Privacy Policy

Last updated: December 16, 2025

Introduction

At ReadAct, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our service. Our fundamental principle is simple: your data belongs to you, and we're committed to keeping it that way.

Information We DO NOT Store Permanently

ReadAct is designed with privacy at its core. Here's what we DON'T store permanently:

  • Your Book Files: EPUB files you upload are processed locally in your browser and never stored on our servers. The original book files remain on your device only.
  • Book Text Content: While book text is sent to AI services for playbook generation, we do not permanently store the full book text on our servers.
  • Reading History: We do not track which specific books you read or maintain a reading history beyond the playbooks you choose to generate.

Information We DO Collect

1. Account Information

When you create an account with ReadAct, we collect:

  • -Email address (for authentication and account recovery)
  • -Account creation date and last login time
  • -Unique user identifier (UUID)

Account creation is required to generate playbooks and access cloud sync features.

2. Playbook and Progress Data

For logged-in users, we store the following in our secure cloud database:

  • -Generated playbooks (action plans created from your books)
  • -Your goals and questions submitted for playbook generation
  • -Quest completion status, answers, and reflections
  • -Book metadata (title, author, but not the book content)
  • -Methodology blueprints extracted from books

This data enables cloud sync across devices and preserves your progress.

3. Payment and Subscription Data

If you purchase credits or subscribe to a plan, we collect:

  • -Credits balance and transaction history
  • -Subscription plan details and status
  • -Purchase dates and amounts

Payment processing is handled by our secure payment provider, Creem. We do not store credit card numbers or sensitive payment information on our servers. Please review Creem's privacy policy for details on how they handle payment data.

4. Anonymous Usage Analytics

We use Google Analytics 4 and Microsoft Clarity to understand how users interact with ReadAct. This includes:

  • -Page views and navigation patterns
  • -Time spent on different pages
  • -Button clicks and feature usage
  • -Device type, browser, and screen size
  • -General geographic location (country/region level)

This analytics data is anonymized and aggregated. We have configured analytics tools to avoid collecting sensitive information.

5. Technical Information

IP addresses may be temporarily collected in server logs for security and performance monitoring. Browser types and timestamps are automatically collected by our hosting provider for technical purposes.

How We Use Information

We use the information we collect for the following purposes:

  • Providing Services: To create and manage your account, generate playbooks, sync your progress across devices, and deliver the core ReadAct experience
  • Payment Processing: To process purchases, manage subscriptions, handle credits, and maintain transaction records
  • Customer Support: To respond to your inquiries and provide technical assistance
  • Service Improvement: To understand which features are most valuable, identify and fix bugs, and enhance the user experience
  • Security and Monitoring: To monitor system performance, prevent fraud, and maintain security

Third-Party AI Services

ReadAct uses third-party artificial intelligence services to analyze book content and generate your personalized roadmaps. When you generate a playbook, the text content extracted from your book and your goal/question are sent to these AI services for analysis and processing.

Important: While your original EPUB file never leaves your device, the extracted text is transmitted to our servers and then to third-party AI providers to enable playbook generation.

According to their respective policies, these AI services do not use data submitted via API to train their models. However, we do not control the data practices of these third-party providers.

⚠️ Disclaimer: ReadAct is powered by third-party AI services. ReadAct is not affiliated with, endorsed by, or sponsored by any AI model creators or providers. We use these services solely to deliver our core functionality. For information about how these third-party AI providers handle data, please review their respective privacy policies.

Third-Party Service Providers

In addition to AI services, we work with the following third-party service providers:

Supabase (Database and Authentication)

We use Supabase to provide secure database storage and user authentication services. Your account data, playbooks, and progress are stored on Supabase infrastructure. Review theirprivacy policy.

Creem (Payment Processing)

All payment processing is handled by Creem, our secure payment provider. When you make a purchase, your payment information is sent directly to Creem and is not stored on our servers. We receive only transaction confirmation and subscription status updates. Review theirprivacy policy.

Vercel (Hosting)

Our website is hosted on Vercel's infrastructure. Vercel may collect technical information such as IP addresses and access logs for hosting and performance purposes. Review theirprivacy policy.

Data Storage and Security

Cloud Storage (Logged-in Users)

For logged-in users, we use Supabase, a secure cloud database provider, to store:

  • -Account information and authentication data
  • -Generated playbooks and progress data
  • -Credits balance and subscription information
  • -Transaction history

This cloud storage enables you to access your playbooks from any device and protects your data from being lost if you clear your browser cache. Your data is encrypted in transit and at rest.

Local Storage (Browser Cache)

We also use your browser's localStorage as a local cache to improve performance. This includes temporary copies of your playbooks and the original EPUB files you upload. These files remain on your device and can be cleared at any time through your browser settings.

Security Measures

  • Encryption: All data transmission uses HTTPS/TLS encryption
  • Authentication: Secure authentication provided by Supabase Auth
  • Access Control: Row-level security policies ensure users can only access their own data
  • Infrastructure: Our database and hosting infrastructure follow industry best practices for security

Data Retention

We retain your account data and playbooks for as long as your account is active. If you delete your account, all associated data will be permanently removed from our servers within 30 days, except for transaction records which we may be required to retain for legal or tax purposes.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies for:

  • Essential Cookies: Required for the website to function properly
  • Analytics Cookies: Google Analytics and Microsoft Clarity cookies to understand usage patterns

You can disable cookies through your browser settings, though this may affect website functionality.

Your Rights and Control

You have the following rights regarding your data:

  • Access: You can view and access all your playbooks, progress data, and account information through your ReadAct account dashboard.
  • Export: You can export your playbook progress as Markdown files at any time using ReadAct's built-in export features.
  • Delete Individual Playbooks: You can delete specific playbooks from your account at any time. This will permanently remove the playbook and all associated progress data.
  • Delete Account: You can request account deletion by contacting us atprivacy@readact.app. Upon deletion, all your personal data, playbooks, and progress will be permanently removed within 30 days.
  • Opt-out of Analytics: You can disable cookies through your browser settings to opt out of analytics tracking, though this may affect website functionality.

To exercise any of these rights, please contact us atprivacy@readact.app. We will respond to your request within 30 days.

Children's Privacy

ReadAct is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. Since we don't collect personal information in general, this risk is minimal.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

privacy@readact.app