Digitalbook Ltd

Privacy Policy

UK GDPR Compliant — Effective March 2026
Version 2.0 · Last reviewed: March 2026

Digitalbook Ltd | Company number: 10595072

140 Rayne Road, Braintree, Essex, England, CM7 2QR

Email: admin@digitalbook.io | Website: www.digitalbook.io

1. Who We Are

Digitalbook Ltd ("Digitalbook", "we", "us", "our") is the Data Controller responsible for your personal data. We are a company registered in England and Wales under company number 10595072, with our registered office at 140 Rayne Road, Braintree, Essex, England, CM7 2QR.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at:

Email: admin@digitalbook.io
Post: Data Privacy, Digitalbook Ltd, 140 Rayne Road, Braintree, Essex, CM7 2QR

You also have the right to lodge a complaint with the UK's data protection supervisory authority, the Information Commissioner's Office (ICO), at www.ico.org.uk or by calling 0303 123 1113.

2. What Personal Data We Collect

We collect and process the following categories of personal data about you:

2.1 Account and Identity Data

Your name
Your email address
Your login credentials (stored in encrypted form)
Your Google or Apple account details, if you choose to sign in via those services

2.2 Reading and Usage Data

Your bookmarks and saved book references
Your reading history and recently viewed titles
Your favourite books and preferences
URLs accessed within the application

2.3 Subscription and Payment Data

Your subscription plan and status
Transaction history and billing dates
Payment method type (e.g. card type) — note: full card numbers and CVV codes are never stored by Digitalbook. All card processing is handled by Stripe, Inc., our PCI-DSS Level 1 certified payment processor.
Billing name and address (if provided during checkout)

2.4 Technical Data

IP address
Browser type and version
Device type and operating system
Session identifiers and cookie data (see our Cookie Policy)

2.5 Communications Data

Any messages you send us via our contact form or by email

3. How and Why We Use Your Data

We are required by law to have a lawful basis for processing your personal data. The table below sets out what we use your data for and the legal basis we rely upon.

Purpose	Data Used	Lawful Basis
Create and manage your account	Name, email, login credentials	Contract performance
Provide the reading and bookmarking service	Reading history, bookmarks, favourites	Contract performance
Process subscription payments	Payment data, billing details, subscription status	Contract performance
Send subscription confirmations and receipts	Name, email, transaction data	Contract performance
Prevent fraud and ensure platform security	IP address, device data, transaction data	Legitimate interests
Improve our products and services	Usage data, reading history (anonymised where possible)	Legitimate interests
Analyse website traffic via Google Analytics	Cookie data, IP address (anonymised)	Consent
Display relevant advertising via Google AdSense	Cookie data, browsing behaviour	Consent
Retain financial records for tax and legal compliance	Transaction history, billing data	Legal obligation
Respond to your enquiries	Communications data, name, email	Legitimate interests
Notify you of changes to our terms or services	Email address	Legal obligation / Legitimate interests

4. How Long We Keep Your Data

We do not keep your personal data for longer than is necessary. Our retention periods are:

Account data (name, email, login): Retained for the duration of your account, plus 12 months after closure to handle any final queries or disputes.
Reading history, bookmarks and favourites: Retained for the duration of your account. Deleted immediately upon account deletion.
Subscription and transaction records: Retained for 7 years from the date of transaction to comply with HMRC and UK tax law. This creates a legal exception to the right of erasure for financial records.
Technical / log data: Retained for up to 12 months for security monitoring purposes.
Communications: Retained for 3 years, or longer if relevant to a legal dispute.
Analytics data: Processed by Google Analytics in accordance with Google's retention settings (typically 26 months). IP addresses are anonymised before transmission.

When retention periods expire, data is securely deleted or anonymised so that it can no longer be associated with you.

5. Sharing Your Data

We do not sell, rent, or trade your personal data. We share it only in the following circumstances:

5.1 Stripe — Payment Processing

We use Stripe, Inc. to process subscription payments. When you subscribe, your payment data is transmitted directly to Stripe over encrypted connections. Stripe is PCI-DSS Level 1 certified. Stripe acts as both a data processor on our behalf and, for certain fraud prevention and financial compliance purposes, as an independent data controller. Please review Stripe's Privacy Policy at stripe.com/gb/privacy.

