Legal
Privacy Policy
Last updated: June 7, 2026
Short version: Your books, metadata, and reading data live only on your device. Anonymous usage stats (app version, OS — never your books or personal data) are enabled by default and can be turned off anytime in Settings → Privacy. Payment data is handled entirely by Paddle — we never see your card number.
1. Data Controller
For the purposes of the General Data Protection Regulation (GDPR), the UK GDPR, and the Spanish LOPDGDD, the Data Controller is Liber. You can contact us regarding your privacy and data at support@tryliber.com.
2. Data We Collect, Purpose, and Legal Basis
We only collect personal data when strictly necessary. Below is exactly what we collect, why, and our legal basis for doing so:
- Account & License Data: When you purchase Premium, we receive your email address, license key, subscription status, and a random device UUID from our payment processor.
Purpose: To verify your license, provide customer support, and secure your account.
Legal Basis: Performance of a Contract. - AI Features (Premium): If you use Liber AI, text excerpts are sent to our AI proxy and forwarded to our AI provider.
Purpose: To generate AI summaries and insights.
Legal Basis: Performance of a Contract. (Note: We configure our AI providers not to use submitted content for model training where such controls are available). - Cloud Backup (Premium): Your library data is encrypted on your device before transmission. We store the encrypted blob on Cloudflare R2.
Purpose: To provide sync and backup services.
Legal Basis: Performance of a Contract. (Note: We do not have the key to decrypt your data). - App Telemetry (Opt-Out): Anonymous usage data (e.g., app_start, OS platform, app version).
Purpose: To analyze performance, improve the app, and fix bugs.
Legal Basis: Legitimate Interest. You can opt-out and disable this at any time via Settings → Privacy. - Regulatory Records: Transaction data provided by Paddle.
Purpose: Tax, accounting, and compliance.
Legal Basis: Legal Obligation.
3. Data Stored Locally (Never Sent to Us)
The following data never leaves your device (unless you explicitly enable Cloud Backup, in which case it is end-to-end encrypted):
- Your eBook files (EPUB, MOBI, PDF, etc.)
- Book metadata, tags, reading progress, and book cover thumbnails
- Library database and local app settings
4. Cookies and Web Analytics
Our website uses only essential cookies necessary for the website to function. We do not use intrusive tracking cookies or third-party marketing analytics that profile your behavior.
5. Data Sharing and International Transfers
We never sell your personal data. We only share data with trusted processors under strict agreements:
- Paddle.com: Merchant of Record for payments (UK/USA).
- Cloudflare (Processor): Infrastructure and encrypted backup storage (USA/Global).
- Resend (Processor): Transactional emails (USA).
- Google (Gemini) (Sub-processor): Processing text excerpts for AI features (USA/Global).
Where data is transferred outside the European Economic Area (EEA) or the UK, we ensure it is protected by appropriate safeguards, such as the EU-US Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs).
6. Data Retention
We retain your Account & License data for as long as your subscription is active, plus any additional period required by tax and accounting laws (typically up to 6 years). Encrypted cloud backups are deleted when you delete your account or 30 days after your subscription ends. Telemetry data is aggregated and retained for 12 months.
7. Your Privacy Rights
Under the GDPR and UK GDPR, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erasure (Right to be forgotten): Request deletion of your data (e.g., by deleting your account inside the app). Certain records may be retained where required by law, including tax and accounting obligations.
- Restrict or Object to our processing of your data.
- Data Portability: Receive a copy of your data in a machine-readable format.
- Withdraw Consent at any time for processing based on consent (like telemetry).
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
To exercise these rights, email us at support@tryliber.com. You also have the right to lodge a complaint with your local supervisory authority (e.g., the AEPD in Spain or the ICO in the UK).
8. Contact Us
If you have any questions about this Privacy Policy, please contact: support@tryliber.com.