This Privacy Policy explains how LitList (“we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you use the LitList mobile application (the “App”), available on iOS and Android.
We are based in Ontario, Canada, and our primary privacy obligations are under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). We are committed to transparency about how we handle your information and to complying with all applicable privacy laws, including Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (Law 25) where applicable, and international privacy frameworks where required.
We collect, use, and disclose your personal information only for purposes that a reasonable person would consider appropriate in the circumstances.
1. Who We Are and Accountability
LitList is a sole proprietorship operated from Ontario, Canada. As the operator of LitList, I am personally responsible for your personal information under PIPEDA and am accountable for the organization’s compliance with all applicable privacy principles.
Under PIPEDA’s accountability principle, the person responsible for privacy compliance is:
Person Responsible for Privacy: Owner and Operator, LitList
Privacy Contact: admin@litlist.ca
Website: https://litlist.ca
Location: Ontario, Canada
A full mailing address is available upon request by contacting admin@litlist.ca.
I have implemented policies and practices to protect personal information under my control, including information transferred to third-party service providers for processing. I conduct privacy impact assessments when introducing new features or technologies that involve personal information, such as the AI Recommendations feature and the Family Shelf.
2. Information We Collect
We collect only the information necessary to provide and improve the App. The collection of personal information is limited to what is needed for the purposes identified in this Policy, and information is collected by fair and lawful means.
2.1 Information You Provide Directly
- Account registration: email address, display name, avatar, and bio
- Profile preferences: country, currency, language, reading goals, favourite genres, preferred book format, and privacy settings
- Reading data: books added, page counts, ratings, reviews, quotes, journal entries, reading sessions, streaks, milestones, spice ratings, and trope tags
- Family data: children’s names, ages or birthdays (optional), and their reading history. This data is entered by the parent or guardian and is stored under the parent’s account. Only the information necessary to provide the Family Shelf reading tracking feature is collected. See Section 10 for details.
- Social data: friends list, activity feed interactions, likes, comments, buddy read progress, buddy read notes and reflections, and book recommendations you send or receive
- Subscription tracking: reading service subscriptions you choose to manually log (e.g. Audible, Kindle Unlimited). We store this information in your account for your reference only — we do not process payments for or connect to these third-party services
- Catalog contributions: when you submit a correction to a book’s shared catalog entry (cover, synopsis, title, author, or other metadata), we record your proposed value, the value that was in the catalog at the time of submission, and your account identifier. Submissions are reviewed by a moderator before being applied to the shared catalog.
- Communications: feedback, bug reports, or support messages you send us
2.2 Information Collected Automatically
- Device information: device type, operating system version, app version
- Push notification tokens: an Expo-issued device identifier used to deliver notifications you have opted into. Tokens are stored in a dedicated database table with strict access controls so they are only readable by our server-side notification service. They are not used for advertising or tracking.
- Subscription status: if you purchase LitList Plus, your subscription tier (free or Plus), expiry date, and platform (App Store or Google Play) are stored in your account. This is updated automatically by our subscription-management provider (RevenueCat) when you start, change, cancel, or renew a subscription. Payment card information is never sent to or stored by us.
- Crash reports and diagnostic data: used solely for fixing bugs and improving the App
- Usage patterns: features used, screens visited, session duration, reading streak and habit statistics derived from your activity
2.3 Information from Third-Party Services
We use several third-party services to operate the App. Here is how each one interacts with your data:
- Google Books API: When you search for books, we fetch book metadata (title, author, cover image, description, page count, genre) through a proxy hosted on our infrastructure. No personal information about you is sent to Google during this process.
- Hardcover API: When you browse series or discovery features, we fetch book series metadata through a server-side proxy. No personal information about you is sent to Hardcover.
- Open Library API: We fetch additional book cover images from Open Library. No personal information about you is sent.
- Anthropic Claude API: When you use the AI Recommendations feature, a curated summary of your reading taste is sent to Anthropic’s API to generate personalised suggestions. The summary includes: the titles and authors of books you have rated highly, rated poorly, or marked as DNF; your top genres and trope preferences; the mood you have selected for this recommendation request; and your spice level preference. Your name, email address, push token, and other account identifiers are not included in this request. The request is routed through a proxy hosted on Vercel that authenticates the request as coming from your account but does not retain the payload. Anthropic processes this data under the terms of its API data usage policy and does not use your data to train its models. See Section 11 for retention details.
