PRIVACY POLICY

Last updated: April 18, 2026

This Privacy Notice for Episteme ("we," "us," or "our"), describes how and why we might access, collect, store, and use ("process") your personal information when you use our services ("Services"), including when you:
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at epistemereader@gmail.com.

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? We do not process sensitive personal information.

Do we receive any information from third parties? Yes, we receive a limited amount of information from third parties, specifically from Google when you use Google Sign-In to create an account. Learn more about how we handle social logins.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. Learn more about how we process your information.

Do we share your data with third parties? We do not share or sell your data to third parties for their own use (such as marketing or advertising). However, we do use trusted third-party service providers (like Google and Cloudflare) strictly to operate our app and provide specific features (like cloud sync and AI). Learn more about how we use third-party service providers.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. Learn more about how we keep your information safe.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by contacting us at epistemereader@gmail.com. We will consider and act upon any request in accordance with applicable data protection laws.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR INFORMATION?
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
4. HOW DO WE USE THIRD-PARTY SERVICE PROVIDERS?
5. HOW DO WE USE YOUR DATA FOR AI-POWERED FEATURES?
6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
7. HOW LONG DO WE KEEP YOUR INFORMATION?
8. HOW DO WE KEEP YOUR INFORMATION SAFE?
9. CHILDREN'S PRIVACY
10. WHAT ARE YOUR PRIVACY RIGHTS?
11. CONTROLS FOR DO-NOT-TRACK FEATURES
12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
13. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
14. DO WE MAKE UPDATES TO THIS NOTICE?
15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us
In Short: We collect personal information that you provide to us when you create an account, make purchases, or use online features.

We collect personal information that you voluntarily provide to us when you register on the Services, purchase Pro features or Credits, or otherwise when you contact us.

Social Media Login Data. We provide you with the option to register and log in using your existing Google account. When you do, Google provides us with your name, email, and profile picture. However, we only store your email address and a unique user ID in our database. Your name and profile picture are handled strictly locally on your device to display your profile.

Payment Data. We may collect data necessary to process your payment if you make purchases, such as a one-time purchase for "Episteme Pro" or Credit packs. All payment data is handled and stored securely by Google Play Billing. We only receive a purchase token for verification and do not have access to your payment instrument details.

User-Provided Content (Documents and Ebooks). To provide reading functionality, the application requires you to import files. We support Documents (PDF, DOCX, ODT/FODT), E-books (EPUB, MOBI, AZW3, FB2), Comics (CBZ, CBR, CB7), and Text files (MD, TXT, HTML). These files are stored in the application's private storage on your device. We do not upload your library to our own servers. The contents are processed on-device, except for specific, user-initiated AI features as detailed in Section 5.

OPDS Catalogs. Our app allows you to browse public OPDS catalogs (like Standard Ebooks or Project Gutenberg) and add custom OPDS links. We do not track or collect data on your browsing history within these external catalogs.

Information Collected for Pro & Cloud Features
If you enable sync, we collect additional data to provide cross-device synchronization:
  • Book Files in Your Google Drive: The app will upload your book files to a special, hidden appDataFolder within your own Google Drive. This folder is sandboxed (only Episteme can access it). You remain in full control of this data.
  • Sync Metadata: We store metadata in our database (Google Firestore) to enable cross-device syncing. This includes book metadata (title, author, file name), reading progress, bookmarks, highlights, and shelf organization.
  • Device Management Data: To enforce device limits for Pro accounts, we collect and store your device ID, its public name (e.g., "Google Pixel 8"), and the date it was last seen.

Information collected automatically
In Short: Some information — such as your device ID and crash logs — is collected automatically when you use our application.

We automatically collect certain information when you use the application. This information does not reveal your specific identity but is needed to maintain security, troubleshoot, and perform analytics. This includes:
  • Device Identifiers: We generate and collect a unique installation Device ID to manage your account's active devices.
  • Diagnostics and Analytics IDs: We use Firebase Crashlytics to monitor app stability. This service collects anonymous crash traces and an anonymous Crashlytics installation UUID to help us fix bugs.

2. HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
  • To facilitate account creation and authentication.
  • To deliver and facilitate delivery of services to the user.
  • To provide Pro features and Sync. For Pro users, we process your metadata to enable cross-device synchronization of reading progress and library organization.
  • To fulfill and manage your purchases. We process your information to verify your "Episteme Pro" or "Credit" purchases with Google Play.
  • To protect our Services. We monitor for bugs and crashes to improve the stability of the application.
  • To provide AI-powered features. We process content you select to provide services like Cloud TTS (Text-to-Speech), Recap, Summaries, and Dictionary Definitions, as described in Section 5.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law, like with your consent, to comply with laws, to provide you with services, or to fulfill our legitimate business interests.

