This Privacy Notice for Episteme ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
- Download and use our mobile application (Episteme), or any other application of ours that links to this Privacy Notice
- Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at epistemereader@gmail.com.
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by using our table of contents below to find the section you are looking for.
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.
Do we process any sensitive personal information? We do not process sensitive personal information.
Do we receive any information from third parties? Yes, we receive a limited amount of information from third parties, specifically from Google when you use Google Sign-In to create an account. Learn more about how we handle social logins.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. Learn more about how we process your information.
In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties, such as Google (for authentication, cloud sync, and payments) and Cloudflare (for AI features). Learn more about when and with whom we share your personal information.
How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. Learn more about how we keep your information safe.
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.
How do you exercise your rights? The easiest way to exercise your rights is by contacting us at epistemereader@gmail.com. We will consider and act upon any request in accordance with applicable data protection laws.
TABLE OF CONTENTS
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In Short: We collect personal information that you provide to us when you create an account, make purchases, or use online features.
We collect personal information that you voluntarily provide to us when you register on the Services, purchase Pro features, or otherwise when you contact us.
Social Media Login Data. We provide you with the option to register and log in using your existing Google account. If you choose to do this, we will collect certain profile information about you from Google, as described in the section "HOW DO WE HANDLE YOUR SOCIAL LOGINS?".
Payment Data. We may collect data necessary to process your payment if you make purchases, such as a one-time purchase for "Episteme Pro". All payment data is handled and stored by Google Play Billing. We only receive a purchase token for verification and do not have access to your payment instrument details. You may find their privacy notice here: https://policies.google.com/privacy.
User-Provided Content (Documents and Ebooks). To provide reading functionality, the application requires you to import document files (such as EPUB, MOBI, AZW3, and PDF). These files are copied into the application's private storage on your device. If you enable the sync feature, these files are also uploaded to a private, sandboxed "appDataFolder" within your own Google Drive account, which is only accessible by this application. At no point are your book files uploaded to our own servers. The contents of your documents are processed on-device, except for specific, user-initiated AI features as detailed in Section 5.
Information Collected for Pro Features
If you are a Pro user and enable sync, we collect additional data to provide Pro features:
- Book Files in Your Google Drive: To sync your library, the app will upload your book files (e.g., EPUB, PDF) to a special, hidden `appDataFolder` within your own Google Drive. This folder is sandboxed, meaning only Episteme can access it. The storage used by these files will count against your total Google Drive storage quota. You remain in control of this data, and its use is governed by Google's Privacy Policy.
- Sync Metadata: We store your book metadata (title, author), reading progress (last read position, bookmarks), and shelf organization in Google Firestore. This data is linked to your account's unique User ID to enable synchronization.
- Device Management Data: To enforce device limits, we collect and store a unique identifier for your device, its public name (e.g., "Google Pixel 8"), and the date it was last seen. This is stored in Google Firestore.
Information collected automatically
In Short: Some information — such as your device characteristics — is collected automatically when you use our application.
We automatically collect certain information when you use the application. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your device ID, model, manufacturer, operating system, and version. This information is primarily needed to maintain the security and operation of our application, for troubleshooting, and for our internal analytics and reporting purposes (e.g., via Firebase Crashlytics).
2. HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To facilitate account creation and authentication and otherwise manage user accounts. We process your information so you can create and log in to your account, as well as keep your account in working order.
- To deliver and facilitate delivery of services to the user. We process your information to provide you with the requested service, such as rendering your documents on-device.
- To provide Pro features. For Pro users, we process your information to enable features like cross-device synchronization of reading progress and library organization via Google Firestore.
- To fulfill and manage your purchases. We process your information to verify your "Episteme Pro" purchase with Google Play and grant you access to Pro features.
- To protect our Services. We process information to monitor for bugs and crashes using services like Firebase Crashlytics, helping us improve the stability of the application.
- To provide AI-powered features. We process content you select to provide services like dictionary definitions and summaries, as described in Section 5.
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law, like with your consent, to comply with laws, to provide you with services, or to fulfill our legitimate business interests.
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
In Short: We may share information in specific situations described in this section and/or with the following third parties who help us deliver our Services.
We may need to share your personal information with the following third parties:
- Google: We use several Google services to operate Episteme.
