Privacy Policy
Effective date: [DATE]
DESA is built to be privacy-light. You can read most of the library without an account, and your reading data stays on your device unless you choose to sign in.
1. What we collect
- Reading data — your progress, bookmarks, last position, and mentor conversations. As a guest, this is stored only in your browser (local storage) and never leaves your device.
- Account data (optional) — if you sign in, we store your email address and sync your reading data to our database so it follows you across devices.
- Mentor messages — the questions you send the AI mentor, plus the relevant book excerpts, are sent to our AI providers to generate a response.
- Basic technical data — standard server logs (e.g., IP address, browser type) needed to operate and secure the Service.
We do not sell your personal information, and we don’t collect sensitive categories of data.
2. How we use it
To provide the reading experience, remember where you left off, sync across your devices (if signed in), answer your mentor questions, and keep the Service secure and working.
3. Third parties who process data
- Our hosting provider (delivery of the Service).
- Our authentication/database provider (account sign-in and storage of synced reading data).
- Our AI providers, which process your mentor questions and book excerpts to generate answers. We don’t send them your account identity beyond what’s needed for the request. [Confirm each provider’s data-retention and training terms and reflect them here.]
4. Cookies & local storage
We use local storage (and any strictly necessary cookies) to save your reading state and preferences. Guests can clear this anytime via the in-app “clear reading data” control or their browser settings.
5. Data retention & your choices
- Guests: your data lives only in your browser — clear it anytime and it’s gone.
- Account holders: you can request access to, correction of, or deletion of your account and synced data by contacting us; deleting your account removes your synced data.
- Depending on where you live, you may have rights under GDPR, UK GDPR, or CCPA/CPRA (access, deletion, portability, opt-out). We honor valid requests.
6. Children
The Service isn’t directed to children under 13, and we don’t knowingly collect their data.
7. Security
We use reasonable technical and organizational measures to protect your data, but no system is perfectly secure.
8. Changes
We may update this policy; material changes will be posted here with a new effective date.
9. Contact
Privacy questions or requests: [contact@yourdomain].