Privacy Policy

Effective Date: October 19, 2025
Last Updated: October 19, 2025

1. Introduction

Welcome to Book01 (the "Service"), an AI-powered book inventory management platform operated by fruitful.link ("we," "us," or "our"). We are committed to protecting your privacy and personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (PDA).

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

Contact Information

Legal Entity: fruitful.link
Application: book01
Address: Nordåssløyfa 46B, 1251 Oslo, Norway
Email: paal.book01@gmail.com

2. Data We Collect

2.1 User Registration Data

When you create an account, we collect:

Email address (required) - Used for authentication and communication
Display name (optional) - For personalization
Bookstore name (optional) - To identify your business
Preferred language - For localization (English or Norwegian)
Avatar URL (optional) - For profile customization

2.2 Payment and Transaction Data

For payment processing, we collect:

Stripe customer ID - To process credit purchases through our payment processor
Transaction records - Including credit purchases, usage, bonuses, and refunds with timestamps and amounts

2.3 Book Upload Data

When you upload book cover images for processing, we collect:

Book cover images - Temporarily stored for AI processing
Extracted metadata - Title, author, language, visible text from book covers
Enriched metadata - Summary, identifiers (ISBN), categories from external APIs

2.4 Usage and Analytics Data

We collect limited usage data through:

Vercel Analytics - Privacy-focused, cookieless analytics for basic usage metrics
Log data - Error logs, access logs for security and debugging purposes

3. How We Use Your Data

3.1 Service Provision

Authentication and account management - To provide secure access to your account
AI processing - To extract metadata from book cover images using Google Gemini Flash
Book enrichment - To enhance book metadata using Google Books API
CSV export generation - To create e-commerce-ready data for Shopify/WooCommerce
Credit management - To track your credit balance and usage

3.2 Communication

Service communications - Important updates, security alerts, and account notifications
Support - To respond to your inquiries and provide assistance

3.3 Legal Basis for Processing

We process your personal data under the following legal bases:

Contract performance (GDPR Art. 6(1)(b)) - To provide the Service you've signed up for
Legitimate interests (GDPR Art. 6(1)(f)) - For security, fraud prevention, and service improvement
Consent (GDPR Art. 6(1)(a)) - Where explicitly obtained for specific purposes

4. Third-Party Services and Data Sharing

4.1 Essential Service Providers

Supabase (Database and Authentication)
- Location: Frankfurt, Germany
- Purpose: Database hosting, user authentication, file storage
- Data shared: All user data, book data, transaction records
- Privacy policy: https://supabase.com/privacy
Vercel (Hosting and Serverless Functions)
- Locations: Frankfurt (Germany), Washington DC (USA), Singapore
- Purpose: Application hosting, serverless function execution
- Data shared: Request/response data, temporary processing data
- Privacy policy: https://vercel.com/legal/privacy-policy
Google Gemini Flash (AI Processing)
- Purpose: Book cover image analysis and metadata extraction
- Data shared: Book cover images (temporarily)
- Note: Google's AI services policies apply. Please verify Google's current data usage policy at https://cloud.google.com/terms
Google Books API (Book Enrichment)
- Purpose: Retrieve additional book metadata and summaries
- Data shared: Book identifiers (ISBN, title, author)
- Privacy policy: https://policies.google.com/privacy
Stripe (Payment Processing)
- Purpose: Process credit purchases securely
- Data shared: Payment information (handled directly by Stripe)
- Privacy policy: https://stripe.com/privacy
AWS (Image Hosting)
- Instance: t4g.nano
- Purpose: Temporary image hosting for book covers
- Data shared: Book cover images
- Privacy policy: https://aws.amazon.com/privacy/

4.2 Analytics

Vercel Analytics
- Purpose: Basic usage analytics (page views, visitor metrics)
- Privacy: Cookieless, privacy-focused analytics
- No personal data tracking or user profiling

4.3 No Third-Party Marketing

We do not share your personal data with third parties for marketing purposes.

5. Data Storage and International Transfers

5.1 Primary Data Storage

Primary location: Frankfurt, Germany (Supabase)
Serverless functions: Frankfurt, Washington DC, Singapore (Vercel)

5.2 International Transfers

Data may be transferred to and processed in countries outside the EU/EEA (e.g., United States, Singapore) where our service providers operate. We ensure adequate protection through:

Standard Contractual Clauses (SCCs) - EU-approved data transfer mechanisms
Adequacy decisions - Where the European Commission has recognized adequate data protection
Privacy Shield successor frameworks - Where applicable

6. Data Retention

6.1 Retention Periods

User accounts: Indefinite (until account deletion requested)
Books and batches: 30 days (automatic deletion via expires_at timestamp)
Transaction and payment records: 1 year (for accounting and dispute resolution)
Email communications: 1 year
Log data: 90 days

6.2 30-Day Data Retention for Books and Batches

To minimize data storage and enhance privacy, all uploaded books and batch data are automatically deleted 30 days after creation. This includes:

Book cover images
Extracted and enriched metadata
Batch processing records

Important: Please export your book data (CSV format) before the 30-day period if you need to retain it permanently. Once deleted, this data cannot be recovered.