- Firebase (Authentication, Firestore, Crashlytics, Remote Config): For user sign-in, cloud synchronization of reading data, crash reporting, and remote feature management.
- Google Play Billing: To process your "Episteme Pro" purchase and verify your subscription status.
- Google Drive: To store and sync your book files if you are a Pro user with sync enabled.
Your data is processed according to Google's Privacy Policy.
- Cloudflare: Our AI backend for features like dictionary and summarization is hosted on Cloudflare Workers. This acts as a secure intermediary between the app and the language model that generates responses. We send data to this service only to fulfill AI-related requests as described in Section 5.
We may also share your information in the following situations:
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
5. HOW DO WE USE YOUR DATA FOR AI-POWERED FEATURES?
In Short: To provide AI features, we send only the specific text you select or the content of a single page/chapter to our secure backend. Your personal information and full documents are never sent or stored.
To provide AI-powered features, we need to process some of your content via a secure backend service running on Cloudflare Workers, which then communicates with a Large Language Model (LLM). Here is a breakdown of how we handle that data:
- Dictionary Definitions: When you select a word or phrase and request a definition, that specific text is sent to our backend to generate the definition.
- Summarization (Pro Feature): When you request a summary:
- For an **EPUB** book, the plain-text content of the **current chapter** is sent.
- For a **PDF** document, the extracted text from the **current page** is sent.
- Data Privacy and Anonymity:
- We do **not** upload or send your entire documents (EPUB, PDF, etc.).
- The text sent for processing is **not linked to your personal account information** (such as your User ID, email, or name).
- The content is **not stored or logged** on our backend server after the request is completed. Its sole purpose is to generate the AI response and stream it back to your device.
6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
In Short: If you choose to register or log in to our Services using your Google account, we will receive certain information about you from Google.
Our Services offer you the ability to register and log in using your Google account details. Where you choose to do this, we will receive certain profile information about you from Google. The profile information we receive will include your **name, email address, and profile picture URL**.
We will use the information we receive only for the purposes that are described in this Privacy Notice, such as to create and manage your account and display your profile information within the app. We do not share this information with any other third parties. We recommend that you review Google's privacy notice to understand how they collect, use, and share your personal information.
7. HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.
We will only keep your personal information for as long as you have an account with us. When you delete your account or when we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information.
8. HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. All network traffic between the app and our backend services (Firebase, Cloudflare) is encrypted using HTTPS. However, despite our safeguards, no electronic transmission over the Internet can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.
9. CHILDREN'S PRIVACY
Our Services are not directed to anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If we become aware that we have collected Personal Data from a child under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.
10. WHAT ARE YOUR PRIVACY RIGHTS?
In Short: You may review, change, or terminate your account at any time. In some regions, such as the European Economic Area (EEA), UK, and certain US states, you have rights that allow you greater access to and control over your personal information.
Withdrawing Consent and Terminating Your Account
You can terminate your account at any time by contacting us at the email provided. Upon your request, we will deactivate or delete your account and all associated information from our active databases. This includes your profile information and all data stored in Firestore (synced reading progress, bookmarks, shelves, and registered devices). If you have used the sync feature, you can also delete all synced book files from your Google Drive `appDataFolder` using the in-app function. However, we may retain some anonymized or aggregated crash data, and certain information may be retained in our files to prevent fraud, troubleshoot problems, and/or comply with applicable legal requirements.
11. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature. As no uniform technology standard for DNT signals has been finalized, we do not currently respond to DNT browser signals.
12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: If you are a resident of certain states, such as California, you are granted specific rights regarding access to your personal information.
Many US states have enacted comprehensive privacy laws. For example, California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below. We do not share personal information with third parties for their direct marketing purposes.
13. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: If you are a resident of the European Economic Area (EEA) or the United Kingdom (UK), you have specific rights under the GDPR and UK GDPR.
If you are located in the EEA or UK, you have the following data protection rights:
- The right to access, correct, update, or request deletion of your personal information.
- The right to object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information.
- The right to opt-out of marketing communications we send you at any time.
- The right to withdraw your consent at any time if we have collected and processed your personal information with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
- The right to complain to a data protection authority about our collection and use of your personal information.
To exercise any of these rights, please contact us at epistemereader@gmail.com.
14. DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To make such a request, please contact us at epistemereader@gmail.com.
6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?