4. HOW DO WE USE THIRD-PARTY SERVICE PROVIDERS?
In Short: We do not "share" or "sell" your personal data to third parties for their own commercial use. We engage trusted third-party service providers solely to process data on our behalf to operate our Services.

We engage the following third-party service providers to help us deliver our app's features. These providers act strictly as data processors:
  • Google Cloud & Firebase: We use Google's infrastructure for authentication, database storage (Firestore), crash reporting (Crashlytics), and user file storage (Google Drive integrations).
  • Google Play Billing: To securely process your Pro and Credit purchases.
  • Google Gemini API: We utilize Google's enterprise Gemini API to generate advanced AI responses for features like Cloud TTS and Recap.
  • Cloudflare: We use Cloudflare Workers as a secure, intermediary backend to route our AI requests and process logic securely without exposing direct API keys.

5. HOW DO WE USE YOUR DATA FOR AI-POWERED FEATURES?
In Short: To provide AI features, we send only the specific content you request to be processed to our secure API providers. We do not use your personal data to train AI models.

When you spend credits to use our AI-powered tools (Cloud TTS, Recap, Summaries, or Dictionary), we process the necessary content via our secure backend (Cloudflare) which routes it to an Enterprise Large Language Model (Google Gemini API).
  • How Content is Processed based on File Type:
    • For Text-based files (EPUB, DOCX, TXT, etc.): The plain text of the current chapter, page, or your specific selection is extracted and sent to the API.
    • For Image-based files (PDFs, Comics): Because these files rely on visual layout, an image of the current page is captured and sent to the AI service to accurately extract and summarize the context. Please be aware of this if your document contains highly sensitive visual information.
  • Data Privacy & AI Training:
    • We do not upload your entire document library for these requests—only the specific page, chapter, or selection you activate the feature on.
    • The requests are completely disconnected from your personal identity (email, account name).
    • We use enterprise-tier APIs (Google Gemini API via Cloudflare). Under their enterprise terms, the data submitted via these APIs is not retained or used by Google or Cloudflare to train their public AI models. The data is processed ephemerally to return your result.

6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
In Short: If you choose to register or log in to our Services using your Google account, we will receive certain information about you from Google.

Our Services offer you the ability to register and log in using your Google account details. When you do, Google provides us with your name, email address, and profile picture URL. However, as stated in Section 1, we only store your email address on our servers to manage your account securely. We do not store your name or profile picture externally; they are only used locally on your device.

7. HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We will only keep your personal information for as long as you have an account with us. When you delete your account or when we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. All network traffic between the app and our backend services is encrypted using HTTPS. However, despite our safeguards, no electronic transmission over the Internet can be guaranteed to be 100% secure.

9. CHILDREN'S PRIVACY
Our Services are not directed to anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If we become aware that we have collected Personal Data from a child under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.

10. WHAT ARE YOUR PRIVACY RIGHTS?
In Short: You may review, change, or terminate your account at any time.

Withdrawing Consent and Terminating Your Account

 You can terminate your account at any time by contacting us at the email provided, or via the in-app delete feature. Upon your request, we will deactivate or delete your account and all associated information from our active databases. This includes your email, device limits, and all sync data (reading progress, bookmarks, shelves) stored in Firestore. If you used the Google Drive sync feature, you can also delete all synced book files from your Google Drive appDataFolder using the in-app function.

11. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature. As no uniform technology standard for DNT signals has been finalized, we do not currently respond to DNT browser signals.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: If you are a resident of certain states, such as California, you are granted specific rights regarding access to your personal information.

We do not share or sell your personal information to third parties for direct marketing purposes. If you are a California resident, the "Shine The Light" law permits you to request information about the categories of personal information we disclosed to third parties (which, in our case, is zero). Please submit any requests to our contact email.

13. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: If you are a resident of the European Economic Area (EEA) or the United Kingdom (UK), you have specific rights under the GDPR and UK GDPR.

If you are located in the EEA or UK, you have the right to access, correct, update, or request deletion of your personal information, restrict processing, and withdraw consent. To exercise these rights, please contact us at epistemereader@gmail.com.

14. DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have questions or comments about this notice, you may email us at epistemereader@gmail.com.

16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To make such a request, please contact us at epistemereader@gmail.com.