Privacy Policy

Last updated: March 13, 2026

1. Who We Are

Minibieb ("we", "our", "us") is a mobile application and web service operated from the Netherlands that helps users discover and contribute to mini libraries (minibiebs) and track their reading progress.

Operated by: Matheu Consulting (KVK 90351649)
Contact: support@minibieb.app

2. What Data We Collect

2.1 Account Information

When you create an account, we collect:

• Email address (required for account creation and communication)
• Display name (optional, chosen by you)
• Profile avatar (optional)
• Google account info (if you sign in with Google: name, email, profile picture)
• Apple account info (if you sign in with Apple: name, email or private relay address)

2.2 Reading Activity

When you use our reading features, we collect:

• Books you add to your library (title, author, ISBN)
• Reading status (reading, read, want to read)
• Ratings and reviews you provide
• Reading progress (pages read, percentage complete)
• Reading sessions (duration, pages read per session)
• Custom shelves and book organization
• Reading goals you set

2.3 Location Data

• When you use the map: Your approximate location to show nearby minibiebs
• When you contribute: The location of minibiebs you add or verify

Location data is only collected when you actively use location features and grant permission. Your precise location is never stored on our servers; it is only used in real-time to calculate distances.

2.4 User-Generated Content

• Minibieb information you submit (name, description, opening hours)
• Photos you upload (optional)
• Verifications you make ("This minibieb is still here")
• Flags or reports you submit

2.5 Log and Device Data

• IP address (for security and fraud prevention)
• Browser type and version
• Pages visited and features used
• Device type, operating system, and screen size
• Referring URL and exit pages

This data is used for security, troubleshooting, and improving our service.

3. Legal Bases for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide the Minibieb service, manage your account, and deliver the features you request.
• Legitimate Interest: To improve our service, prevent fraud, ensure security, and analyze usage patterns (anonymized).
• Consent: For optional features like location services, marketing communications, and push notifications. You can withdraw consent at any time.
• Legal Obligation: When required to comply with applicable laws or respond to legal requests.

4. How We Use Your Data

4.1 To Provide the Service

• Display your profile and contributions
• Show you minibiebs near your location
• Track your reading progress and goals
• Process your submissions and verifications
• Send transactional emails (account verification, password reset)

4.2 Service Improvement

We use aggregated, anonymized data to:

• Generate popularity charts and book recommendations
• Understand which features are most useful
• Improve the Minibieb experience for all users

4.3 With Your Consent

We may use your email to send:

• Service updates and new features (if opted in)
• Community newsletters (if opted in)
• Reading streak reminders (if enabled)

You can manage your email preferences at any time and unsubscribe from non-essential communications.

4.4 Push Notifications

If you enable push notifications, we send periodic notifications about reading streaks, goal milestones, and community activity. Push notification subscription endpoints are stored on our server and deleted when you disable notifications or delete your account. You can manage push notification preferences in Settings → Notifications.

5. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw any consent you've given at any time

To exercise your rights: Email support@minibieb.app with your request. We will respond within one month. For complex or numerous requests, this may be extended by up to two additional months with prior notification.

6. Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. Minibieb makes this easy:

• Export Feature: Go to Settings → Export My Data to download a complete JSON file containing your books, shelves, reading sessions, and goals.
• Format: Your export includes all reading data, custom shelves, account information, billing history, and purchases in JSON format.
• No Restrictions: You can export your data at any time, as often as you like.

7. Data Import

Minibieb allows you to import your reading history from other services (GoodReads, StoryGraph):

• What We Import: Book titles, authors, ISBNs, ratings, reading status, and custom shelf assignments.
• Processing: Imported data is matched to our book database and stored in your personal library.
• Your Responsibility: You are responsible for ensuring you have the right to export data from other services and that the imported data is accurate.

8. Data Sharing

We Do NOT:

• Sell your personal data to third parties
• Share your email with advertisers
• Use your data for targeted advertising
• Share your reading activity without your consent

We May Share:

• Aggregated, anonymized statistics (e.g., popular books)
• Data with service providers who help operate Minibieb (see Third-Party Services)
• Information when required by law or to protect rights and safety

9. Third-Party Services

We use the following third-party services to operate Minibieb:

9.1 Essential Services (Always Active)

• Supabase · Database hosting and authentication (EU region, GDPR compliant). Processes account data and all user content.
• Google OAuth · If you choose "Sign in with Google", Google shares your name, email address, and profile picture with Minibieb to create your account. We do not receive your Google password. Google's processing is governed by Google's Privacy Policy. Location: USA (EU Standard Contractual Clauses).
• Apple Sign-In · If you choose "Sign in with Apple", Apple shares your name and email address with Minibieb to create your account (you may choose to hide your email, in which case Apple provides a private relay address). We do not receive your Apple password. Apple's processing is governed by Apple's Privacy Policy. Location: USA (EU Standard Contractual Clauses).
• Vercel · Website hosting. Processes IP addresses for serving web pages. Location: USA (EU Standard Contractual Clauses).
• Resend · Transactional email delivery. Processes email addresses to send account notifications. Location: USA (EU Standard Contractual Clauses). Resend Privacy Policy

9.2 Payment Processing

• Mollie B.V. · Payment processing for Premium subscriptions and in-app purchases (EU-based, GDPR compliant, PCI DSS Level 1 certified). Processes email address, payment method details, transaction amounts, and a customer identifier. Minibieb never stores your card numbers or bank details. Legal basis: Contract Performance.
  Mollie Privacy Policy

9.3 Fonts

• Google Fonts · Typefaces (Playfair Display, Lora, DM Sans) are downloaded at build time and self-hosted on our servers. Your browser never contacts Google's servers to load fonts. No personal data is shared with Google through font loading.

9.4 Book & Map Data (No Personal Data Shared)

• Open Library · Book metadata and cover images. Only ISBNs and book titles are sent (no user data).
• Google Books API · Additional book metadata. Only ISBNs and book titles are sent (no user data).
• ISBNdb · Book cover images and metadata. Only ISBNs are sent (no user data).
• New York Times Books API · Bestseller rankings. Only an API key is sent, no user data.
• debestseller60.nl · Dutch bestseller rankings. Only public ranking data is fetched, no user data is sent.
• OpenStreetMap/Nominatim · Map data and geocoding for the Netherlands, Belgium, Luxembourg, Germany, and France. Public bookcase locations are sourced from OpenStreetMap under the Open Database License (ODbL). Location searches are not linked to your account. When you submit a new minibieb location, coordinates are sent to Nominatim for address verification; the verified address is stored in our database linked to your submission.
• MapLibre GL / OpenFreeMap · Map tile rendering. Your IP address may be logged by tile servers.
• Open-Meteo · Weather data for personalized greetings. Approximate coordinates and your IP address are sent from your browser to Open-Meteo's servers. No account identifiers are included.

9.5 AI Features (Requires Functional Cookie Consent)

• Anthropic Claude · AI-powered book recommendations, content warnings, and reading insights. When you view book details with AI features enabled, we send book metadata (title, author, genres) to generate personalized recommendations. For Minibieb Plus subscribers, we also send reading metadata (titles, authors, genres, ratings, and finish dates of your recent books) to generate personalized reading insights about your patterns and habits. No account information or personal identifiers are sent to the AI service. All AI features require "Functional" cookie consent and can be disabled in your cookie preferences. Location: USA (EU Standard Contractual Clauses).

9.6 Analytics & Error Tracking (Requires Consent)

• Vercel Speed Insights · Aggregated web performance metrics (page load times, Core Web Vitals). Only active if you consent to "Analytics" cookies. No personal data is collected. Location: USA (EU Standard Contractual Clauses).
• Vercel Web Analytics · Privacy-friendly page view analytics. Only active if you consent to "Analytics" cookies. No personal data or cookies are used. Location: USA (EU Standard Contractual Clauses).
• Sentry · Error monitoring to improve app stability. Collects error reports, device info, and usage context when errors occur. When analytics consent is granted, Sentry may record session replays (anonymized screen recordings) to help diagnose errors. All form inputs and text are masked in replays. Client-side tracking is only active if you consent to "Analytics" cookies. Server-side error logging operates under our legitimate interest (GDPR Article 6(1)(f)) in maintaining service stability and security. Location: USA (EU Standard Contractual Clauses).

9.7 Affiliate Links

• Bol.com · Affiliate links for book purchases (Netherlands). No data is shared until you click a link.

When you click affiliate links to external retailers, you become subject to that retailer's terms of service and privacy policy. We encourage you to review their policies before making purchases.

10. Offline Mode & Local Storage

Minibieb supports offline use. When your device loses internet connectivity, certain actions (such as logging reading sessions or updating progress) are temporarily stored on your device using IndexedDB, a browser-based database. This data:

• Is stored only on your device and is never shared with third parties
• Is automatically synced to our servers when your connection is restored
• Is cleared from your device after successful sync
• Contains only the actions you performed while offline (no additional data is collected)

We also cache recent API responses locally to allow browsing while offline. This cache is best-effort and automatically cleared when full or when you clear your browser data.

11. Data Retention

• Active Accounts: Your data is kept as long as your account is active and you continue to use Minibieb.
• Account Deletion: When you delete your account, all personal data is permanently deleted immediately upon confirmation.
• Inactive Accounts: We may delete accounts that have been inactive for more than 7 years, after providing advance notice.
• Legal Requirements: Some data may be retained longer if required by law.
• Payment Records: Payment and subscription records are retained for 7 years as required by Dutch fiscal law (Algemene wet inzake rijksbelastingen).
• Push Subscriptions: Push notification subscription endpoints are retained until you disable notifications or delete your account.
• Minibieb Submissions: Location data (public infrastructure) is retained indefinitely. Your submitter identity is removed when you delete your account.

12. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Access controls and authentication
• Regular security reviews

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

• We will notify affected users within 72 hours of becoming aware of the breach.
• We will report the breach to the relevant supervisory authority as required by GDPR.
• We will provide information about the nature of the breach and recommended actions you should take.

14. Automated Decision-Making & Profiling

Minibieb uses limited automated processing to enhance your experience:

• Reading Portrait: We analyze your reading history (genres, pace, ratings) to generate a reader archetype and trait profile. This is purely informational and does not affect your access to features or content.
• AI Book Recommendations: When functional cookies are enabled, we send book metadata (not personal data) to Anthropic Claude to generate "Will I like this?" blurbs and content warnings. These recommendations do not restrict your access to any books.
• Streak & Badge Calculations: Reading streaks, badges, and goals are computed automatically from your logged activity.

None of these automated processes produce legal effects or similarly significant effects on you (GDPR Article 22). You are not subject to decisions based solely on automated processing that affect your rights.

15. Data Provision Requirements

To use Minibieb, you must provide an email address for account creation (contractual requirement). All other data (display name, reading activity, location) is voluntary. Failure to provide an email address means you cannot create an account, but you can still browse the minibieb map without signing in.

16. International Data Transfers

Minibieb primarily processes data within the European Union/European Economic Area (EU/EEA). The following services transfer data to the United States, protected by Standard Contractual Clauses (SCCs) approved by the European Commission:

• Vercel (hosting)
• Resend (email delivery)
• Sentry (error monitoring, requires consent)
• Anthropic Claude (AI features, requires consent)
• Google OAuth (sign-in, if used)
• Apple Sign-In (sign-in, if used)

All other services operate within the EU/EEA or process no personal data.

17. Children's Privacy

Minibieb is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately.

18. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email (if you have an account) and post a notice in the app. Continued use after changes constitutes acceptance of the updated policy.

19. Contact Us

For privacy-related questions, to exercise your rights, or to file a complaint:

Email: support@minibieb.app
Operator: Matheu Consulting (KVK 90351649)

Supervisory Authority:
If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority. In the Netherlands:

Autoriteit Persoonsgegevens
https://autoriteitpersoonsgegevens.nl

See also: Terms of Service · Cookie Policy