- Supabase: Hosts your account data in a PostgreSQL database and provides authentication services. Data is protected at the database layer by row-level security policies that limit each query to the rows you are authorised to read or modify. Supabase processes data on our behalf under a Data Processing Agreement.
- RevenueCat: Manages in-app subscription purchases for LitList Plus. When you purchase, change, cancel, or renew a subscription via the App Store or Google Play, RevenueCat receives the transaction event from Apple or Google and notifies our server via a webhook so we can update your subscription status. We share your account user ID with RevenueCat to link your subscription to your account. Payment card information is handled exclusively by Apple or Google and is never seen by RevenueCat or by us. RevenueCat processes data under its Data Processing Agreement.
- Sentry: Collects crash reports and diagnostic data (stack traces, device type, OS version, app version, and session breadcrumbs) to help us identify and fix bugs. Sentry does not collect your name, email, or reading data. Sentry processes data under its Data Processing Agreement.
- Upstash Redis: Stores rate-limiting counters (keyed by your anonymous user ID and date) to prevent abuse of the AI recommendation feature. No reading data or personal information is stored in Upstash.
- PostHog: Collects anonymous product analytics to help us understand how LitList is used and improve the experience. In the App, this covers feature usage, app lifecycle events, and engagement metrics, associated with your anonymous user ID. On our website (litlist.ca), PostHog also collects anonymous, cookieless usage data such as page views and clicks on the App Store and Google Play buttons; no persistent profile is created for anonymous website visitors. In neither case does PostHog receive personal information such as your name, email, or reading data. PostHog processes data under its Data Processing Agreement.
- Apple Sign-In / Google Sign-In: If you choose to sign in with Apple or Google, the respective provider handles authentication and shares a limited set of information (an identity token, and optionally your name and email) with us to create or access your account. We do not receive or store your Apple or Google account password.
- Expo: Delivers push notifications you have opted into using your device’s push notification token.
- Goodreads / StoryGraph / LibraryThing CSV import: If you choose to import a CSV export from one of these services, the file is processed locally on your device and imported directly into your account. We do not retain the raw CSV file.
3. How We Use Your Information
We use your information for the following purposes:
- To create and manage your account and authenticate you across devices
- To provide core App functionality: book tracking, reading timer, journal, streaks, statistics, and the Family Shelf
- To power social features: friends, activity feed, likes, comments, and book recommendations
- To generate AI-powered book recommendations based on your reading history and preferences
- To sync your data across your devices via our cloud infrastructure (Supabase)
- To send push notifications you have opted into (e.g. streak reminders, reading goal updates) — you can disable these at any time in your device settings or within the App
- To respond to your support requests and feedback
- To analyse aggregate, de-identified usage trends to improve the App (see Section 11 for details on de-identification)
- To detect and prevent fraud, abuse, or security incidents
- To comply with legal obligations
We do not use your personal information for advertising. We do not sell your personal information. Personal information is used and disclosed only for the purposes for which it was collected, unless you provide additional consent or disclosure is required by law.
4. How We Obtain Your Consent (PIPEDA)
Under PIPEDA, we are required to obtain meaningful consent for the collection, use, and disclosure of your personal information. We present our consent requests in clear, plain language so that you can understand what you are agreeing to, including what personal information is being collected, who it is shared with, and for what purposes. We rely on different forms of consent depending on the sensitivity of the information and the context:
4.1 Express Consent
We obtain your express consent when you:
- Create an account and provide your personal information
- Enable push notifications
- Use the AI Recommendations feature (which sends reading data to Anthropic)
- Add children’s information to the Family Shelf
- Import data from Goodreads or other sources
4.2 Implied Consent
We rely on implied consent for activities that are necessary to provide the service you’ve requested, such as:
- Storing and syncing your reading data via Supabase
- Fetching book metadata from Google Books, Hardcover, and Open Library when you search for books
- Generating crash and diagnostic reports to maintain App stability
4.3 Withdrawing Consent
You may withdraw your consent at any time by:
- Disabling push notifications in your device settings
- Choosing not to use optional features like AI Recommendations
- Deleting your account (see Section 11)
- Contacting us at admin@litlist.ca
Withdrawing consent may affect your ability to use certain features of the App. We will explain the consequences of withdrawing consent when you make such a request. Withdrawal does not affect the lawfulness of processing that occurred before the withdrawal. Consent will not be required as a condition of providing a service beyond what is necessary to provide that service.
