Privacy Policy
Last updated: July 5, 2026
1. Who We Are
Folio ("we", "our", "us") is a book tracking and social reading application. This policy explains how we collect, use, and protect your personal information when you use Folio at folio.app or through our API.
2. Information We Collect
We collect information you provide directly:
- Account information — email address, username, display name, and password (stored as a bcrypt hash — we never store your plain-text password)
- Reading data — books you track, reading dates, progress, ratings, reviews, quotes, reading sessions, and notes
- Social content — posts, comments, group activity, reading lists, and recommendations you share with others
- Profile information — optional avatar, bio, and reading preferences
We also collect automatically:
- Log data — IP address, browser type, pages visited, and timestamps when you use Folio (retained for up to 30 days for security and debugging)
- Cookies — a single httpOnly session cookie used to keep you logged in securely. We do not use advertising cookies or third-party tracking
3. How We Use Your Information
- To provide and improve the Folio service
- To send account emails (email verification, password resets) — we only send transactional emails, never marketing without your consent
- To power social features (showing your reviews and posts to friends or publicly, depending on your privacy settings)
- To generate your personal reading statistics, Reader DNA, and Folio Wrapped
- To detect and prevent abuse and security threats
4. How We Share Your Information
We do not sell your personal data. We share it only in these limited cases:
- With other users — content you mark as public (reviews, posts, reading lists) is visible to other Folio users. Content you mark as private is only visible to you
- Service providers — we use Railway (database hosting), Resend (transactional email), and Redis Labs (session caching). Each provider processes data only as needed to deliver the service
- Legal requirements — we may disclose information if required by law or to protect the safety of users
5. Data Storage and Security
Your data is stored in a PostgreSQL database hosted on Railway in the United States. We use TLS encryption for all data in transit, bcrypt password hashing, httpOnly session cookies, and per-endpoint rate limiting to protect your account.
6. Your Rights
You have the right to:
- Access — export all your reading data at any time via Settings → Export Data (CSV)
- Correction — update your account details at any time in Settings
- Deletion — delete your account and all associated data by emailing privacy@folio.app. We will process deletion within 30 days
- Portability — your exported CSV can be imported into other reading tracking apps
If you are in the European Economic Area or California, you may have additional rights under GDPR or CCPA. Contact us to exercise them.
7. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we remove all personally identifiable data within 30 days, except where we are legally required to retain it.
8. Children
Folio is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will delete it.
9. Changes to This Policy
We may update this policy as the service evolves. We will notify you of material changes by email or by a prominent notice in the app. Continued use after changes constitutes acceptance.