Exceptions: Data may be retained longer if:

Legal obligations require retention
Active disputes or investigations are ongoing
You have exported the data (CSV exports are not affected by the 30-day deletion)

6.3 Data Deletion

You can request immediate deletion of your data at any time by:

Navigating to Dashboard → Settings → Account and selecting "Delete Account"
Emailing us at paal.book01@gmail.com

Account deletion will permanently remove:

Your user account and profile information
All remaining books and batches (if within 30-day period)
Transaction history (subject to legal retention requirements)

7. Your Rights Under GDPR

As an EU/EEA resident, you have the following rights:

7.1 Right to Access (Art. 15)

You have the right to request a copy of your personal data we hold.

7.2 Right to Rectification (Art. 16)

You can correct inaccurate or incomplete personal data through your account settings or by contacting us.

7.3 Right to Erasure / "Right to be Forgotten" (Art. 17)

You can request deletion of your personal data, subject to legal retention obligations.

7.4 Right to Data Portability (Art. 20)

You can export your book data in CSV format directly from the Service. For other data, contact us.

7.5 Right to Object (Art. 21)

You can object to processing based on legitimate interests.

7.6 Right to Restrict Processing (Art. 18)

You can request temporary restriction of data processing.

7.7 Right to Withdraw Consent (Art. 7(3))

Where processing is based on consent, you can withdraw it at any time.

7.8 Right to Lodge a Complaint

You can file a complaint with your local data protection authority:

Norway: Datatilsynet - https://www.datatilsynet.no
EU/EEA: Find your authority at https://edpb.europa.eu

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption in transit: TLS/SSL for all data transmission
Encryption at rest: Database encryption for stored data
Access controls: Role-based access and authentication
Regular security updates: Timely patching and security monitoring
Secure payment processing: PCI-DSS compliant payment processor (Stripe)

8.1 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the supervisory authority within 72 hours (GDPR Art. 33)
Notify affected users without undue delay (GDPR Art. 34)
Provide information about the nature of the breach and remedial measures

9. Cookies and Tracking

For detailed information about cookies and tracking technologies, please see our Cookie Policy.

Essential Cookies

We use essential cookies for:

Authentication - Session management and login
Language preference - Remembering your language choice
Security - CSRF protection and secure sessions

10. Children's Privacy

Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

Update the "Last Updated" date at the top of this policy
Notify you of material changes via email or prominent notice in the Service
Obtain your consent where required by law

Your continued use of the Service after changes indicates acceptance of the updated policy.

12. Contact Us

For privacy-related questions, data access requests, or to exercise your rights, please contact us:

Email: paal.book01@gmail.com
Address: Nordåssløyfa 46B, 1251 Oslo, Norway
Data Protection Officer: paal.book01@gmail.com

13. Governing Law

This Privacy Policy is governed by Norwegian law and the EU General Data Protection Regulation (GDPR).

Language Notice: This Privacy Policy is available in English and Norwegian. For international users, the English version is the primary reference. For Norwegian users, the Norwegian version takes precedence in case of conflicts. We maintain both versions with equal care.

Privacy Policy

Effective Date: October 19, 2025
Last Updated: October 19, 2025

1. Introduction

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

Contact Information

Legal Entity: fruitful.link
Application: book01
Address: Nordåssløyfa 46B, 1251 Oslo, Norway
Email: paal.book01@gmail.com

2. Data We Collect

2.1 User Registration Data

When you create an account, we collect:

Email address (required) - Used for authentication and communication
Display name (optional) - For personalization
Bookstore name (optional) - To identify your business
Preferred language - For localization (English or Norwegian)
Avatar URL (optional) - For profile customization

2.2 Payment and Transaction Data

For payment processing, we collect:

Stripe customer ID - To process credit purchases through our payment processor
Transaction records - Including credit purchases, usage, bonuses, and refunds with timestamps and amounts

2.3 Book Upload Data

When you upload book cover images for processing, we collect:

Book cover images - Temporarily stored for AI processing
Extracted metadata - Title, author, language, visible text from book covers
Enriched metadata - Summary, identifiers (ISBN), categories from external APIs

2.4 Usage and Analytics Data

We collect limited usage data through:

Vercel Analytics - Privacy-focused, cookieless analytics for basic usage metrics
Log data - Error logs, access logs for security and debugging purposes

3. How We Use Your Data

3.1 Service Provision

Authentication and account management - To provide secure access to your account
AI processing - To extract metadata from book cover images using Google Gemini Flash
Book enrichment - To enhance book metadata using Google Books API
CSV export generation - To create e-commerce-ready data for Shopify/WooCommerce
Credit management - To track your credit balance and usage

3.2 Communication

Service communications - Important updates, security alerts, and account notifications
Support - To respond to your inquiries and provide assistance

3.3 Legal Basis for Processing

We process your personal data under the following legal bases:

Contract performance (GDPR Art. 6(1)(b)) - To provide the Service you've signed up for
Legitimate interests (GDPR Art. 6(1)(f)) - For security, fraud prevention, and service improvement
Consent (GDPR Art. 6(1)(a)) - Where explicitly obtained for specific purposes

4. Third-Party Services and Data Sharing

4.1 Essential Service Providers

Supabase (Database and Authentication)
- Location: Frankfurt, Germany
- Purpose: Database hosting, user authentication, file storage
- Data shared: All user data, book data, transaction records
- Privacy policy: https://supabase.com/privacy
Vercel (Hosting and Serverless Functions)
- Locations: Frankfurt (Germany), Washington DC (USA), Singapore
- Purpose: Application hosting, serverless function execution
- Data shared: Request/response data, temporary processing data
- Privacy policy: https://vercel.com/legal/privacy-policy
Google Gemini Flash (AI Processing)
- Purpose: Book cover image analysis and metadata extraction
- Data shared: Book cover images (temporarily)
- Note: Google's AI services policies apply. Please verify Google's current data usage policy at https://cloud.google.com/terms
Google Books API (Book Enrichment)
- Purpose: Retrieve additional book metadata and summaries
- Data shared: Book identifiers (ISBN, title, author)
- Privacy policy: https://policies.google.com/privacy
Stripe (Payment Processing)
- Purpose: Process credit purchases securely
- Data shared: Payment information (handled directly by Stripe)
- Privacy policy: https://stripe.com/privacy
AWS (Image Hosting)
- Instance: t4g.nano
- Purpose: Temporary image hosting for book covers
- Data shared: Book cover images
- Privacy policy: https://aws.amazon.com/privacy/

4.2 Analytics

Vercel Analytics
- Purpose: Basic usage analytics (page views, visitor metrics)
- Privacy: Cookieless, privacy-focused analytics
- No personal data tracking or user profiling

4.3 No Third-Party Marketing

We do not share your personal data with third parties for marketing purposes.

5. Data Storage and International Transfers

5.1 Primary Data Storage

Primary location: Frankfurt, Germany (Supabase)
Serverless functions: Frankfurt, Washington DC, Singapore (Vercel)

5.2 International Transfers

Data may be transferred to and processed in countries outside the EU/EEA (e.g., United States, Singapore) where our service providers operate. We ensure adequate protection through:

Standard Contractual Clauses (SCCs) - EU-approved data transfer mechanisms
Adequacy decisions - Where the European Commission has recognized adequate data protection
Privacy Shield successor frameworks - Where applicable

6. Data Retention

6.1 Retention Periods

User accounts: Indefinite (until account deletion requested)
Books and batches: 30 days (automatic deletion via expires_at timestamp)
Transaction and payment records: 1 year (for accounting and dispute resolution)
Email communications: 1 year
Log data: 90 days

6.2 30-Day Data Retention for Books and Batches

To minimize data storage and enhance privacy, all uploaded books and batch data are automatically deleted 30 days after creation. This includes:

Book cover images
Extracted and enriched metadata
Batch processing records

Important: Please export your book data (CSV format) before the 30-day period if you need to retain it permanently. Once deleted, this data cannot be recovered.

Exceptions: Data may be retained longer if:

Legal obligations require retention
Active disputes or investigations are ongoing
You have exported the data (CSV exports are not affected by the 30-day deletion)

6.3 Data Deletion

You can request immediate deletion of your data at any time by:

Navigating to Dashboard → Settings → Account and selecting "Delete Account"
Emailing us at paal.book01@gmail.com

Account deletion will permanently remove:

Your user account and profile information
All remaining books and batches (if within 30-day period)
Transaction history (subject to legal retention requirements)

7. Your Rights Under GDPR

As an EU/EEA resident, you have the following rights:

7.1 Right to Access (Art. 15)

You have the right to request a copy of your personal data we hold.

7.2 Right to Rectification (Art. 16)

You can correct inaccurate or incomplete personal data through your account settings or by contacting us.