5. Additional Legal Bases (EEA and UK Users)
If you are located in the European Economic Area (EEA) or United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR in addition to the consent framework described above:
- Contract performance (Article 6(1)(b)): processing necessary to provide the App services you have requested
- Legitimate interests (Article 6(1)(f)): improving App performance, preventing fraud, and ensuring security — balanced against your rights
- Consent (Article 6(1)(a)): for optional features such as push notifications and AI recommendations, which you may withdraw at any time
- Legal obligation (Article 6(1)(c)): where processing is required by applicable law
6. Sharing Your Information
We do not sell your personal information. We share your information only in the following limited circumstances:
6.1 Service Providers
We engage trusted third-party providers who process data on our behalf. Each operates under contractual obligations or data processing agreements that require them to provide a comparable level of protection to that required under PIPEDA and to limit their use of your information to the purposes specified:
- Supabase Inc. — database hosting and authentication (data stored in the United States). Operates under a Data Processing Agreement.
- Anthropic PBC — AI recommendation processing (United States). Data is processed under Anthropic’s API data usage terms, which restrict use of your data beyond providing the requested service.
- Vercel Inc. — hosts the proxy servers for AI recommendation, social-notification, and Hardcover API requests (United States)
- RevenueCat Inc. — manages App Store and Google Play subscription state for LitList Plus (United States). Operates under a Data Processing Agreement.
- Expo (650 Industries Inc.) — push notification delivery
- Sentry (Functional Software Inc.) — crash reporting and error tracking (United States). Collects device and diagnostic data only; no reading data or account identifiers are shared.
- Upstash Inc. — rate-limiting infrastructure (United States). Stores only anonymous usage counters.
- PostHog Inc. — product analytics (United States). Collects anonymous feature usage data; no personal information is shared.
- Apple Inc. — authentication via Sign in with Apple (if you choose this method), and app distribution and in-app purchase processing via the App Store (United States)
- Google LLC — authentication via Google Sign-In (if you choose this method), book metadata via Google Books API, and app distribution and in-app purchase processing via Google Play (United States)
- Hardcover — book series metadata (United States). No personal data is shared.
- Open Library (Internet Archive) — book cover images (United States). No personal data is shared.
6.2 Social Features
When you use social features, certain information is shared with other LitList users according to your privacy settings:
- Your display name, avatar, username, and bio are visible to other LitList users to enable account discovery and friend requests.
- Your reading activity (books started, books finished, ratings, quotes, and recommendations) may appear in your friends’ activity feeds, subject to your privacy controls described in Section 9b. Activity is only visible to users you have accepted as friends, never to the public.
- Reviews can be set per-review to private (only you), friends-only, or public.
- Spice ratings and trope tags you contribute are aggregated into shared catalog statistics. The aggregated averages are visible to all users; your individual contribution is associated with your account but is not displayed publicly alongside your name.
- Buddy reads: when you participate in a buddy read with a specific friend, your reading progress, notes, reactions, and post-read reflections within that buddy read are visible to the other participant only. They are not visible to your wider friends list or to the public.
- Recommendations you send: when you recommend a book to a friend, your account identifier, the book details, and any message you include are visible to the recipient.
- Blocking: you can block another user, which prevents them from sending you friend requests, appearing in your activity feed, or contacting you through the app.
- Reporting: if a buddy-read note or other user-generated content violates the App’s policies, you can report it for moderator review. Your report and identity are visible to the moderator (the App operator) but not to the reported user.
- You control your overall profile visibility and per-attribute sharing through the privacy settings in your profile. See Section 9b.
6.3 Legal Requirements
We may disclose your information if required by law, regulation, court order, or governmental authority, or if necessary to protect the rights, property, or safety of LitList, our users, or others.
6.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you before your information becomes subject to a different privacy policy.
6.5 With Your Consent
We may share information in other ways if you have explicitly consented.
7. International Data Transfers
LitList is based in Canada. Your data is processed and stored primarily in the United States (via Supabase) and may be processed in other countries where our service providers operate.
If you are located outside of Canada, your personal information will be transferred to Canada and/or the United States. Canada has been recognised by the European Commission as providing an adequate level of data protection.
Please be aware that personal information stored or processed in the United States is subject to United States law, including laws that may permit access by courts, law enforcement, and national security authorities in that jurisdiction. We take reasonable steps to ensure that our service providers protect your data consistent with this Policy and applicable law, including through contractual safeguards.
