← Back to Monographs
Privacy Policy
Last updated: May 31, 2026
1. Overview
Monographs ("we", "our", "the app") is a personal book collection tracker operated by Chris Sulawko. This policy explains what information we collect, how we use it, and your rights regarding your data.
We collect only what is necessary to provide the service. We do not sell your personal data.
2. Information We Collect
Information you provide
- Account information — when you create an account, we collect your email address. If you sign in via Apple Sign-In, we receive your email address (or a private relay address, if you choose Apple's Hide My Email option) and a unique identifier. If you sign in via Google Sign-In, we receive your email address and a unique identifier. If you sign in with email and password, we store your email address; your password is securely hashed by our authentication provider and never stored in plain text.
- Profile information — you may provide a display name, profile photo, and bio. Profile photos are stored on our servers.
- Library data — the books you add to your collection, including their status (owned, reading, read, wishlist), personal notes, ratings, and any custom shelves or lists you create.
Information collected automatically
- Crash and diagnostic data — we may collect device type, operating system version, app version, and crash details to diagnose and fix issues. This data is collected only when a crash reporting service is active; we will update this policy with the specific provider before enabling it.
- Usage analytics — we may collect data about how you use the app, such as screens viewed, features used, and session duration, to understand what works well and improve the experience. Where analytics are collected, they may be linked to your account to measure feature adoption, or collected in anonymized form for aggregate trends. We will update this policy with the specific analytics provider before enabling collection.
- Push notification tokens — if you enable push notifications, we store a device token to deliver them. You can disable notifications at any time in your device settings.
Information from third parties
- Book metadata — we retrieve book information (titles, authors, cover images, publication details) from Open Library and other book data sources. This does not involve your personal data.
3. How We Use Your Information
- To provide, maintain, and sync your book collection across devices
- To authenticate your identity and secure your account
- To display your profile information within the app
- To send push notifications you have opted into (such as reading reminders or new feature announcements)
- To diagnose crashes, monitor performance, and improve app stability
- To analyze usage patterns and improve the app experience
- To respond to your support requests or inquiries
We do not use your data for advertising, profiling, or any purpose unrelated to providing and improving the Monographs service. We do not currently display advertisements or use ad networks. If this changes in the future, we will update this policy before introducing any advertising or affiliate features, and will request your permission where required by law (such as Apple's App Tracking Transparency framework on iOS).
4. Sharing and Public Features
Monographs is primarily a personal, private app. We may introduce optional sharing features (such as sharing a shelf or reading list via a link). If we do:
- Sharing is always initiated by you and never automatic.
- Only the content you explicitly choose to share is made visible.
- You can revoke shared links at any time.
We do not have public profiles, social feeds, or follower systems.
5. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:
- Contract — processing your account, profile, and library data is necessary to provide the service you signed up for.
- Consent — push notifications and any future identity-linked analytics or advertising features are based on your consent, which you can withdraw at any time.
- Legitimate interest — crash reporting, anonymized aggregate analytics, and basic security measures to keep the service running reliably.
6. Third-Party Services
We use the following third-party services to operate Monographs:
- Supabase — data storage, authentication, and real-time sync. Supabase processes your account data, profile, and library data on our behalf, and handles password hashing for email-based accounts. See Supabase's privacy policy.
- Cloudflare — hosting, API delivery, image storage (for profile photos and book covers), and security. See Cloudflare's privacy policy.
- Expo / EAS — app build and update distribution. When the app checks for or downloads updates, Expo's servers are involved. Expo may collect basic diagnostic telemetry. See Expo's privacy policy.
- Apple Sign-In — if you sign in with Apple, Apple shares your email (or a private relay address, if you choose to hide it) and a unique identifier. See Apple's privacy policy.
- Google Sign-In — if you sign in with Google, Google shares your email and a unique identifier. See Google's privacy policy.
- Open Library — book metadata (titles, authors, cover images). No user data is shared with Open Library.
We will update this list before introducing additional services (such as analytics providers, crash reporting tools, or ad networks).
7. Data Sharing
We do not sell, rent, or trade your personal information. We share your data only in these limited circumstances:
- Service providers — the third-party services listed above process data on our behalf to provide the service. They are contractually obligated to protect your data.
- Legal requirements — if required by law, court order, or governmental regulation.
- Safety — to protect the rights, safety, or property of our users or the public.
- Business transfer — if Monographs is acquired or merged, your data may transfer to the new owner. We will notify you of any such transfer and your options regarding your data.
8. Data Retention
- Active accounts — we retain your data for as long as your account is active.
- Account deletion — when you delete your account, your personal data, profile, and library data are permanently deleted from our production servers within 30 days. Data in automatic database backups is purged as backups are rotated, typically within 7 days.
- Anonymized data — aggregated, anonymized analytics data (which cannot identify you) may be retained indefinitely.
- Server logs — transient server logs (API request logs processed by Cloudflare) are retained according to Cloudflare's retention policy and are not stored by us separately.
9. Your Rights
Regardless of your location, you can:
- Delete your account and all associated data at any time from within the app, in your profile settings (Profile → Settings → Delete account). Your data is then removed as described under Data Retention above. You may also request account deletion by emailing chris@monographs.ink.
- Update your profile information directly in the app.
- Disable push notifications in your device settings.
If you are in the EEA, UK, Switzerland, or California, you have additional rights:
- Access — request a copy of the personal data we hold about you.
- Export — request a machine-readable export of your data.
- Correction — request correction of inaccurate data.
- Restriction — request that we limit how we process your data.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at chris@monographs.ink. We will respond within 30 days.
California residents (CCPA/CPRA): You have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. You will not receive discriminatory treatment for exercising your rights.
10. International Data Transfers
Your data is stored on servers in the United States operated by Supabase and Cloudflare. If you are located outside the United States, your data will be transferred to and processed in the United States. Our service providers maintain appropriate safeguards for international data transfers.
11. Cookies and Local Storage
The Monographs mobile app does not use cookies. It stores authentication tokens and cached data using on-device storage (AsyncStorage on iOS/Android). If you use the web version:
- Local storage — used to store your authentication session and cache your library data for faster loading. This data stays in your browser and is not sent to third parties.
We do not use tracking cookies, advertising cookies, or any third-party cookies.
12. Security
We protect your data with measures including:
- Encryption in transit (TLS/HTTPS) and at rest
- Row-level security ensuring users can only access their own data
- Passwords hashed using industry-standard algorithms by our authentication provider (never stored in plain text)
- Authentication via trusted providers (Apple, Google) where possible
While we take reasonable precautions, no method of electronic transmission or storage is completely secure. If we become aware of a data breach that affects your personal data, we will notify you and any applicable regulators as required by law.
13. Children's Privacy
Monographs is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected data from a child under the applicable age, we will delete it promptly. If you believe a child has provided us with their data, please contact us at chris@monographs.ink.
14. Changes to This Policy
We may update this policy as we add features or as legal requirements change. When we make changes:
- We will update the "Last updated" date at the top of this page.
- For material changes (new data collection, new third-party services, introduction of advertising), we will notify you via the app or email before the changes take effect.
- Continued use of the app after changes constitutes acceptance of the updated policy.
15. Contact
If you have questions about this privacy policy, want to exercise your data rights, or have a privacy concern, contact us at:
chris@monographs.ink