Privacy Policy

Last updated: April 30, 2026

This Privacy Policy explains how Dogear ("we," "us," or "the app") collects, uses, and shares information when you use our mobile application and related services (together, the "Service"). By using the Service you agree to the practices described here. If you don't agree, please don't use the Service.

This is a plain-language summary of a real policy. Read the whole thing — we keep it short on purpose.

1. Information we collect

a. Information you give us

• Account info — when you sign in with Google, we receive your email address, display name, and profile picture from Google. We store these in our authentication provider (Supabase) and an associated user record in our database.
• Profile info — username, display name, optional bio, and optional avatar URL you provide during onboarding or via the Edit Profile screen.
• Content you create — books you add to your shelf, your reading progress, highlights, notes, comments, likes, follow relationships, and reports you submit about other users' content.

b. Information collected automatically

• Device + log data — when the app talks to our servers we record IP address, request timestamps, and basic device info (OS version, app version) for debugging, abuse prevention, and service availability.
• Crash reports — if the app crashes, anonymized crash diagnostics may be sent via Sentry to help us fix bugs. Crash reports do not include the contents of your highlights, notes, or comments.

c. Information we do not collect

• We don't run advertising, analytics SDKs that track you across other apps, or location services.
• We don't sell your data.

2. How we use information

• To run the Service — sign you in, render your shelf, deliver your feed, sync reading progress, and let you interact with other users.
• Safety + moderation — we send the text of new highlights, notes, and comments to OpenAI's moderation API (/v1/moderations) to detect obviously abusive content before it's published. OpenAI's terms apply to this processing; OpenAI states it does not use moderation API requests to train its models. We also retain abuse reports submitted by users to enforce our Terms of Service.
• Service improvement — debug logs and crash reports help us diagnose problems and improve reliability. These are kept for a short window (90 days or less) and are not used for advertising.

3. Who we share information with

• Other Dogear users — content you publish on the Service (highlights, notes, comments, likes, profile info) is visible to other users according to the visibility setting you choose: private (only you), followers (people who follow you), or public (any signed-in user). Profile fields (username, display name, bio, avatar) are visible to any signed-in user.
• Service providers — we use the following processors to operate the Service:
  • Supabase — authentication and primary database.
  • Railway — backend hosting.
  • OpenAI — content moderation API (text only, no metadata).
  • Sentry — crash reporting.
  • Project Gutenberg — public-domain book content.
  • Google — sign-in provider; subject to Google's own privacy policy.
• Legal compliance — we may disclose information if required by law, to protect our rights, or to investigate fraud or abuse.

We do not share your personal information with advertisers, data brokers, or analytics platforms outside of the providers listed above.

4. Your choices and rights

• Visibility — you control whether each highlight or note is private, visible to followers, or public. You can change visibility at any time.
• Account deletion — you can permanently delete your account from the Profile screen (Menu → Delete Account). This removes your profile, shelf, highlights, notes, comments, likes, follow relationships, blocks, and reports. The deletion cascades immediately and removes your authentication record. This action is irreversible.
• Block + report — you can block another user (which removes follows in both directions and hides them from search and feed) or report content that violates our Terms.
• Access + correction — most of your data is editable in-app (display name, bio, avatar, visibility on each post). For requests not covered by the in-app controls, email us at the address below.
• Region-specific rights — if you are in the EU/UK, California, or another jurisdiction with applicable data-protection laws, you may have additional rights (access, portability, restriction, objection, non-discrimination). Contact us to exercise them.

5. Children

The Service is not directed to children under 13 (or under 16 in regions where that is the minimum age for online consent). If you believe a child has provided us with personal information, contact us and we will delete the account.

6. Data retention

• Active accounts — we retain your data as long as your account exists.
• Deleted accounts — when you delete your account, your profile and user-generated content are removed immediately. Backups are purged on a rolling basis (no longer than 30 days). Aggregated, non-identifying service metrics may be retained indefinitely.
• Reports + moderation records — we may retain a record of reports and moderation actions for a reasonable period to detect repeat offenders and comply with legal obligations.

7. Security

We use industry-standard practices: TLS in transit, Supabase Row Level Security where applicable, JWT-based authentication, and access controls on our infrastructure. No system is perfectly secure; if we detect a breach that affects you, we will notify you as required by law.

8. International transfers

We are based in the United States. If you use the Service from outside the US, your data will be transferred to and processed in the US and other countries where our service providers operate. By using the Service you consent to this transfer.

9. Changes to this policy

If we make material changes we will update the "Last updated" date and, for significant changes, notify you in-app or by email. Continued use of the Service after the change means you accept the updated policy.

10. Contact

Questions, requests, or complaints: support@esesang.com

If you are not satisfied with our response, you may have the right to complain to your local data-protection authority.