astereads
SkyLibraryAbout
Sign in
SkyLibraryAboutSign in
⁂

Privacy Policy

Last updated: May 23, 2026

The short version

Astereads stores what you give it (email, username, ratings, books on your shelves) and uses it to power your account and matching. We don't sell your data. We don't track you across the web. We don't run ads. We use cookies only to keep you signed in.

1. What we collect

From you, directly:

  • Email address – for sign-in and account recovery
  • Username (optional) – shown on your public profile
  • Books on your shelves – which books you've marked Want to read / Currently reading / Read / Did not finish
  • Ratings – your overall rating, per-axis vibe ratings, and footnotes
  • Books you add – when you use Request a Book, your user ID is logged in the book's source field
  • Constellation relations – which readers you constellate (follow) and which constellate you back. Used to power the "Inbox" and visibility settings on your profile.
  • Beacon signals – when you tap "Send beacon" on a kindred reader, we store the sender, receiver, and timestamp. We do notstore any free-text message – beacons carry no content.
  • External profile links (optional) – if you choose to share, you can add Twitter, Instagram, Bluesky, Letterboxd, StoryGraph, Goodreads, personal website, or contact email. You control who sees these via Settings.
  • Book requests – if you tap "Report this book" when our search can't find a title you want, we save the title, author, optional ISBN, your note, and your user ID. We use this to manually add the book and notify you when it's available.

Automatically:

  • Authentication cookies – set by Supabase to keep you signed in. Essential only.
  • Server logs – IP address and request paths, kept for up to 30 days for debugging and abuse prevention. Not linked to individual users in analytics.
  • Anti-bot checks – when you sign in, sign up, or reset your password, we use a CAPTCHA challenge that briefly processes your IP address and browser interaction to confirm you're a human. No persistent tracking, no behavioural profiling.
  • Search misses – when a Library search returns no results, we log the search term (not your identity) so we can see what books readers are looking for and prioritise adding them.

We do not collect: location, device fingerprint, behavioral analytics, third-party cookies, social-graph data.

2. Where data is stored

Astereads uses Supabase (PostgreSQL hosted on AWS) for the database and authentication. Data may transit through Supabase regions (US-East by default). The application is hosted on Vercel; static assets are served from Vercel's global edge network.

When you use "Request a Book," we query Google Books, OpenLibrary, and Wikipedia APIs to fetch metadata. These queries do not include your identity – only the ISBN or title+author string you submitted. The third-party services may log the IP of our server (not yours).

Authentication forms (sign in, sign up, password reset) include a Cloudflare Turnstile CAPTCHA to block bots. Turnstile briefly receives your IP address and browser interaction signals; it does not set persistent tracking cookies.

3. Who can see your data

Public on your profile page: your username (or "Reader · XXX" if you didn't set one), your tier badge, your reading fingerprint, books you've marked Read or Did-not-finish, and your overall rating for each.

Constellation status is bilateral: when you open another reader's profile, the Constellate button shows the relationship between you and that one reader – whether you constellate them, they constellate you, or you share a mutual constellation. We do not display a public list of everyone a reader constellates or is constellated by. The full list of your constellations and constellators is private to you, on your own Constellation page.

External links are visibility-controlled: you choose in Settings who can see your "Find me elsewhere" links – everyone, only your constellators, only shared constellations (mutual), or hidden. Default is mutual: only readers in your shared constellation can see them.

Beacons are private: a beacon is visible only to the sender and the receiver. Other readers don't see who sent beacons to whom.

Used for matching (anonymous): your per-axis vibe ratings and reactions. These power Asterism matches with other readers – they see overlap scores (e.g. "78% Taste"), not your individual numbers per book.

Never shown to others: your email address, your footnotes, books on Want-to-read or Currently-reading shelves, and any per-axis ratings on books not on your Read/DNF shelves.

4. Cookies

Astereads uses only essential cookies – no analytics, no advertising, no third-party trackers:

  • Authentication – set by Supabase to keep your session active. Expires when you sign out or after inactivity.
  • Anti-bot challenge – set briefly by Cloudflare Turnstile when you load an auth form, to confirm you're human. Cleared shortly after the form is submitted.

The cookie banner itself stores a single localStorage flag (astereads_cookie_ack) to remember you've seen the notice.

5. Your rights

Under GDPR (EU) and similar regulations elsewhere, you have the right to:

  • Access a copy of your data (ratings, shelves, etc.)
  • Correct inaccurate data – most of this you can do in-app
  • Delete your account and associated data
  • Object to specific processing (e.g. matching)
  • Export your data in machine-readable format

To exercise these rights, email privacy@astereads.com. We respond within 30 days.

6. Children

Astereads is not for users under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with their data, email privacy@astereads.com and we will delete it.

7. Data retention

We keep your account data as long as your account is active. When you delete your account, we remove your personal data within 30 days. This includes your email, username, profile contact links, password, beacons you sent or received, computed match scores with other readers, and book requests you submitted.

Your ratings and shelf entries are not removed but are anonymized: the user identifier on each rating and shelf row is replaced with a fresh random identifier that does not point to any account. These values continue to feed community aggregates (book averages, axis distributions) but can no longer be traced back to you. This approach preserves the integrity of community-level statistics while severing the link to your identity, consistent with GDPR Recital 26 treatment of anonymized data.

Server logs are deleted after 30 days. Backups are deleted after 90 days.

8. Anonymized data, statistics, and research

Astereads may produce anonymized and aggregated data from ratings and reading patterns – for example, average vibe scores for a book, most-rated authors in a genre, or distribution of reading fingerprints across the community. We may use this data to:

  • Improve the product (e.g. tune matching thresholds)
  • Publish statistical insights (e.g. blog posts or sky-wide trends)
  • Conduct internal or external research on reading behaviour
  • Share aggregated findings with academic or industry partners

Anonymized aggregates do not identify individual users and cannot be linked back to your account. Your name, email, footnotes, and per-book ratings are never shared in this form.

9. Security

Passwords are never stored – Supabase handles authentication with industry-standard hashing. All data in transit is encrypted with TLS. Database access is restricted by Row Level Security policies that prevent users from reading each other's private data.

10. External book-data sources

Astereads does not share your data with marketing, ad, or analytics third parties. Beyond our infrastructure (described in Section 2), the only external services we call are public book-data APIs. None of these queries include your identity – we only send the ISBN or title+author you submitted:

  • Google Books API – book metadata lookup
  • OpenLibrary API – book metadata lookup
  • Wikipedia API – book description enrichment

11. Changes

We'll update this Policy if our practices change. Material changes will be announced via email or in-app at least 30 days before they take effect.

12. Contact

Privacy questions or rights requests: privacy@astereads.com

General contact: hello@astereads.com

See also our Terms of Use.

⁂Back to top
astereads· 2026
About·Glossary·Terms·Privacy·Contact

Book metadata from OpenLibrary, Google Books, and Wikipedia. Covers used under fair-use for editorial purposes.