information
- To provide the Service (verify your email, generate and deliver audiobooks, enable re-downloads).
- To process payments and prevent fraud and abuse.
- To provide support and communicate about your purchases.
- To monitor, secure, debug, and improve the Service.
- To comply with legal obligations.
3. Legal bases (where applicable, e.g., GDPR)
We process personal data to perform our contract with you (deliver the Service), for our legitimate interests (security, fraud prevention, product improvement), to comply with law, and with your consent where required (e.g., certain analytics).
4. Service providers / sub-processors
We share information with vendors who process it on our behalf, under contract, only to provide the Service:
| Provider | Purpose |
|---|---|
| Stripe | Payments |
| Cloudflare R2 | File storage (uploads & audiobooks) |
| Neon | Database (accounts, orders) |
| Fly.io | Application hosting & compute |
| Resend | Transactional email |
| Upstash (QStash) | Job scheduling |
| PostHog | Product analytics |
| Sentry | Error monitoring |
| ElevenLabs / Inworld | Text-to-speech generation |
We do not sell your personal information.
5. Data retention
- Uploaded EPUB: deleted shortly after your audiobook is generated.
- Generated audiobook: retained so you can re-download it; you may request deletion (Section 7).
- Email & purchase records: retained while your access is active and as required for accounting, tax, and legal purposes.
- Analytics & logs: retained for a limited period per the provider's defaults.
6. Cookies & similar technologies
We use a session cookie to keep you signed in after email verification, and analytics technologies to understand usage. You can control cookies via your browser; disabling the session cookie will prevent access to your library.
7. Your rights
Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object or withdraw consent. To exercise these, email [PRIVACY EMAIL]; we will respond as required by law. You may also request deletion of your account data and stored audiobooks.
8. Security
We use reasonable technical and organizational measures (e.g., encryption in transit, access controls, scoped credentials). No method of transmission or storage is perfectly secure.
9. International transfers
Your information may be processed in countries other than yours. Where required, we rely on appropriate safeguards for such transfers.
10. Children
The Service is not directed to children and is intended for users 18+. We do not knowingly collect data from children.
11. Changes
We may update this Policy; material changes will be posted with a new effective date.
12. Contact
Privacy questions or requests: [PRIVACY EMAIL].