Privacy Policy — ReadAlly
Last updated: 2026-04-04
Summary: ReadAlly processes account data (email/name), user content (uploaded documents and your interactions), and technical data (logs) to provide the service. We also use third‑party providers for AI processing, file storage delivery, authentication, and payments.
1) Who we are
ReadAlly (“we”, “us”) provides a document reading and AI‑assisted interaction service for PDF/EPUB documents.
Contact: contact@lexantic.com
2) Data we collect
A. Account data (provided by you)
- Email address
- First name and last name (optional depending on signup flow)
- Password (stored as a secure hash on our servers — we do not store your plaintext password)
- Preferred language, translation language, and time zone (if provided)
- Date of birth (optional, if provided)
B. User content and app activity
- Uploaded documents (PDF/EPUB) and metadata (title/name, original filename)
- Highlights, chat messages, questions, and AI responses linked to your account
- Reading progress and related events (e.g., last page/progress percent)
- Feedback you submit in-app (stored as a feedback record)
- Support/contact messages (subject/message, and your email)
C. Technical data
- Authentication/session data (tokens and server-side session identifiers)
- Server logs and security logs (e.g., timestamps, request metadata, IP address)
- Rate-limiting and abuse-prevention signals
3) How we use your data
- To create and secure your account and authenticate you
- To store and deliver your documents and reading experience
- To provide AI features (explanations, translations, questions, quizzes)
- To manage quotas/plan access and (if enabled) subscriptions
- To provide support and handle feedback
- To maintain service reliability, prevent abuse, and improve performance
4) When we share data (service providers)
We do not sell your personal data. We may share data with the following categories of providers:
- AI processing: prompts/content you submit for AI features (highlighted text, context, questions) may be sent to an AI provider to generate responses.
- Payments (if enabled): subscription checkout and billing are processed by a payment provider (e.g., Stripe). We receive limited information such as plan status and subscription period.
- Authentication: if you use “Continue with Google”, we receive basic profile info (e.g., email) to create/login your account.
- Storage/CDN: uploaded files may be stored in cloud object storage (e.g., S3) and delivered via a CDN (e.g., CloudFront) for performance.
- Email delivery: support/contact and feedback emails may be sent through an email service.
- Analytics and diagnostics: we use Firebase Analytics and Crashlytics to monitor app performance, identify and fix bugs, and understand usage patterns. These services collect limited technical data, including crash logs and device identifiers (such as the Advertising ID for Android 13+), solely for technical diagnostics and anonymous statistical analysis to help us provide a more stable and efficient service.
5) Data retention
We keep data only as long as needed to provide the service and comply with legal obligations.
- Account & content: retained while your account is active, and then deleted or anonymized after you request deletion where feasible.
- Backups: copies may persist for a limited period in backups (typically up to 90 days).
- Billing/accounting records: may be retained for longer where required by law (if payments are enabled).
6) Account deletion
You can request deletion inside the app (Account → “Delete Account”). We also provide a public page describing the deletion process:
7) Security
We use reasonable technical and organizational measures to protect your data (access controls, encryption in transit via HTTPS, and secure password hashing).
8) Your rights
Depending on your location, you may have rights to access, correct, delete, or object to certain processing of your personal data. To exercise these rights, contact contact@lexantic.com.