Privacy Policy

Effective: 2026-05-05  ·  Last updated: 2026-05-05

This Privacy Policy describes how Poser8 LLC ("we," "us") handles information when you use The Hidden Library mobile application (the "App"). We aim to collect as little as possible. This document tells you exactly what we do collect, why, and what your rights are.

1. Who we are

Poser8 LLC is the data controller for personal information processed by the App. You can reach us at privacy@thehiddenlibrary.app.

2. What we collect

If you use the App without an account (anonymous mode):

• No personal information is collected. Your reading position, bookmarks, and decode results stay on your device only.
• If you use the AI Decode feature, the passage text you decode is sent to our backend and to our AI provider (see §4). We do not associate it with you.

If you create an account:

• Email address and password. Used to authenticate you. Passwords are hashed by our authentication provider; we never see them in plaintext.
• Profile record containing your subscription tier (free or premium) and a counter of decodes used. We do not collect a name, phone number, age, or any demographic information.
• Bookmarks — the text identifier and excerpt of any passage you save.
• Reading progress — which text you were reading and how far through it you were, so the App can restore your place.
• Decode results — the passage you submitted and the AI-generated commentary, if you choose to save them.

Things we do not collect:

• No advertising identifiers, no IDFA / GAID.
• No analytics SDK, no behavioral tracking, no event telemetry.
• No location data.
• No contacts, photos, microphone, or camera access.
• No data from third-party social accounts (we do not currently offer social sign-in).

3. Why we use it

• To let you sign in and sync your library across devices.
• To remember where you left off and what you bookmarked.
• To check whether you are entitled to premium features.
• To generate AI decodes on request, when you tap the Decode button.
• To respond to support requests you send us.

We do not sell personal information. We do not use it for advertising. We do not train AI models on your data.

4. Service providers we share data with

We use a small number of carefully chosen processors. Each receives only the data needed to do its job:

• Supabase, Inc. — hosts authentication and the database (your email, profile, bookmarks, progress, saved decodes). Servers are located in the United States. supabase.com/privacy
• RevenueCat, Inc. — manages subscription state. Receives an anonymous user identifier (your account UUID) and your subscription status. Does not receive your email. revenuecat.com/privacy
• Anthropic, PBC — provides the AI model behind the Decode feature. When you tap Decode, the passage text is sent to Anthropic via our backend. Anthropic does not train on this data per their commercial API terms. anthropic.com/legal/privacy
• Apple, Inc. and Google LLC — if you purchase a subscription, the platform processes the payment under its own terms. We never see your payment card.
• Cloudflare, Inc. — serves this website. Receives standard server logs (IP, user agent) for the website only; not the App.

5. Where data is stored

Account and library data is stored on Supabase infrastructure in the United States. Your authentication session token is stored on your device using the operating system's secure keystore (iOS Keychain / Android Keystore).

6. How long we keep data

• Account, profile, bookmarks, progress, and saved decodes are retained until you delete your account or ask us to delete them.
• Server logs and crash diagnostics are kept for up to 30 days.
• Unsaved AI decode requests are not retained beyond the response.

7. Your rights

Regardless of where you live, you can:

• Access — request a copy of the personal information we hold about you.
• Correct — update your email or password from inside the App.
• Delete — delete your account from inside the App (Profile → Delete Account), which permanently removes your profile, bookmarks, progress, and saved decodes from our database.
• Export — request a portable copy of your library.
• Object or restrict — ask us to stop processing your data.

To exercise any of these rights, email privacy@thehiddenlibrary.app. We will respond within 30 days.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the GDPR / UK GDPR. If you are in California, you have additional rights under the CCPA / CPRA, including the right not to receive discriminatory treatment for exercising those rights. We do not "sell" or "share" personal information as those terms are defined under California law.

8. Children

The App is not directed to children under 13 (or under 16 in the EEA / UK), and we do not knowingly collect personal information from them. If you believe a child has created an account, contact us and we will delete it.

9. Security

We use TLS for all network traffic, the operating system's secure keystore for session tokens, and row-level security on the database so that one user can never read another's data. No system is perfectly secure; if we discover a breach affecting your data, we will notify you as required by law.

10. Changes

If we change this policy in a material way, we will update the "Last updated" date and, for active accounts, surface a notice in the App on your next launch. Continued use of the App after the change constitutes acceptance.