Backlist ("we," "our," or "us") operates the Backlist iOS application and the backlist.app website. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
Account information. When you create an account, we collect your email address and a hashed password. You may also sign in with Apple, in which case we receive a unique Apple user identifier and, at your discretion, your name and email address from Apple.
Phone number. If you enable SMS release alerts, we collect your US phone number. We store it in E.164 format (e.g., +15555551234). Your phone number is used exclusively to send you SMS notifications you have requested and is never sold or shared with advertisers.
Reading data. We store the authors and books you add to your shelf, your reading log entries (start dates, finish dates, ratings, notes), and your tier preferences. This data is stored in your account and used to power the app's features.
Usage information. We do not currently use third-party analytics. We may collect basic crash and diagnostic information through Expo's built-in tooling to identify and fix bugs.
SMS delivery is powered by Twilio (twilio.com). When you enable release alerts, your phone number is transmitted to Twilio to send messages on our behalf. Twilio's privacy policy is available at twilio.com/en-us/legal/privacy.
You can opt out of SMS notifications at any time by replying STOP to any message, or by disabling alerts in the app. Standard message and data rates from your carrier may apply.
We support Sign in with Apple. Apple may share your name and email (or a relay address) with us depending on your privacy settings. We use this information only to create and identify your account. Apple's privacy policy is available at apple.com/legal/privacy.
Your data is stored in Supabase (supabase.com), a managed Postgres database hosted on AWS infrastructure. Data is encrypted in transit (TLS) and at rest. Supabase's privacy policy is available at supabase.com/privacy.
We take reasonable technical and organizational measures to protect your data, but no method of electronic transmission or storage is 100% secure.
We do not sell your personal information. We share data only with the service providers listed in this policy (Supabase, Twilio, Apple) and only to the extent necessary to operate the service. We may disclose information if required by law or to protect our legal rights.
We retain your account data for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where retention is required by law.
Your phone number and alert preferences are deleted immediately upon request or when you disable all alerts.
Backlist is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, please contact us and we will delete it promptly.
You may request access to, correction of, or deletion of your personal data at any time by contacting us at hello@backlist.app. We will respond within 30 days.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated date. Continued use of the app after changes constitutes acceptance of the revised policy.
Questions about this policy? Email us at hello@backlist.app.