5.2 Google — Analytics and Advertising

We use Google Analytics to understand how our service is used, and Google AdSense to display advertising. Google may collect data via cookies, including your IP address (which is anonymised before storage). Google acts as an independent data controller for these services. Please review Google's Privacy Policy at policies.google.com/privacy.

5.3 Service Providers

We may share your data with other carefully selected third-party suppliers who provide services on our behalf (such as hosting providers and email delivery services). These suppliers act as data processors and are contractually bound to use your data only on our instructions and in compliance with UK GDPR.

5.4 Business Transfers

If Digitalbook Ltd is acquired, merges with another company, or undergoes a restructuring, your personal data may be transferred to the new entity as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5.5 Legal Requirements

We may disclose your data where required by law, court order, or to protect the rights, property, or safety of Digitalbook, our users, or others.

6. International Data Transfers

Some of our service providers — including Stripe and Google — operate servers outside the UK and EEA. Where your data is transferred internationally, we ensure it is protected by appropriate safeguards, including:

Standard Contractual Clauses (SCCs) approved by the UK ICO or European Commission, or
Transfers to countries that have received an adequacy decision from the UK government or European Commission.

You can request information about the specific safeguards in place for any international transfer by contacting us at admin@digitalbook.io.

7. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access: You can request a copy of the personal data we hold about you (a Subject Access Request).
Right to rectification: You can ask us to correct inaccurate or incomplete data.
Right to erasure: You can ask us to delete your data where there is no compelling reason for us to continue processing it. Note that we may be required to retain certain financial records for legal compliance.
Right to restrict processing: You can ask us to pause processing of your data in certain circumstances.
Right to data portability: You can request a copy of data you have provided to us in a structured, commonly used, machine-readable format.
Right to object: You can object to processing based on legitimate interests or for direct marketing purposes.
Rights in relation to automated decision-making: We do not make decisions about you based solely on automated processing. If this changes, we will update this policy accordingly.
Right to withdraw consent: Where processing is based on consent (e.g. analytics and advertising cookies), you can withdraw consent at any time. Withdrawal will not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at admin@digitalbook.io. We will respond within 30 days. You will not be charged for making a request, and we will not require you to justify your request.

You also have the right to complain to the ICO at www.ico.org.uk if you believe we have not handled your data lawfully.

8. Account Deletion

You can delete your account at any time by navigating to Settings and selecting "Delete account". Upon deletion:

Your name, email address, reading history, bookmarks, and favourites will be permanently deleted.
Transaction records will be retained for 7 years as required by HMRC tax regulations — this is a legal obligation and cannot be waived.
You should also revoke Digitalbook's access from your Google account if you used Google Sign-In, via myaccount.google.com/permissions.

Deleted data cannot be recovered.

9. Children

The Digitalbook service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have done so, we will delete it promptly. If you believe a child under 13 has provided us with personal data, please contact us at admin@digitalbook.io.

Where a subscription is taken out on behalf of a minor aged 13–17, the account holder must be the parent or guardian, who accepts responsibility for ensuring appropriate use.

10. Security

We take the security of your personal data seriously. We use appropriate technical and organisational measures including:

Encrypted transmission of all data using TLS/HTTPS
Encrypted storage of passwords
Restricted internal access to personal data on a need-to-know basis
PCI-DSS compliant payment processing via Stripe (we do not store card details)
Regular security reviews of our systems and third-party processors

No method of transmission over the internet is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required by law.

11. Cookies

We use cookies and similar technologies on the Digitalbook platform. For full details of the cookies we use, the purposes for which we use them, and how to manage your preferences, please see our Cookie Policy at www.digitalbook.io/cookie-policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by a prominent notice on our website, and we will update the "Last reviewed" date at the top of this document. Your continued use of the service after notification constitutes acceptance of the updated policy.

Where a change affects your rights in a material way, we will seek your renewed consent where required.

13. Contact Us

For any questions, concerns, or to exercise your data subject rights, please contact us:

Email: admin@digitalbook.io
Post: Data Privacy, Digitalbook Ltd, 140 Rayne Road, Braintree, Essex, CM7 2QR

We aim to respond to all enquiries within 5 working days and to resolve all data subject requests within 30 calendar days.