Privacy Policy
Last updated: April 5, 2026
Libraco ("we", "us", or "our") operates the Libraco web application. This policy explains what personal data we collect, for what purposes, and on what legal basis — in line with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
1. Data We Collect
a. Account Information
When you sign in with Google, we receive your name, email address, and profile photo via Google OAuth / Firebase Authentication. You may alternatively register with an email address and password, in which case we store a hashed password via Firebase Authentication. We use this data to create and manage your Libraco account. Your email address is never shown publicly on the platform.
b. Content You Provide
We store the books you add to your shelf, borrow and exchange requests you send or receive, reviews you write, direct messages you exchange with other users, and any reports you submit through the app.
Public book data: Your book shelf — including titles, authors, availability status, and your city and country — is accessible to the public without login as part of Libraco's book discovery feature. Your precise location (e.g. street address or coordinates) is never stored or shared. Owner names, profile photos, and detailed profile information are only visible to authenticated users. Direct messages are private and visible only to the sender and recipient.
c. Uploaded Bookshelf Photos (AI Shelf Scan)
If you use the "Shelf Scan" feature, you upload a photo of your physical bookshelf. This image is transmitted to OpenAI's API, where a vision model reads the book spines and returns a list of detected titles. The image is not stored by Libraco after the scan completes; only the resulting book metadata (title, author) is retained. Please do not upload images that contain identifiable personal information beyond your book spines.
d. IP-Based Location Prefill
When you set up your profile, we use your IP address to suggest a city and country as a convenience prefill. Your IP address is forwarded server-side to ipapi.co (a third-party geolocation service) to perform this lookup. The raw IP address is not stored by Libraco, and the prefilled location is only a suggestion — you can change or clear it at any time. This lookup is performed once during onboarding, not on every page visit.
e. Push Notification Tokens
If you grant permission for push notifications, Libraco stores a Firebase Cloud Messaging (FCM) registration token on your account. This token is used solely to deliver push notifications to your device (for example, new messages, borrow requests, or activity updates). You can withdraw this permission at any time by disabling push notifications in your profile settings or in your device/browser notification settings. Withdrawn tokens are removed from your account.
f. Notification Preferences
You can control whether Libraco sends you push notifications and email notifications from your profile settings at any time. These preferences are stored on your account. Disabling a channel prevents Libraco from sending you that type of notification; in-app notifications are always delivered regardless of these settings.
g. Venue Partner Application Data
If you submit an application for Libraco's venue partner programme (open to bookstores, cafés, libraries, etc.), we collect your contact name, email address, venue name, address, city, country, website, and a short description. This data is stored in our database and used solely to evaluate and respond to your application. We also query the Google Places API using a Place ID you provide to retrieve publicly available venue metadata (rating, location) to assist with verification.
h. Usage and Analytics Data
We use Google Analytics 4 (GA4) to collect anonymised usage data — such as pages visited, session duration, and general device and browser information. GA4 sets cookies named _ga and _ga_* in your browser that persist for up to 2 years. This data helps us understand how the app is used and improve it. We do not build advertising profiles from this data. Google may process this data in accordance with its own privacy policy.
You can opt out of GA4 tracking by installing the Google Analytics Opt-out Browser Add-on or by blocking analytics cookies via your browser settings.
2. Legal Basis for Processing
We process your personal data on the following legal bases (GDPR Art. 6):
- Contract performance (Art. 6(1)(b)) — account creation and management, book requests and exchanges, direct messaging, in-app notifications, push and email notifications (where enabled by you), and the AI Shelf Scan feature.
- Legitimate interests (Art. 6(1)(f)) — basic usage analytics (GA4), IP-based city prefill during onboarding, venue partner verification via Google Places, and platform security. We consider these interests proportionate and not overriding your rights and freedoms.
- Legal obligation (Art. 6(1)(c)) — where required by applicable German or EU law.
3. How We Use Your Information
- To provide and operate the Libraco service.
- To match you with other users for borrowing and exchanging books.
- To deliver in-app, push, and email notifications about requests, messages, and activity on your account — subject to your notification preferences.
