Introduction
This Privacy Policy explains how Iwan Books (“we”, “us”, “our”) processes personal information when you use Iwan—our service for discovering, purchasing, and reading digital books, including reader and writer subscription features—delivered through our mobile applications for Android and iOS, our websites and domains operated for the service (including iwanbooks.com), and our backend APIs.
By creating an account or otherwise using the Services, you acknowledge this Policy. If you do not agree, please discontinue use of the Services.
1. Who we are
| Data controller | Iwan Books |
|---|---|
| Product | Iwan |
| Privacy & data requests | Iwan Support — support@iwanbooks.com |
2. Information we collect
2.1 You provide directly
- Account & profile: identifiers such as name and email; credentials (passwords are hashed and not stored in plain text); phone number if you provide it; display preferences such as language; and optional profile details or avatar image if you choose to upload one (which may involve temporary access to your camera or photo library only when you use that feature).
- Subscriptions & commerce: selected plans, promotional or voucher codes you apply, billing-related references, and payment status as reported by our payment partners. Card numbers and other full payment instrument data are collected and processed by PCI-compliant payment providers; we do not store complete card data on our own systems.
- Content you submit: for example book reviews, support tickets, or other text you send through the App or when you contact us.
- Addresses or similar details if a feature you use (e.g. delivery or regional compliance) requires them.
2.2 Generated and collected automatically
- Reading & library activity: items such as books opened, samples or purchases, reading progress, wishlists, “continue reading”, completed titles, and related metadata needed to sync your library across devices.
- Device & technical data: device model, operating system, app build, IP address and network timestamps as part of normal server communication, locale settings, and diagnostic identifiers used for fraud prevention and reliability.
- Notifications: if you enable push notifications, a push token (e.g. via Firebase Cloud Messaging) linked to your installation so we can deliver messages related to your account, content, or subscriptions.
- Analytics & crash data: aggregated or pseudonymous usage and stability information (for example through Google Firebase Analytics and Firebase Crashlytics) to understand errors, performance, and product usage.
2.3 Social sign-in (Google, Meta/Facebook, Apple)
When you sign in with a third party, we receive what that provider discloses to us after you consent—typically tokens and, depending on your settings, your name, email, or profile image. We do not receive your password for that third-party account. Those companies process personal data under their own policies and terms.
3. How we use personal information
We use the data described above to:
- Provide, operate, and improve the Services (including authentication, library sync, reader features, and subscription entitlements).
- Process payments and subscriptions, apply discounts or vouchers where applicable, and communicate transactional information (e.g. receipts, renewal status).
- Maintain security, detect abuse, enforce our terms, and comply with law.
- Send service messages (security alerts, verification, subscription notices). Where permitted, we may send marketing; you may opt out of marketing as described in those messages or in-app settings where available.
- Deliver push notifications you have opted into.
- Analyze aggregated trends to improve reliability and user experience.
We do not sell your personal information for money. We disclose information to categories of recipients listed in Section 5.
4. Legal bases (EEA, UK, and similar jurisdictions)
Where the GDPR or equivalent laws apply, we rely on one or more of the following:
- Performance of a contract (providing the Services you request).
- Legitimate interests (for example securing accounts, improving the product, and preventing fraud), where not overridden by your rights.
- Consent where required (such as certain optional communications or permissions on your device).
- Legal obligation (for example tax, accounting, or responding to lawful requests).
5. Disclosure and processors
We may share personal information with:
- Service providers that process data on our instructions (hosting, email, customer tooling, analytics, crash reporting).
- Payment partners to authorize and settle transactions.
- Identity & sign-in providers you choose (Google, Meta/Facebook, Apple).
- App distribution platforms (Google Play, Apple App Store) as required for distribution and platform policies.
- Professional advisers or authorities where required by law or to protect rights, safety, and integrity of users or the public.
We require processors to implement appropriate confidentiality and security measures and to use data only for the purposes we authorize.
6. International transfers
We and our providers may process information in countries other than where you live. Where transfers are subject to GDPR or UK GDPR, we implement safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.
7. Retention
We retain information only as long as necessary for the purposes collected, including:
- Account records for the lifetime of the account and a limited period thereafter for backup, disputes, and legal compliance.
- Financial records as required by tax and commercial law.
- Logs and analytics in shortened or aggregated form, or for defined retention windows.
Retention may be extended where we must establish, exercise, or defend legal claims.
8. Security
We employ technical and organizational measures appropriate to the risk, including encryption in transit, secure handling of authentication tokens, and access controls. No system is perfectly secure; please protect your credentials and devices.
9. Your rights and choices
Subject to applicable law, you may have the right to access, rectify, delete, restrict, or port your personal data, and to object to certain processing. You may withdraw consent where processing is consent-based, without affecting the lawfulness of processing before withdrawal.
EEA/UK users may lodge a complaint with a supervisory authority in your country.
California residents (CCPA/CPRA): you may have the right to know, delete, and correct personal information, and to opt out of certain sharing that qualifies as “sale” or “sharing” under California law. We do not knowingly “sell” personal information as defined under CCPA in exchange for money. To submit a request, email support@iwanbooks.com (Iwan Support). We will verify reasonable requests as permitted by law.
To exercise rights generally, contact Iwan Support at support@iwanbooks.com. We may need to confirm your identity. Where the App provides account deletion, you may also use that in-app flow.
10. Children
The Services are not intended for individuals who cannot lawfully consent on their own behalf where such consent is required (commonly under ages 13–16 depending on jurisdiction). We do not knowingly collect personal information from children in violation of applicable law. Contact us if you believe a child has provided data and we will take appropriate action.
11. Changes
We may update this Policy to reflect legal, technical, or business changes. We will revise the “Last updated” date and, where appropriate, provide additional notice (for example in the App or by email). Continued use after the effective date may constitute acceptance where allowed by law.
12. Contact
Iwan Books — Iwan
Iwan Support: support@iwanbooks.com