7.3 Right to Erasure / "Right to be Forgotten" (Art. 17)

You can request deletion of your personal data, subject to legal retention obligations.

7.4 Right to Data Portability (Art. 20)

You can export your book data in CSV format directly from the Service. For other data, contact us.

7.5 Right to Object (Art. 21)

You can object to processing based on legitimate interests.

7.6 Right to Restrict Processing (Art. 18)

You can request temporary restriction of data processing.

7.7 Right to Withdraw Consent (Art. 7(3))

Where processing is based on consent, you can withdraw it at any time.

7.8 Right to Lodge a Complaint

You can file a complaint with your local data protection authority:

Norway: Datatilsynet - https://www.datatilsynet.no
EU/EEA: Find your authority at https://edpb.europa.eu

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption in transit: TLS/SSL for all data transmission
Encryption at rest: Database encryption for stored data
Access controls: Role-based access and authentication
Regular security updates: Timely patching and security monitoring
Secure payment processing: PCI-DSS compliant payment processor (Stripe)

8.1 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the supervisory authority within 72 hours (GDPR Art. 33)
Notify affected users without undue delay (GDPR Art. 34)
Provide information about the nature of the breach and remedial measures

9. Cookies and Tracking

For detailed information about cookies and tracking technologies, please see our Cookie Policy.

Essential Cookies

We use essential cookies for:

Authentication - Session management and login
Language preference - Remembering your language choice
Security - CSRF protection and secure sessions

10. Children's Privacy

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

Update the "Last Updated" date at the top of this policy
Notify you of material changes via email or prominent notice in the Service
Obtain your consent where required by law

Your continued use of the Service after changes indicates acceptance of the updated policy.

12. Contact Us

For privacy-related questions, data access requests, or to exercise your rights, please contact us:

Email: paal.book01@gmail.com
Address: Nordåssløyfa 46B, 1251 Oslo, Norway
Data Protection Officer: paal.book01@gmail.com

13. Governing Law

This Privacy Policy is governed by Norwegian law and the EU General Data Protection Regulation (GDPR).

Privacy Policy

1. Introduction

Contact Information

2. Data We Collect

2.1 User Registration Data

2.2 Payment and Transaction Data

2.3 Book Upload Data

2.4 Usage and Analytics Data

3. How We Use Your Data

3.1 Service Provision

3.2 Communication

3.3 Legal Basis for Processing

4. Third-Party Services and Data Sharing

4.1 Essential Service Providers

4.2 Analytics

4.3 No Third-Party Marketing

5. Data Storage and International Transfers

5.1 Primary Data Storage

5.2 International Transfers

6. Data Retention

6.1 Retention Periods

6.2 30-Day Data Retention for Books and Batches

6.3 Data Deletion

7. Your Rights Under GDPR

7.1 Right to Access (Art. 15)

7.2 Right to Rectification (Art. 16)

7.3 Right to Erasure / "Right to be Forgotten" (Art. 17)

7.4 Right to Data Portability (Art. 20)

7.5 Right to Object (Art. 21)

7.6 Right to Restrict Processing (Art. 18)

7.7 Right to Withdraw Consent (Art. 7(3))

7.8 Right to Lodge a Complaint

8. Data Security

8.1 Data Breach Notification

9. Cookies and Tracking

Essential Cookies

10. Children's Privacy

11. Changes to This Privacy Policy

12. Contact Us

13. Governing Law

We use cookies

Privacy Policy

1. Introduction

Contact Information

2. Data We Collect

2.1 User Registration Data

2.2 Payment and Transaction Data

2.3 Book Upload Data

2.4 Usage and Analytics Data

3. How We Use Your Data

3.1 Service Provision

3.2 Communication

3.3 Legal Basis for Processing

4. Third-Party Services and Data Sharing

4.1 Essential Service Providers

4.2 Analytics

4.3 No Third-Party Marketing

5. Data Storage and International Transfers

5.1 Primary Data Storage

5.2 International Transfers

6. Data Retention

6.1 Retention Periods

6.2 30-Day Data Retention for Books and Batches

6.3 Data Deletion

7. Your Rights Under GDPR

7.1 Right to Access (Art. 15)

7.2 Right to Rectification (Art. 16)

7.3 Right to Erasure / "Right to be Forgotten" (Art. 17)

7.4 Right to Data Portability (Art. 20)

7.5 Right to Object (Art. 21)

7.6 Right to Restrict Processing (Art. 18)

7.7 Right to Withdraw Consent (Art. 7(3))

7.8 Right to Lodge a Complaint

8. Data Security

8.1 Data Breach Notification

9. Cookies and Tracking

Essential Cookies

10. Children's Privacy

11. Changes to This Privacy Policy

12. Contact Us