Privacy Policy

What we collect

Anonymous device identifier. When you first open Pickbook, your device generates a random UUID. This identifier is stored locally on your device and synced through your own iCloud account so that the same identifier works across your Apple devices and survives a reinstall. The identifier is sent to our backend with each request in a header called X-Device-Id. It is not linked to your name, your Apple ID, your email, or any other personal information. We have no way to connect it back to you as a person.

Reading preferences. During onboarding you can pick genres you enjoy and type in a few favorite titles. This helps tailor the daily pick.

Reading activity. When you save a book, change its status to reading or finished, give it a star rating, or interact with the daily pick, that activity is stored against your anonymous device identifier. We also keep a streak count so the app can show your reading habit over time.

Basic request metadata. Like any web service, our backend logs standard information that comes with HTTPS requests, such as the app version, your iOS version, and the IP address of the request. We do not perform IP-based location lookups or build a profile from this metadata.

What we do not collect

• No name, email address, postal address, phone number, or payment information.
• No Apple ID, Sign in with Apple token, or any other authentication identifier.
• No location data. The app does not use Core Location.
• No contacts, camera, photos, or microphone access.
• No advertising identifier (IDFA). Pickbook does not use App Tracking Transparency because there is nothing to track.
• No third-party analytics, crash reporting, or attribution SDKs. There is no Firebase, Google Analytics, Mixpanel, Amplitude, Segment, Sentry, or Crashlytics in the app.
• No social media SDKs. No advertising of any kind.

How we use what we collect

The information above is used only to operate the app: to pick a book to show you each day and avoid repeating titles you have already seen; to remember the books in your library and their status, so they appear correctly when you open the app on another Apple device; to keep your streak and basic activity counters accurate; and to diagnose problems, such as failing requests or broken catalog entries.

That is the entire list. Your reading activity is never sold, rented, traded, or used for advertising.

Third parties

Pickbook relies on a small number of services to function. Here is exactly who is involved and what they see.

Apple. The app is distributed through the App Store, and your anonymous device identifier is synced through Apple's iCloud Key-Value Store. That sync happens inside your own iCloud account; we cannot see it. Apple's handling of your iCloud data is governed by Apple's own privacy policy.

Hetzner Online GmbH. Our backend runs on a virtual server hosted by Hetzner in Germany. All app traffic goes to this server over HTTPS. Hetzner provides the underlying infrastructure but does not have a role in processing the contents of your reading activity beyond hosting the server.

Book catalog providers. To build our catalog of books, our backend queries publicly available book metadata APIs: Google Books, Open Library, and Hardcover. The book covers, titles, authors, publication dates, and publisher-supplied descriptions you see in the app come from these sources. These queries happen on our server, not from your device. We do not send your device identifier, your saved books, your ratings, or any of your activity to these providers. They only see generic catalog queries originating from our server.

Pickbook does not use any artificial intelligence, machine-learning, or large-language-model services. The book summaries you see are publisher-supplied descriptions from the catalog APIs above, and the recommendation engine is rule-based, running on our own server.

There are no advertising networks, data brokers, marketing platforms, or analytics vendors involved.

Storage and security

On your device, Pickbook stores data using Apple's standard SwiftData database, App Group UserDefaults, and iCloud Key-Value Store. On the server, your saved books and reading activity are stored in a PostgreSQL database on a Hetzner VPS in Germany. The server is accessed only over HTTPS.

No system is perfectly secure, but because Pickbook does not collect names, emails, payment details, or any other directly identifying information, the risk of any data leak meaningfully identifying you is very low.

Your rights

You have meaningful control over your data inside the app.

Start over. The Settings screen has a "Start over" button that resets your preferences and onboarding without deleting your server-side data.

Delete profile. The Settings screen also has a "Delete profile" button. Tapping it tells our backend to delete everything associated with your device identifier and resets the identifier on your device. After that, the app treats you as a brand-new anonymous user. This is immediate and permanent.

If you live in the European Economic Area, the United Kingdom, or Switzerland, the GDPR gives you the right to access, correct, delete, and obtain a portable copy of your personal data, and to object to or restrict processing. Because Pickbook only holds an anonymous identifier and the reading activity attached to it, the practical way to exercise the right to deletion is the "Delete profile" button. For access, rectification, or a portable copy of the activity attached to your device identifier, email us and we will help.

If you live in California, the CCPA and CPRA give you the right to know what personal information is collected, to delete it, to correct it, and to opt out of the sale or sharing of personal information. Pickbook does not sell or share personal information, and there is no advertising or cross-context behavioral tracking to opt out of. You can use "Delete profile" at any time, or email us.

You have the right to lodge a complaint with your local data protection authority if you believe your rights have not been respected.

Children

Pickbook is rated for general audiences and is not directed at children under 13 (or under 16 in regions where that is the relevant age). The app does not knowingly collect information from children. If you believe a child has used the app and you would like the associated anonymous data removed, email us and we will take care of it.

International users

Pickbook is available worldwide through the App Store. The backend is hosted in Germany. If you use the app from outside the European Economic Area, your reading activity will be transmitted to and stored on a server in Germany. By using the app, you understand that this transfer takes place. The data involved remains tied only to an anonymous device identifier.

Changes to this policy

If this policy changes in a way that affects what is collected or how it is used, the updated version will be shipped inside a new release of the app with a new effective date. Continuing to use the app after that date means you accept the updated policy.