For transfers to other jurisdictions, we take reasonable steps to ensure your data is protected consistent with this Policy and applicable law.
8. Accuracy of Personal Information
We take reasonable steps to ensure that the personal information we hold is accurate, complete, and up to date, to the extent necessary for the purposes for which it is used. Since much of the data in the App is entered and managed directly by you (such as your reading lists, reviews, and profile information), you play an important role in maintaining its accuracy.
If you believe any of your personal information is inaccurate or incomplete, you may update it directly within the App or contact us at admin@litlist.ca to request a correction. We will update or correct your information promptly upon verification.
9. Your Privacy Rights
9.1 All Users
Regardless of where you are located, you have the following rights:
- Access: Request a copy of the personal information we hold about you
- Correction: Request that we correct inaccurate or incomplete information
- Deletion: Request that we delete your account and associated data. You can do this directly in the App via Profile → Delete Account, or by emailing admin@litlist.ca
- Data export: Request a copy of your data in a portable format
- Withdraw consent: For any processing based on consent (e.g. notifications, AI recommendations), you may withdraw at any time without affecting prior processing
9.2 Canadian Users (PIPEDA)
Under PIPEDA, you have the right to:
- Know what personal information we hold about you and how it is used
- Challenge the accuracy and completeness of your information and have it amended
- Withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions
- Challenge our compliance with PIPEDA’s fair information principles (see Section 16)
- File a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca if you believe your privacy rights have been violated
9.3 Quebec Users (Law 25)
If you are located in Quebec, you additionally have the right to:
- Be informed of the specific purposes for the collection of your personal information and of any automated decision-making processes applied to your data
- Request de-indexing of any hyperlink attached to your name if it contravenes the law or a court order
- Data portability: receive your personal information in a structured, commonly used technological format
- File a complaint with the Commission d’accès à l’information du Québec (CAI) at cai.gouv.qc.ca
9.4 EEA and UK Users (GDPR / UK GDPR)
- Right to data portability: receive your data in a structured, machine-readable format
- Right to restriction of processing: request that we limit how we use your data in certain circumstances
- Right to object: object to processing based on legitimate interests
- Right to lodge a complaint with your local supervisory authority (e.g. your national Data Protection Authority within the EEA, or the ICO in the UK at ico.org.uk)
9.5 California Residents (CCPA / CPRA)
- Right to know the categories and specific pieces of personal information we have collected, and how we use and share it
- Right to delete your personal information, subject to certain exceptions
- Right to opt out of sale or sharing: we do not sell or share your personal information for cross-context behavioural advertising
- Right to non-discrimination: we will not discriminate against you for exercising your rights
To exercise any of your rights, contact admin@litlist.ca. We will respond within 30 days (or within any longer period permitted by applicable law with notice to you).
9b. Privacy Controls in the App
In addition to the legal rights described above, the App provides granular in-product controls that let you decide what you share with friends and what stays private. These controls are available in Profile → Settings → Privacy.
9b.1 Profile Visibility
- Public: any LitList user can find your profile and see the information you have not individually hidden.
- Friends: only users you have accepted as friends can see your profile.
- Private: your profile is not surfaced in user search and is only visible to friends you have already connected with.
9b.2 Per-Attribute Hiding
Within whichever profile visibility you choose, you can additionally hide individual categories of activity:
- Hide finished books — your friends will not see books you mark as read.
- Hide reading progress — your current page counts and percentages are not shared.
- Hide ratings — your star ratings are not shared.
- Hide quotes — quotes you save are kept private to your account.
- Hide DNF (did-not-finish) — books you have marked as DNF are not shared.
- Hide reading goal — your annual reading goal and progress toward it are not shared.
9b.3 Per-Review Visibility
Each review you write has its own visibility setting independent of your overall profile visibility. You can set a single review to private, friends-only, or public regardless of how the rest of your profile is configured.
9b.4 Blocking and Reporting
- Block: blocking another user removes them from your friends list, prevents them from sending you friend requests or recommendations, and removes their activity from your feed.
- Report: if a buddy-read note or other user-generated content violates the App’s policies, you can report it for moderator review. Your report is private to the moderator and is not shared with the reported user.
9b.5 Notifications
Push notifications are opt-in at the device level. You can revoke notification permission at any time in your device’s system settings. Within the App, you can also fine-tune which event types trigger a notification.
Changing any of these controls takes effect immediately. Activity that was already visible to friends before you tightened a setting will no longer appear in their feeds once the setting is updated.