- To provide direct messaging between users for book exchange coordination.
- To process AI shelf scans and enrich book metadata.
- To prefill your location during profile setup.
- To surface your book shelf publicly (anonymised — city and availability only) so prospective users can discover available books before signing up.
- To evaluate and manage venue partner applications.
- To improve, debug, and develop the platform.
- To detect and respond to abuse or policy violations.
We do not sell your personal data to any third party.
4. Data Sharing and Third-Party Processors
We share data only with service providers necessary to operate the platform. Each acts as a data processor under our instructions and under appropriate data protection terms:
- Google / Firebase — authentication (Firebase Auth), database (Firestore), file storage (Firebase Storage), and push notification delivery (Firebase Cloud Messaging), hosted on Google Cloud Platform.
- Resend — used to deliver transactional email notifications (e.g. new borrow requests, messages, activity updates). Only your email address and the notification content are transmitted. You can disable email notifications in your profile settings at any time.
- OpenAI — processes uploaded bookshelf photos for the AI Shelf Scan feature. Under OpenAI's API data usage policy, data submitted via the API is not used to train models by default.
- ipapi.co — receives your IP address server-side during profile setup to determine your approximate city and country for prefill purposes.
- Google Analytics 4 — collects anonymised usage data via browser cookies on your device. Data is processed by Google LLC under its privacy policy.
- Google Places API — used to verify venue partner applications by retrieving publicly available venue metadata (location, rating).
Your display name and profile photo are visible to other Libraco users when they view your public shelf or interact with you through requests. Only your city and country are shown to other users — your precise location (street address, coordinates, or postal code) is never stored or shared. Your email address is never shared publicly or with other users.
5. International Data Transfers
Some service providers — including Google (Firebase, GA4, Places API) and OpenAI — are based in the United States. Data transferred to them may be processed outside the European Economic Area (EEA). We rely on appropriate safeguards for such transfers, including the EU–US Data Privacy Framework and Standard Contractual Clauses where applicable. For details, refer to each provider's privacy documentation.
6. Data Retention
We retain your account data for as long as your account is active. If you request deletion, we will remove your personal data from our systems within 30 days, except where retention is required by law. Analytics data held by Google Analytics is subject to Google's retention settings (we use the default 14-month retention window).
Venue partner application data is retained for as long as necessary to process and respond to the application, and for a reasonable period thereafter for record-keeping.
7. Security
We use industry-standard measures — including TLS encryption in transit and access controls — to protect your data. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. Cookies and Local Storage
Libraco uses the following cookies and browser storage:
- Authentication cookies / session tokens — set by our authentication layer (NextAuth.js) to keep you signed in. These are strictly necessary and cannot be disabled without logging out.
- Analytics cookies (
_ga,_ga_*) — set by Google Analytics 4. These persist for up to 2 years and are used to distinguish users and sessions for analytics purposes. You can opt out via browser settings or the Google Analytics Opt-out Add-on. - User preferences (local storage) — stored on your device to remember UI settings such as consent status. This data does not leave your device.
9. Children's Privacy
Libraco is intended for users aged 16 and over. We do not knowingly collect personal data from anyone under 16. This age limit reflects the minimum age for consent to personal data processing under German and EU data protection law (BDSG §8). If you believe we have inadvertently collected data from a person under 16, please contact us and we will delete it promptly.
10. Your Rights
Under the GDPR, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — request deletion of your personal data ("right to be forgotten").
- Restriction — ask us to limit processing in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests. You may, for example, object to analytics tracking by opting out as described above.
To exercise any of these rights, contact us at hello@libraco.app. We will respond within one month as required by the GDPR. You also have the right to lodge a complaint with your national supervisory authority — in Germany, this is the data protection authority of your federal state (Landesdatenschutzbehörde).
11. Changes to This Policy
We may update this policy from time to time. We will post the revised policy on this page with an updated "Last updated" date, and notify you of material changes through the app. Where a change affects processing that requires your consent, we will request that consent before the change takes effect.
12. Contact
Questions about this policy? Reach us at hello@libraco.app.