Effective Date: 29.09.2025

Quick Summary:

We respect your privacy. We collect only essential data to keep iBookish running smoothly, to help you discover and connect with fellow readers, and to nurture your experience with the platform. Your data is protected under EU law, and you remain in control at all times.

1. Introduction

Welcome to iBookish, a peer-to-peer book sharing and community platform operated by ELITEK Technology GmbH, based in Hamburg, Germany.

Your privacy is important to us. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our services, including our website and Progressive Web App (PWA).

By registering, accessing, or using iBookish, you agree to this Privacy Policy and our Terms of Service. If you do not agree, please do not use our platform.

2. Data Controller

The controller responsible for data processing under the EU General Data Protection Regulation (GDPR) is:

Elitek Technology GmbH operates the iBookish platform and all associated digital services.

"Every action we take with your data is guided by the same care we give to the stories that move between our shelves and hands."

3. Data We Collect

To operate the platform safely and effectively and improve our services, we collect the following data categories:

3.1 Identity and Contact Data

• Full name
• Email address
• Date of birth (to verify legal age)
• Location (for regional access and support)
• Profile photo (optional)
• Payment details such as PayPal account ID (for transactions)

3.2 Account Activity

• Book listings, reservations, preferences, and uploaded content
• Ratings, reviews, messages, and chat history
• Community participation (comments, discussions, Club Rooms)
• Payment info, subscription, and transaction history

3.3 Technical Data

• IP address, device information, operating system
• Usage data including access times and error logs
• User interface behaviour and interaction patterns collected via Microsoft Clarity (anonymized click paths, scroll depth, feature engagement)

Note:

We use Microsoft Clarity or similar technologies to better understand how users interact with our platform. Data is pseudonymized and used solely to improve usability and functionality; no personal identification is attempted or allowed through this tool.

4. How We Use Your Data

We use your data to:

• Create, manage, and authenticate user accounts
• Match book preferences and enable rentals
• Facilitate communication between users and send notifications
• Process payments and manage subscriptions
• Provide customer support
• Ensure platform integrity, safety, and compliance with community guidelines
• Analyze usage and improve app performance and features
• Generate analytics and crash reports
• Send marketing communications with your consent

Note:

You can withdraw consent at any time by updating your settings in the app or contacting us at contact@ibookish.club.

5. Legal Basis for Processing

We process your personal data based on:

Performance of a contract:

to fulfil rental agreements, subscriptions, and related services (Art. 6.1.b GDPR)

Legitimate interests:

to prevent fraud, conduct analytics, and provide customer service

User consent:

where applicable, for marketing and optional features

By using iBookish, you provide your consent to these processing activities. You may withdraw consent at any time, but this may limit your access to some features.

6. Data Sharing and Third Parties

We may share your data with:

• Payment processors such as PayPal and Stripe
• Hosting providers (like Hetzner Online GmbH)
• Analytics services like Microsoft Clarity
• Legal or regulatory authorities when required by law

We only work with third-party processors who provide GDPR-compliant data processing agreements (DPAs) under Article 28 of the GDPR. We review these agreements to ensure they meet data protection standards.

7. International Data Transfers

Your personal data is stored and processed in Germany and Finland with our hosting provider Hetzner online GmbH. If your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions by the European Commission.

Where applicable and feasible, we ensure that our third-party service providers outside the EEA implement similar safeguards.

8. Data Security

We use hashing mechanisms to enhance the security of user authentication and data transmission. When users log in, their passwords are never stored in plain text; instead, they are transformed into fixed-length hash values using secure algorithms such as SHA-256 or bcrypt. This ensures that even if the database is compromised, the original passwords remain protected. Additionally, HTTPS provides an encrypted communication channel between the client and server using SSL/TLS protocols, preventing eavesdropping and man-in-the-middle attacks. Together, hashing and HTTPS create a strong multi-layered security model that safeguards user credentials and sensitive information during authentication and data exchange.

9. Data Retention

Transactional and account data is retained for up to 10 years to comply with German tax law (§147 AO) and EU regulations.

Non-essential data is deleted after your account is closed, except where required for legal, tax, or fraud prevention reasons.

10. Your Rights

If you are an EU resident, you have the following rights under GDPR:

Access the personal data we hold about you

Request correction of inaccurate or incomplete data

Request deletion of your data ("Right to be Forgotten"), subject to legal exceptions

Request a copy of your data in a structured, machine-readable format

Restrict or object to certain processing activities

You may specifically object at any time to processing based on legitimate interests (Art. 6(1)(f) GDPR), such as for recommendations, analytics, or community communications. To exercise this right, contact us at contact@ibookish.club or adjust your preferences in the app. We will respect your objection unless there are overriding legitimate grounds to continue processing.

Withdraw consent at any time where processing is based on consent

Request data portability to another service provider; this applies to structured data you provided to us, such as your profile, listings, and personal account history.

11. Content Ownership and Licensing

You retain full ownership of any content you post (book listings, reviews, profile data, etc.). By uploading content, you grant ELITEK Technology GmbH a non-exclusive, royalty-free, worldwide, revocable license to use, display, and distribute your content within the platform and related services.

This license can be revoked by deleting your content or closing your account; however, cached or backup copies may persist temporarily.

12. Optional Consent for Promotional Use

You may choose to allow ELITEK technology GmbH (operating as iBookish) to feature your content (e.g., book reviews, lists, profile quotes) in public materials like in community highlights, newsletters, social media posts, marketing campaigns, and app store previews.

This broader use will only occur with your explicit opt-in consent, which you can withdraw anytime by contacting us at contact@ibookish.club or changing your profile settings.

13. Service-Related Communications and Recommendations

We rely on our legitimate interests (Art. 6(1)(f) GDPR) to send you essential service-related messages, updates about the community, and personalized book recommendations.

You may object to these communications at any time by using the unsubscribe link in emails or adjusting your preferences in the app or contacting us at contact@ibookish.club.

14. Cookies

We use essential cookies for login and session management, and optional cookies (e.g., for analytics) only with your consent. You can manage your cookie preferences through your browser or in-app settings. See our [Cookie Policy] for more details. (Link to separate cookie policy if available)

15. Children's Privacy and Minimum Age

You must be at least 16 years old (or the age of digital consent in your country) to use iBookish. We do not knowingly collect personal data from children under this age.

If we discover personal data of a child under 16 collected without verified parental consent, we will promptly delete or anonymize it.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on the platform and updating the effective date.

17. Contact Us

If you have questions, concerns, or requests related to your privacy or this policy, please contact:

If we discover personal data of a child under 16 collected without verified parental consent, we will promptly delete or anonymize it.

ELITEK technology GmbH

Email: contact@ibookish.club

Operates the iBookish application and website.