BookPromo Engine
Sign inGet Started Free

Privacy Policy

Last updated: 6/3/2026

This Privacy Notice explains how Book Promo Engine (the "Seller", "we", "us"), operating the BookPromo Engine service (the "Service"), collects and processes personal data. Book Promo Engine acts as the data controller for personal data processed in connection with the Service.

1. Personal Data We Collect

  • Account data: email address, hashed authentication credentials, display name.
  • Project data: book metadata, uploaded cover images, generated marketing outputs, credit balance.
  • Usage & device data: IP address, browser type, log data, timestamps, feature usage telemetry.
  • Support data: messages you send us via the Contact form.
  • Billing data: order history and subscription status (full payment card data is collected and stored by Paddle, not by us).

2. Purposes & Legal Bases (GDPR)

  • Provide the Service (account creation, generating outputs, storing your projects) — performance of a contract.
  • Billing, subscription management, tax & invoicingperformance of a contract and legal obligation.
  • Security, fraud prevention, abuse detectionlegitimate interests.
  • Service improvement and aggregated analyticslegitimate interests.
  • Customer supportperformance of a contract / legitimate interests.
  • Marketing communications (where applicable) — consent, withdrawable at any time.

3. Data Sharing & Sub-processors

We share personal data with the following categories of recipients, who process it on our behalf under contractual confidentiality and data-protection obligations:

  • Paddle.com Market Limited — our Merchant of Record. Paddle handles checkout, payment processing, subscription billing, tax compliance, invoicing, and refund processing.
  • Supabase — database hosting and authentication.
  • Cloudflare — application hosting, edge runtime, and DDoS protection.
  • Google (Gemini) and OpenAI — AI inference providers used to generate marketing outputs from your inputs.
  • Resend — transactional email delivery.
  • Competent authorities — where required by law.

4. Data Retention

  • Account data: retained for the life of your account and deleted within 30 days of account closure.
  • Project data and generated outputs: retained until you delete them or close your account.
  • Uploaded book covers / interior images: processed ephemerally and removed from working storage once rendering completes.
  • Billing & tax records: retained by Paddle and by us for up to 10 years as required by tax law.
  • Support correspondence: retained for up to 3 years.
  • Server and security logs: retained for up to 90 days.

5. Security Measures

We implement appropriate technical and organisational measures including: encryption in transit (TLS 1.2+), encryption at rest for databases and backups, principle-of-least-privilege access controls, hashed passwords, isolated production environments, audit logging, and regular dependency and security scanning.

6. International Transfers

Personal data may be processed outside the UK/EEA, including in the United States. Where this occurs, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or applicable adequacy decisions.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict, port, or object to processing of your personal data, and to withdraw consent. You may also lodge a complaint with your local supervisory authority. To exercise these rights, use the Contact form on this site. We will respond within one month.

8. Cookies

We use strictly necessary cookies for authentication and session management. We do not currently use advertising or third-party analytics cookies.

9. Contact

For privacy questions or to exercise your rights, contact Book Promo Engine via the Contact form on this site.