Privacy Policy

Last updated: March 2026

1. Introduction

BookKraft AI ("BookKraft", "we", "us", or "our") operates the website bookkraftai.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our eBook formatting tools. By using BookKraft AI, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Account Information

• Email address (required for account creation)
• Password (hashed, never stored in plain text)
• Authentication tokens (for session management)

2.2 Usage Data

• Which tools you use and how frequently
• Credit purchase and usage history
• Tool run history (inputs and outputs, stored for your reference)
• Word counts processed per tool run

2.3 Content You Provide

• Manuscript text you paste or upload into our tools
• .docx files uploaded for processing (stored temporarily in Cloudflare R2 with a 24-hour TTL)
• Metadata you enter (book title, author name, keywords, descriptions)

2.4 Payment Information

• Payment processing is handled entirely by Paddle.com. We never see, store, or process your credit card number, CVV, or full billing details.
• We receive from Paddle: your email, the product purchased, the amount paid, and the transaction ID.

2.5 Automatically Collected Information

• IP address (for rate limiting and abuse prevention)
• Browser type and version
• Pages visited and time spent

3. How We Use Your Information

• To provide and operate the BookKraft AI formatting tools
• To process your purchases, manage your credit balance, and track usage
• To send important account and service emails (password resets, purchase confirmations)
• To enforce word limits and rate limits per your access level
• To improve our tools and user experience based on aggregated, anonymised usage patterns
• To send our newsletter (only if you opt in — you can unsubscribe at any time)
• To prevent fraud, abuse, and unauthorised access

4. Third-Party Services

We use the following third-party services to operate BookKraft AI:

• Supabase — Authentication and database hosting. Your email and account data are stored in our self-hosted Supabase instance.
• Anthropic (Claude AI) — AI tool processing. When you run an AI tool, your text is sent to Anthropic's API for processing. Anthropic does not train on your data. See Anthropic's Privacy Policy.
• Paddle — Payment processing. See Paddle's Privacy Policy.
• Brevo — Newsletter and transactional email delivery.
• Cloudflare — CDN, DNS, and R2 object storage for temporary file storage.

5. Data Retention

• Account data: Retained as long as your account is active.
• Tool run history: Stored until you delete it or delete your account.
• Uploaded .docx files: Automatically deleted from R2 storage after 24 hours.
• Generated EPUB files: Automatically deleted after 7 days.
• Account deletion: When you delete your account, all associated data (history, credits, purchases, projects) is permanently removed via database cascade. This process is irreversible.

6. Data Security

We implement industry-standard security measures including:

• HTTPS encryption on all connections
• Row Level Security (RLS) on all database tables — you can only access your own data
• Paddle webhook signature verification on all payment events
• Rate limiting on all API endpoints to prevent abuse
• Hashed passwords (via Supabase Auth — bcrypt)
• R2 bucket is private — file access via signed URLs only

7. Cookies

We use minimal cookies required for authentication (Supabase session cookie). We do not use advertising cookies, tracking pixels, or any third-party analytics cookies.

8. Your Rights

You have the right to:

• Access your personal data (via your Account page)
• Delete your account and all associated data (via Account > Danger Zone)
• Export your tool run history (via the History page)
• Unsubscribe from marketing emails at any time (one-click unsubscribe in every email)
• Request information about what data we hold — email us at the address below

9. Children's Privacy

BookKraft AI is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of BookKraft AI after any changes constitutes acceptance of the new policy.

11. Contact

For any privacy questions, data requests, or concerns:

• Email: hello@bookkraftai.com
• Website: bookkraftai.com/contact