Privacy Policy

Last updated: 1 June 2026

Your privacy matters to us. This policy explains what information BukuMu collects, how we use it, and the choices you have.

1. Information We Collect

When you create an account via Google Sign-In, we receive your name, email address, and profile picture from Google. We do not receive your Google password.

As you use BukuMu, we store:

  • The books you add to your library
  • Your reading progress and scroll position
  • Highlights and personal notes you create
  • Quiz attempt scores and history
  • Subscription and billing status (managed by Stripe - we do not store your card details)

2. How We Use Your Information

We use your information solely to provide and improve the BukuMu service:

  • To authenticate you and keep your account secure
  • To sync your library, highlights, and progress across sessions
  • To process subscription payments via Stripe
  • To generate and display quiz results
  • To send transactional emails (e.g. payment receipts) - no marketing emails without your consent

3. Data Sharing

We do not sell, rent, or share your personal data with third parties for their own marketing purposes. We share data only with the following service providers, strictly to operate BukuMu:

  • Google - authentication (OAuth 2.0)
  • Stripe - payment processing and subscription management
  • Anthropic - generating insight cards and quiz questions from book title and author name

Each provider has its own privacy policy governing data they receive.

4. Data Retention

We retain your account data for as long as your account is active, except where retention is required by law (e.g. financial records).

5. Your Rights

You may at any time:

  • Request a copy of the data we hold about you
  • Request correction of your data
  • Cancel your subscription from the Settings page

To exercise these rights, email us at [email protected].

6. Cookies

BukuMu uses a single session cookie to keep you logged in. We do not use third-party tracking or advertising cookies.

7. Security

All data is transmitted over HTTPS. Passwords are never stored - authentication is handled entirely by Google OAuth. Stripe handles all payment card data in a PCI-compliant environment.

8. Children

BukuMu is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has created an account, contact us and we will delete it promptly.

9. Changes to This Policy

If we make material changes we will update the "Last updated" date above and, where appropriate, notify you by email. Continued use of BukuMu after changes constitutes acceptance of the revised policy.

10. Contact

Questions about this policy? Email us at [email protected].