Legal
Privacy Policy
Last updated 11 July 2026 · Effective on publication
This policy explains what personal data Novella collects, why, and the rights you have over it. The short version: we collect what the library needs to work, nothing more, and everything has an off switch.
Who is responsible for your data
Novella is operated by [COMPANY], registered in England and Wales at [REGISTERED OFFICE], which is the data controller for the personal data described in this policy — the organisation that decides what is collected and why, and the one answerable to you for it.
For any privacy question, or to exercise any of the rights in section 10, write to legal@readnovella.com.
What we collect
Your account
When you create an account we collect your email address and a password. The password is stored only in hashed form — we cannot read it. You also choose a username, and may add a display name, an avatar, and a short bio.
Things you create on Novella
Using the library produces records tied to your account: your reading log (which books, their status, and dates), your ratings and reviews, your lists and the notes on them, your tag votes, the catalogue edits you contribute, any content reports you file, your notifications, your privacy settings, and contribution statistics derived from your activity.
Technical data
Like every website, our servers keep short-lived logs of requests — including IP addresses — which we use for security, rate limiting, and abuse prevention. When something breaks, error reports help us fix it.
What we deliberately do not collect
- No advertising trackers, and no tracking of you across other websites.
- No precise location, and no access to your contacts.
- Your search history stays in your browser. It is stored on your device, is never sent to our servers, and clearing your browser data clears it.
How we use it
UK data-protection law requires a lawful basis for each use of your data. Ours are:
- To perform our contract with you — running your account: signing you in, storing your reading log and contributions, showing your content according to your privacy settings, and sending service messages such as email confirmation and password resets.
- Our legitimate interests — keeping the catalogue accurate, preventing spam and abuse (including rate limiting and the trust system that gates contributions), securing the Service, and understanding usage in aggregate so we can improve it.
- Legal obligation — where we must keep or disclose records because the law requires it.
- Consent — for anything optional, which we will ask for at the time and which you can withdraw.
We do not use your data for advertising, we do not sell it, and we do not build profiles of you for anyone else. Automated decisions with legal or similarly significant effects are not made about you.
Analytics
We measure how Novella is used with privacy-preserving, cookieless analytics: aggregate counts of page views and in-app events that tell us what is working — never a profile of an identified person, and never data shared with an advertising network. Our servers also record aggregate product signals, such as searches that return no results, which tell us which books the library is missing.
What other people can see
Novella is a community library, so your profile and activity are public by default — your reading log, what you are currently reading, your ratings, your reviews, and your lists are visible on your profile unless you turn them off.
Every one of those has its own switch in Settings → Privacy, and lists can additionally be made private one by one. Anything you make private is enforced by the database itself — it is withheld from other users at the source, not merely hidden by the interface.
Catalogue edits are different: they are contributions to a shared, public record, so the edit history of a book is always public, attributed to your username while your account exists (see section 9 for what happens after).
Where your data lives
Our service providers may store or process data outside the United Kingdom. Where they do, the transfer is protected by safeguards recognised under UK law — an adequacy decision for the destination country, or contractual protections such as the UK International Data Transfer Agreement or Addendum. You can ask us for details of the safeguards that apply using the contact details in section 13.
How long we keep it
We keep your data while your account is open. Server and security logs are kept only briefly. When you delete your account:
- your personal data — profile, email, reading log, ratings, reviews, lists, tag votes, notifications, and settings — is deleted immediately, not merely deactivated;
- your catalogue edit history is anonymised: the edits remain (removing them would rip holes in the shared record every other contributor built on), but they are reassigned to a permanent “deleted user” entry and no longer reference you;
- the free-text notes on any reports you filed are scrubbed;
- residual copies age out of our encrypted backups on a rolling schedule, and we may retain specific records where the law requires it.
Your rights
UK data-protection law gives you rights over your data: access (a copy of what we hold), rectification (correcting it), erasure, portability (a machine-readable copy to take elsewhere), restriction and objection (limiting or objecting to certain processing), and the right to withdraw consent where consent is the basis.
The two you are most likely to want are built into the product, self-serve, with no email required:
- Export your data — Settings gives you a machine-readable copy of everything Novella holds about you, in one file, whenever you like.
- Delete your account — Settings deletes your account and personal data immediately, as section 9 describes.
For anything else, contact us (section 13) and we will respond within the time the law allows — normally one month. You also have the right to complain to the Information Commissioner’s Office (ico.org.uk), or to your local supervisory authority if you live outside the UK — though we would welcome the chance to resolve your concern first.
Children
Novella is not for children under 13, and we do not knowingly collect their data. If you believe a child under 13 has an account, contact us and we will delete it.
Changes to this policy
We may update this policy as the Service or the law changes. When we make a material change we will update the date at the top of this page and, where appropriate, notify you in the app or by email before the change takes effect. We will never use a policy change to retroactively erode the commitments in section 7 without telling you first.
Contact us and related documents
Questions about this policy or your data are welcome. Write to us at legal@readnovella.com, or to [COMPANY], [REGISTERED OFFICE].
The terms governing your use of Novella are set out separately in the Terms of Service — also a draft, not yet in force, pending the same incorporation and review.