Privacy Policy - BookStream

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information when you use BookStream's eBook subscription service.

Last Updated: July 11, 2025

Table of Contents

1. Data Controller

BookStream eBook Services

Address: [Your Business Address]

Email:

Data Protection Officer:

BookStream is the data controller responsible for your personal data. We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. What Data We Collect

Customer Account Data

  • Unique Customer ID (automatically generated)
  • First and last name
  • Email address
  • Address details (street, postal code, city, country)
  • Phone number (optional)
  • Account password (encrypted with bcrypt)

Payment Information

  • Payment method (credit card, PayPal, SEPA direct debit)
  • Payment dates and amounts
  • Payment status (successful/canceled)
  • For SEPA payments: IBAN and BIC (when required)
  • Subscription start date and billing cycle

Usage and Activity Data

  • Login history with date, time, and IP address
  • Browser information (User-Agent string)
  • Device type (desktop, tablet, smartphone)
  • Download history including eBook titles, authors, download dates, and cart IDs
  • Search queries and browsing behavior
  • Cart activity and confirmation history

Important Note on Payment Data

Credit card details are processed and stored by our secure payment processors (Stripe, PayPal) and are not stored on our servers. We only retain transaction references and payment status information.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Service Provision: To provide access to our eBook library and manage your subscription
  • Account Management: To create and maintain your user account
  • Payment Processing: To process subscription payments and manage billing
  • Download Management: To track and provide download links for eBooks
  • Security: To prevent unauthorized access and protect against misuse
  • Customer Support: To respond to your inquiries and provide assistance
  • Legal Compliance: To comply with legal obligations and generate required documentation
  • Service Improvement: To analyze usage patterns and improve our services
  • Communication: To send important notifications about your account and service updates

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our eBook subscription service
  • Legal Obligation: Processing required to comply with legal and regulatory requirements
  • Legitimate Interest: Processing for security, fraud prevention, and service improvement
  • Consent: Where you have given specific consent for certain processing activities

5. Data Sharing and Third Parties

We only share your data with trusted third parties when necessary:

  • Payment Processors: Stripe, PayPal for secure payment processing
  • Cloud Services: AWS/Google Cloud for hosting and data storage
  • Email Services: For sending account notifications and updates
  • Legal Authorities: When required by law or to protect our rights

Data Protection Guarantee

All third-party providers are contractually bound to protect your data according to GDPR standards. We never sell or rent your personal information to third parties for marketing purposes.

6. Data Security

We implement comprehensive security measures to protect your data:

  • Encryption: All passwords are encrypted using bcrypt hashing
  • HTTPS: All communications are secured with SSL/TLS encryption
  • Access Controls: Strict access controls limit who can view your data
  • Regular Audits: Security assessments and vulnerability testing
  • Secure Storage: Data stored in secure, monitored data centers
  • Download Protection: Time-limited download links tied to your user ID

7. Data Retention

We retain your data for the following periods:

  • Account Data: While your subscription is active and up to 3 years after cancellation
  • Payment Records: 7 years for tax and accounting purposes
  • Login History: 2 years for security monitoring
  • Download History: 3 years for dispute resolution and service improvement
  • Support Communications: 3 years after the last interaction

Data is automatically deleted after the retention period expires, unless legal obligations require longer retention.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access

Request a copy of all personal data we hold about you, including your complete account, payment, and download history.

Right to Rectification

Request correction of inaccurate or incomplete personal data in your account.

Right to Erasure

Request deletion of your personal data when it's no longer necessary or you withdraw consent.

Right to Restriction

Request limitation of processing your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format or have it transferred to another service.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

How to Exercise Your Rights

To exercise any of these rights, contact us at . We will respond within 30 days and may require identity verification for security purposes.

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential Cookies: Required for basic site functionality and account access
  • Performance Cookies: Help us understand how you use our service
  • Preference Cookies: Remember your language and display preferences
  • Security Cookies: Protect against unauthorized access and fraud

You can manage your cookie preferences through your browser settings. However, disabling essential cookies may affect site functionality.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:

  • EU-approved Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Certification schemes and binding corporate rules

11. Children's Privacy

Our service is intended for users aged 16 and above. We do not knowingly collect personal data from children under 16 without parental consent. If you believe we have collected data from a child under 16, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or through a prominent notice on our website. The "Last Updated" date at the top of this page indicates when the policy was last revised.