Privacy Policy

BookSkills (“we,” “us,” or “our”) operates bookskills.co (the “Site”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit the Site, create an account, purchase skill files, or subscribe to our service. We are the data controller for personal information collected through the Site.

We may update this policy periodically. When we make material changes, we will update the effective date above and, where required by law, notify you by email or prominent notice on the Site.

1. Information We Collect

1.1 Information You Provide Directly

• Account information: When you register, we collect your email address and a password (hashed and stored securely by Firebase Authentication — we never see your plaintext password).
• Payment information: Payment details are entered directly into Stripe’s secure payment form and transmitted directly to Stripe. We do not receive, store, or process your raw card data. We receive only a Stripe customer ID and transaction metadata.
• Communications: If you contact us by email, we retain the contents of that communication and your contact details.

1.2 Information Collected Automatically

• Usage data: Pages visited, skill files viewed, download events, and timestamps.
• Device and browser information: Browser type, operating system, device type.
• IP address: Collected by Firebase and our hosting infrastructure for security and fraud prevention.
• Session identifiers: Firebase Authentication session tokens stored in your browser to keep you logged in.

1.3 Information We Store on Your Behalf

• Purchase history: A list of skill files you have purchased, stored in Firebase Firestore under your user ID.
• Subscription status: Whether you have an active annual subscription, your Stripe subscription ID, and subscription status.

2. How We Use Your Information

We use the information we collect to:

• Create and maintain your account (contract performance)
• Process purchases and deliver skill files (contract performance)
• Manage subscriptions and recurring billing (contract performance)
• Generate secure download URLs for purchased content (contract performance)
• Provide customer support (legitimate interest)
• Detect fraud and ensure Site security (legitimate interest)
• Send transactional emails such as receipts and account notices (contract performance)
• Comply with applicable legal obligations

We do not use your information for targeted advertising. We do not sell your personal information to third parties.

3. Third-Party Services and Data Sharing

3.1 Firebase (Google LLC)

We use Firebase for user authentication, database storage, and file storage. Firebase processes your email address, authentication credentials, purchase history, subscription status, and skill files at rest. Firebase operates under Google’s data processing terms. Privacy policy: policies.google.com/privacy

3.2 Stripe, Inc.

We use Stripe to process payments. Your payment information is transmitted directly to Stripe and subject to their privacy policy. Stripe acts as an independent data controller for information you provide in the payment flow. Privacy policy: stripe.com/privacy

3.3 DigitalOcean

Our website is hosted on DigitalOcean App Platform. DigitalOcean processes server logs including IP addresses. Privacy policy: digitalocean.com/legal/privacy-policy

3.4 No Sale of Personal Information

We do not sell, rent, or trade your personal information to any third party for their own marketing or commercial purposes.

3.5 Legal Disclosures

We may disclose personal information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Cookies and Local Storage

Firebase Authentication stores an authentication token in your browser’s local storage to keep you logged in between sessions. This is strictly necessary for the Site to function and does not track you across other websites.

We do not use advertising cookies, tracking pixels, or behavioral advertising technologies. We do not participate in retargeting networks.

You can clear local storage and cookies at any time through your browser settings. Doing so will log you out of your account.

5. Data Retention

• Account data: Retained for as long as your account is active, plus 30 days after account deletion to allow recovery from accidental deletion.
• Purchase records: Retained for 7 years to satisfy tax and accounting obligations under US law.
• Payment transaction records: Stripe retains payment records per their own retention policies. We retain only the Stripe customer ID and purchase event metadata.
• Server logs: Automatically purged after 90 days by our hosting provider.
• Communications with us: Retained for up to 3 years.

6. Data Security

We implement commercially reasonable technical and organizational measures to protect your personal information, including HTTPS/TLS encryption for all data in transit, Firebase’s built-in encryption at rest, Stripe’s PCI DSS Level 1 compliant payment processing, and access controls limiting who can access production data.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security and are not responsible for breaches attributable to circumstances outside our reasonable control.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Right to Access: Request a copy of the personal information we hold about you.
• Right to Rectification / Correction: Request correction of inaccurate personal information.
• Right to Deletion: Request that we delete your personal information, subject to legal retention obligations.
• Right to Data Portability: Request a machine-readable export of the personal information you have provided to us.
• Right to Opt Out of Sale: We do not sell your personal information. No opt-out is required.
• Right to Non-Discrimination: We will not deny you services or charge different prices because you exercised any privacy right.
• Right to Lodge a Complaint: EU/EEA residents may contact their local data protection authority. UK residents may contact the Information Commissioner’s Office (ico.org.uk).

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (45 days for CCPA requests). We may need to verify your identity before processing a request.

8. California Residents (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know, delete, correct, opt out of sale or sharing, and non-discrimination.

Categories of personal information collected in the preceding 12 months:

• Identifiers (email address, IP address, user ID)
• Commercial information (purchase history, subscription status)
• Internet or network activity (pages visited, download events)

We do not sell or share personal information as defined under CCPA/CPRA. To exercise your rights, contact [email protected]. We will respond within 45 days.

9. Children’s Privacy

Our Site is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it promptly. If you believe we may have collected such information, please contact us at [email protected].

10. International Data Transfers

BookSkills is operated from the United States. If you access our Site from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. For users in the EU/EEA or UK, we rely on Google’s (Firebase) and Stripe’s participation in applicable cross-border transfer frameworks, including Standard Contractual Clauses where applicable.

11. Contact Us

For privacy-related questions, rights requests, or concerns: