Privacy Policy

Last updated: June 29, 2026

BookSylo is a mobile app for iOS and Android. This privacy notice summarizes what data the app stores, how it uses public information, and how subscription and support processors help operate the service.

Contact: support@mail.booksylo.com

Terms

What BookSylo Collects

  • Tracked books, including ASIN, marketplace, format, title, author, cover image URL, rank/review/rating/price snapshots, category ranks, badges, private labels, private notes, and custom grouping/order settings.
  • Push notification tokens, device platform, notification language, notification preferences, quiet hours, daily-summary time, snooze state, and pause state.
  • Optional account email, password hash, email-verification tokens, password-reset tokens, and account-deletion request records.
  • Subscription status fields, such as plan, status, store, entitlement code, product id, RevenueCat app user id/customer id, transaction identifiers, management URL, renewal/trial/current-period timestamps, webhook event ids, and RevenueCat webhook payloads.
  • User-submitted support diagnostics, such as app version, build number, platform, OS version, device model, locale, timezone, user ID, API base URL, push-token tail, screenshot URL if supplied, support category, subject, and message.
  • Crash/error reporting data when Sentry is configured, such as runtime error details, stack traces, app/service environment, and release metadata.

What BookSylo Does Not Collect

Subscription payments are handled through Apple App Store or Google Play billing and RevenueCat. BookSylo receives subscription status and store identifiers needed to decide whether your account has Pro entitlement, but it does not receive your full payment card number.

  • Amazon account credentials.
  • Amazon passwords or logins.
  • Sales, royalties, or KDP account data.
  • Payment card numbers.

How Public Data Is Used

BookSylo reads only public Amazon page signals for your tracked books, such as reviews, ratings, rank, price, category ranks, and badges. It does not connect to Amazon accounts and uses only publicly available information.

The worker periodically checks configured public data sources, stores normalized snapshots, detects meaningful changes, and creates notification events. BookSylo does not store long-term raw Amazon page bodies.

How BookSylo Uses Data

  • Keep your tracked-book list synced across the app and API.
  • Show book metrics, history, labels, notes, groups, and recent activity.
  • Send push notifications and daily summaries when your preferences allow them.
  • Enforce Free and Pro plan limits.
  • Support account signup, login, email verification, password reset, and account deletion.
  • Respond to support requests and troubleshoot issues.
  • Detect crashes and operational errors when crash reporting is configured.
  • Protect the service through validation, rate limiting, logging, and abuse prevention.

Third-Party Processors

BookSylo does not sell personal data.

  • Expo: delivers push notifications to registered devices.
  • RevenueCat: manages subscription entitlement and purchase/restore state for Apple App Store and Google Play billing.
  • Google Play billing and Apple App Store billing: process mobile subscription purchases. BookSylo does not receive payment card numbers.
  • Railway: hosts the API and worker services.
  • Neon: hosts the Postgres database used by the API and worker.
  • Resend: sends account verification, password reset, and support case emails when email delivery is configured.
  • Sentry: collects crash/error reports for mobile, API, and worker when the Sentry DSN is configured.

Retention And Deletion

BookSylo keeps account, tracked-book, notification, support, and subscription records while your account is active and as needed to operate the service, troubleshoot issues, enforce plan limits, or satisfy legal and operational requirements.

You can request account deletion in the app from Profile. The current implementation creates an account-deletion request and starts a 30-day grace period. During that period, the account remains recoverable. Logging in again before the purge runs cancels pending deletion requests for that account.

After the grace period, the worker purge process hard-deletes expired pending account-deletion requests by deleting the user record. Related tracked books, notification settings, push tokens, labels, notes, groups, support tickets, subscription state, and other user-linked records are removed through database cascade rules where implemented.

If you need help with deletion or privacy questions, contact support@mail.booksylo.com.

Security

BookSylo validates API input, uses hashed passwords for registered accounts, rate-limits sensitive account/support routes, and avoids logging raw authorization headers or full push tokens in normal diagnostics.

Children's Privacy

BookSylo is intended for authors and book publishers, not children. Do not use BookSylo if you are not old enough to use mobile subscription services in your region.

Changes

BookSylo may update this policy as the app, processors, or legal requirements change. The "Last updated" date will change when the policy is updated.

Contact

If you have privacy questions or need help, contact support@mail.booksylo.com.