10. Children’s Privacy and the Family Shelf
The App is not directed to children. You must be at least 13 years old (or 16 in the EEA) to create a LitList account.
The Family Shelf feature allows parents or legal guardians to create reading profiles for their children. By using this feature:
- All children’s data (names, ages/birthdays, and reading history) is stored under and controlled by the parent’s account
- Children do not create their own accounts and do not interact with the App independently
- The parent or guardian provides express consent for the collection and storage of their child’s information, specifically for the purpose of tracking their child’s reading activity within the Family Shelf feature
- Children’s data is used solely to provide the Family Shelf reading tracking feature and is not shared with third parties, used for advertising, or sent to AI services
- Providing a child’s exact birthday is optional; an age or age range is sufficient to use the feature
- A parent or guardian may request deletion of their child’s data at any time by removing the child’s profile from the Family Shelf or by contacting admin@litlist.ca
If you believe we have inadvertently collected information directly from a child without parental consent, please contact us immediately at admin@litlist.ca and we will delete it promptly.
11. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
- Account, profile, reading, social, and family data: retained while your account is active and for the purposes described in this Policy
- AI recommendation data: Reading preference summaries sent to Anthropic are processed in real time to generate recommendations. Anthropic’s API data usage policy governs any transient processing on its systems. We do not separately store the summaries sent to Anthropic beyond what is necessary to deliver the recommendation to you.
- Crash and diagnostic logs: retained for up to 90 days
- De-identified aggregate statistics: may be retained indefinitely. We de-identify data by removing all direct and indirect identifiers so that the resulting data cannot reasonably be used, alone or in combination with other available information, to identify any individual. De-identified data is not considered personal information under PIPEDA.
When you delete your account, we permanently delete your personal information from our active systems within 30 days. Residual copies in encrypted backups may persist for up to 90 days, after which they are purged.
12. Data Breach Notification
In the event of a security breach involving your personal information that creates a real risk of significant harm, we will:
- Notify the Office of the Privacy Commissioner of Canada as required by PIPEDA
- Notify affected users as soon as feasible, describing the nature of the breach, the information involved, and steps we are taking
- Maintain records of all breaches as required by law
If applicable, we will also notify relevant authorities in other jurisdictions, including the Commission d’accès à l’information du Québec where required by Law 25.
13. Security
We take reasonable technical and organisational measures to protect your personal information, including:
- Encryption of data in transit (TLS/HTTPS) for all client-server and server-service communication.
- Encryption of data at rest via Supabase’s managed PostgreSQL infrastructure.
- Secure authentication via Supabase Auth, with support for email/password, Sign in with Apple, and Sign in with Google.
- Row-level security (RLS) policies enforced at the database layer, so even if a client connects directly to our database it can only read or modify the rows the policies permit.
- Push notification tokens are stored in a dedicated table that is only readable by our server-side notification service. Other clients cannot read your token, and your token is never exposed to other users of the App.
- Administrative actions on the shared book catalog (such as moderator review of cover and synopsis submissions) are recorded in an audit log so that catalog changes are attributable and reviewable.
- Access controls limiting who can access your data within our organisation and service providers, applied through Data Processing Agreements where required.
- Routine security review of dependencies, configuration, and infrastructure.
The level of security protection is proportionate to the sensitivity of the personal information involved. No method of transmission or storage is 100% secure. If you become aware of any security concern, please contact us at admin@litlist.ca.
14. Third-Party Links and Services
The App may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by displaying a notice within the App or by email. The updated Policy will be effective upon posting with a revised effective date. Continued use of the App after changes constitutes acceptance of the updated Policy.
16. Challenging Our Compliance
Under PIPEDA’s challenging compliance principle, you have the right to challenge our compliance with the fair information principles set out in this Policy. If you believe we are not handling your personal information in accordance with our obligations, you may:
- Contact us at admin@litlist.ca with a description of your concern.
- We will acknowledge receipt of your challenge within 10 business days.
- We will investigate your concern and provide a substantive response within 30 days, including any steps we will take to address the issue.
- If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.
We will inform you of any relevant complaint procedures and will not retaliate against you for raising a privacy concern or filing a complaint.
17. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:
Person Responsible for Privacy: Owner and Operator, LitList
Email: admin@litlist.ca
Website: https://litlist.ca
Location: Ontario, Canada
A full mailing address is available upon request.