Effective Date: October 24, 2025
BookLeaf ("I," "the app," or "developer") is committed to protecting your privacy. This Privacy Policy explains how I collect, use, and safeguard your information when you use the BookLeaf mobile application ("App").
Information We Collect
Data Not Associated with Users
I collect the following types of data that are not linked to your personal identity:
OCR Usage Data
- Purpose: Track app usage limits and manage free and premium plan restrictions
- Data Collected: Monthly usage counts of OCR engines (ML Kit, Google Vision API)
- Usage: Stored and managed locally on your device to monitor usage against plan limits and ensure fair service use
Diagnostic and Performance Data (Firebase Analytics + Crashlytics)
- Purpose: Improve app quality, ensure stability, enhance performance, and analyze user experience
- Data Collected:
- App crash logs and error reports (stack traces, runtime errors)
- Device model, OS version, and app version information
- App usage statistics (feature usage frequency, session duration, screen transitions)
- Approximate location (country level, estimated from IP address)
- Anonymized user identifiers
- Processing Method: Processed on Google servers via Firebase Analytics and Firebase Crashlytics
- Usage: Helps identify and fix bugs, improve stability, optimize for diverse devices, and enhance user experience
- Retention: Follows Firebase's standard retention periods (Analytics: 14 months, Crashlytics: 90 days)
Data Associated with Users
Contact Form
- Purpose: Provide support and respond to inquiries
- Data Collected: Email address, message content, optional details (language, app version, platform, device info)
- Notes: Sent via Cloudflare; the originating IP address is temporarily stored for up to one hour for rate limiting
Local Data Storage
BookLeaf stores the following data locally on your device:
- Captured book images and OCR-extracted text
- Notes and tags you create
- Reading logs and book information
- App settings and user preferences
This data is not transmitted outside your device (except for an optional cloud backup feature).
External Services
Google ML Kit (On-Device Processing)
- Used to extract text from images
- Processing: All processing occurs on your device; images and extracted text are never sent to Google servers
Google Cloud Vision API (Premium Feature)
- Availability: Premium users only, up to 1,000 requests per month
- Processing: Images are sent to Google servers for higher-accuracy OCR
- Retention: Managed by Google according to its Privacy Policy
Firebase Analytics (App Analytics)
- Purpose: Analyze app usage and improve user experience
- Data Collected: Anonymized usage statistics, feature usage patterns, approximate location
- Processing: Handled on Google servers and subject to Google’s Privacy Policy
- Legal Basis: Legitimate interest (app improvement)
Firebase Crashlytics (Crash Reporting)
- Purpose: Improve stability and resolve bugs quickly
- Data Collected: Crash logs, error details, device information
- Processing: Handled on Google servers with a 90-day retention period
- Legal Basis: Legitimate interest (service stability)
RevenueCat (Subscription Management)
- Used to manage premium plan purchases and subscriptions
- Handles purchase information only; app usage data is not included
Cloudflare Workers (Inquiry Processing)
- Purpose: Receive contact form submissions and manage rate limiting
- Processing: Email address, message, optional details, and source IP address are handled on Cloudflare Workers
- Retention: Source IP addresses for rate limiting are stored in Cloudflare KV for up to one hour
Resend (Email Delivery Service)
- Purpose: Forward inquiries to the developer’s email address ([email protected])
- Processing: Sends the email address, message, and optional details via the Resend API
- Retention: Processed in the United States under Resend’s policies and stored in the developer’s mailbox
Legal Basis
In line with the EU General Data Protection Regulation (GDPR), I process data on the following bases:
- Contract Performance: Providing the app service (Art. 6(1)(b) GDPR)
- Legitimate Interest: Improving the app, ensuring security, and resolving technical issues (Art. 6(1)(f) GDPR)
- Legal Obligation: Complying with legal requirements (Art. 6(1)(c) GDPR)
How We Use Information
Collected data is used for the following purposes:
- Service Delivery: Manage OCR limits and provide plan-specific features
- Quality Improvement: Identify and resolve technical issues, crashes, and performance problems
- App Enhancement: Improve user experience and optimize features
- Analytics: Analyze anonymized app usage statistics
- Compliance: Meet App Store requirements and industry standards
- Support: Respond to inquiries and follow up when needed
Data Storage and Security
- All local data is protected by standard iOS/Android security features
- Industry-standard encryption is used when communicating with external services
- Appropriate technical and organizational measures protect your information
- Data is retained only for as long as necessary for the purposes described
- Inquiry data is securely managed in the developer’s mailbox and deleted when no longer needed
- IP addresses stored for rate limiting are automatically deleted within one hour
International Transfers
Your data may be transferred outside the European Economic Area (EEA) in the following cases:
- Google Firebase: Processed on Google servers in the United States under appropriate safeguards
- RevenueCat: Subscription management in the United States
- Cloudflare Workers / Resend: Inquiry data processed on U.S. infrastructure and forwarded to the developer’s email
- Legal Basis: EU–U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs)
Your Rights (GDPR)
You have the following rights:
Fundamental Rights
- Access: Request details about data collected about you
- Erasure (Right to be Forgotten): Request deletion of personal data
- Portability: Request data in a structured, commonly used format
- Restriction: Request limitations on data processing in specific situations
- Objection: Object to processing based on legitimate interest
How to Exercise Your Rights
- Local Data: Deleted when you uninstall the app
- Firebase Data: Request deletion via in-app settings or by contacting me
- Inquiry Data: Send a deletion request by email or in-app form; related data on the developer’s mailbox and Resend will be removed
- Response Time: Requests are handled within 30 days
Privacy Authorities
Users in Nordic countries may lodge complaints with their national data protection authority:
- Sweden: Integritetsskyddsmyndigheten (IMY)
- Norway: Datatilsynet
- Denmark: Datatilsynet
- Finland: Tietosuojavaltuutetun toimisto
Offline Functionality
BookLeaf is designed to function primarily offline, so you can:
- Capture images and run OCR with ML Kit
- Create, edit, and search notes
- Manage reading logs
Children's Privacy
My app does not knowingly collect personal information from children under 13. If I learn that data from a child under 13 has been collected, I will take steps to delete it.
Privacy Policy Changes
I may update this Privacy Policy from time to time. Significant changes will be communicated by updating the “Effective Date” and, when necessary, through in-app notifications.
Contact
If you have any questions about this Privacy Policy, please contact:
Email: [email protected]
In-App Form: Messages sent through the contact form are forwarded by email for support
App: BookLeaf
Developer: akifumi