Privacy Policy
Tome (“the app”) is a self-hosted reading platform for ebooks and audiobooks with optional book-club features. This policy explains what data the app collects, why, and what you can do about it.
Who we are
Tome is operated by Chris Arroyo (“we”, “us”) for personal and small-group use. The mobile app is published under the bundle identifiers app.tome.readtogether (iOS) and com.gettome.tome (Android).
What we collect
- Account data: email address, display name, handle, and an avatar URL you provide. Stored in our hosted Supabase Postgres database.
- Reading data: books on your shelves, reading progress (position, percentage, timestamps), reading sessions, highlights, notes, and audio bookmarks. Stored in Supabase, scoped to your account by row-level security.
- Social data: friendships you accept, library shares you grant or receive, book club memberships, and discussion posts you author. Stored in Supabase.
- Privacy preferences: the visibility settings you set for your library, activity, reviews, highlights, and notes.
- Library files: ebooks and audiobooks you add to your library are stored on the library server you operate or that someone has shared with you. They are never uploaded to our infrastructure.
- Cover art: when a book is added without local cover art, the library server you’re paired with may fetch a cover from public sources (Open Library, Google Books) and cache it on its own disk.
- Diagnostic data: standard server logs (IP address, request path, timestamp) retained for up to 30 days for abuse prevention and debugging.
What we don’t collect
- We do not run third-party analytics or advertising SDKs.
- We do not collect device identifiers (IDFA, AAID) for tracking.
- We do not sell or rent your data.
- We do not transmit the contents of your books or your reading positions to any party other than our own database.
How your data moves
The Tome client talks to two kinds of servers:
- Supabase (Postgres + Auth) for account, social, and reading-progress data. Hosted in the United States.
- Library servers for streaming book files. Each library server is an independent self-hosted instance — your own homelab, or a friend’s — and is operated by the person who set it up. We do not control friends’ library servers.
Sharing
By design, you control what other Tome users see about you through the Privacy settings inside the app (Library, Activity, Reviews, Highlights, Notes). Friendships, library shares, and book-club memberships are explicit actions you take. We do not share your data with advertisers, data brokers, or other apps.
Your rights
- Access & correction: you can edit your profile, handle, avatar, and privacy settings inside the app at any time.
- Deletion: from Profile → Settings → Delete account you can permanently delete your account and all of its associated data. Deletion is immediate and irreversible.
- Export: email [email protected] and we’ll send you a JSON export of your account data within 30 days.
Children
Tome is not directed to children under 13 (or under 16 in the EU/UK). If you believe a child has created an account, contact us and we will delete it.
Security
Account passwords are managed by Supabase Auth and stored as bcrypt hashes. Authenticated requests use short-lived JWTs over TLS. Library files served by other users’ library servers are protected by per-collection access grants enforced server-side.
Changes
If we make material changes to this policy we’ll update the Last updated date at the top and, where appropriate, notify you in the app. Continuing to use Tome after a change means you accept the revised policy.
Contact
Questions? Email [email protected].