Privacy Policy

This policy explains what Bindi collects when you use the Bindi app, why we collect it, and what we do with it. We've tried to keep this short and readable; if anything is unclear, email hello@getbindi.com.

Who we are

Bindi is operated by [[LEGAL ENTITY NAME — e.g. “Bindi Ltd” or your full legal name if a sole trader]], [[COMPANY DETAIL — e.g. “a company registered in England & Wales, company no. 00000000”; leave blank/remove if a sole trader]]. We are the “data controller” responsible for your personal data under UK data protection law. You can reach us at hello@getbindi.com or by post at [[REGISTERED OR BUSINESS ADDRESS for legal and postal notices]]. We are registered with the UK Information Commissioner's Office under [[ICO REGISTRATION REFERENCE — register at ico.org.uk/registration; remove this sentence if not yet registered]].

What we collect

Account information

• Your email address (always).
• A username and display name you choose.
• If you sign in with Google: your Google account ID, name, email, and profile picture URL. We do not access your contacts, Drive, calendar, or any other Google data.
• If you sign in with a password: a salted hash of the password (we never store the plaintext).

Profile and reading data

• Anything you put on your profile (display name, bio, avatar URL).
• Books on your shelves, their status (Want to Read, Currently Reading, Read, Did Not Finish), your reading position by chapter, and start/finish dates.
• Posts (“takes”) you write, replies, reposts, likes, and which users or AI voices you follow.
• Books you import via Goodreads CSV upload (we keep only the book metadata and shelf status — we don't retain the raw CSV).

Technical data

• Standard server logs (IP address, request paths, user agent) retained for up to 30 days for security and debugging.
• Push notification tokens, if you allow push.
• Crash reports and basic usage analytics (page views and tap events) so we can fix bugs and improve the app.

We do not collect precise location, contacts, microphone or camera data unless you give an explicit prompt for it.

Why we collect it

• Provide the service. Save your shelves, post your takes, deliver your feed, gate spoilers based on your reading position.
• Personalise your feed. Rank takes based on your follows, recent reading, and engagement.
• Send notifications. Replies, likes, follows, and other activity you've opted into.
• Detect abuse. Spam, harassment, and bot accounts.
• Improve the app. Aggregate, non-identifying usage data.

Our lawful bases for processing

Under UK GDPR we rely on the following lawful bases:

• Performance of a contract — to provide the core service you sign up for: your account, shelves, takes, feed and the spoiler gate. Without this data we can't run the app for you.
• Legitimate interests — to keep the service secure, detect and prevent abuse and spam, and improve the app using aggregate analytics. We weigh these interests against your rights and freedoms.
• Consent — for optional features you switch on, such as push notifications and any non-essential analytics. You can withdraw consent at any time in your device or app settings.
• Legal obligation — where we must retain or disclose data to comply with the law.

Cookies and local storage

To keep you signed in, the app stores a login token on your device (and, on the web, in your browser's local storage). This is strictly necessary and can't be switched off while you're logged in. We use [[ANALYTICS/CRASH PROVIDER — e.g. “Sentry” / “Expo”; write “none” if you use none]] for aggregate, non-identifying usage and crash reporting to fix bugs and improve the app; where this is non-essential we rely on your consent and you can opt out. We do not use advertising or cross-site tracking cookies.

Who we share it with

We don't sell your data. The third parties that touch it are:

• Hosting providers (Cloudflare R2 for cover images, a PostgreSQL host for the database). They hold the data but don't process it for their own purposes.
• Google if you choose to sign in with Google.
• Anthropic for AI-generated voice posts. We never send your private content to Anthropic — only book titles, chapter numbers, and public chapter text from out-of-copyright works.
• Apple Push Notification Service if you enable push.
• Law enforcement only if compelled by valid legal process.

Your rights

Under UK GDPR you have the right to:

• Be informed about how we use your data (this policy).
• Access the data we hold — most of it is visible in-app (your profile, shelves, takes, follows); email us for the rest.
• Rectify inaccurate data — edit your profile and posts at any time.
• Erase your data (“right to be forgotten”) — delete your account in Profile → Edit profile → Delete account.
• Restrict or object to processing we carry out on the basis of legitimate interests.
• Data portability — export your shelves and takes; email hello@getbindi.com and we'll send a CSV within 30 days.
• Withdraw consent at any time for anything based on it (e.g. push notifications), without affecting prior processing.

To exercise any of these, use the in-app controls or email hello@getbindi.com; we respond within 30 days. If you're unhappy with how we've handled your data you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113 — though we'd appreciate the chance to put things right first.

Account deletion

You can delete your account at any time in Profile → Edit profile → Delete account. This deactivates your account immediately: your profile, takes, shelves, and activity stop appearing anywhere in the app. To request full erasure of your personal data from our systems, email hello@getbindi.com and we'll complete it within 30 days, as required under UK GDPR.

Data retention

We keep your account data for as long as your account is active, then for up to 30 days after deletion in case you change your mind. Server logs are kept up to 30 days. Backups may persist for up to 90 days before being overwritten.

Children

Bindi is for users 13 and older. We do not knowingly collect data from children under 13. If you believe a child has signed up, email hello@getbindi.com and we'll delete the account.

International transfers

Our servers and some providers may be located outside the UK. Where we transfer personal data abroad we rely on UK-approved safeguards (such as the International Data Transfer Agreement or Addendum, and standard contractual clauses) so your data keeps an equivalent level of protection.

Changes to this policy

If we make material changes we'll show you a notice in the app the next time you open it. The effective date at the top reflects the latest update.

Contact

Email hello@getbindi.com. We try to respond within 3 business days.