Privacy policy for Booky

2.1 Library and wishlist data

Book entries such as title, author, language, category, notes, read/sold state, rating, format, total pages, current page or reading progress, optional UTC timestamps for reading start and finish, a slim local reading activity history with stored progress events, ISBN, covers, whether a cover was selected manually, whether an entry belongs to the library or wishlist, and for library books optionally the UTC timestamp of when a book was first added are stored locally on your device.

2.2 Export, import, and local backups

If you use export/import, Booky creates or reads transfer files selected by you. Export files can include covers depending on your choice. In addition, Booky can create local restore points on your device, either manually or automatically according to your backup settings. These transfer files and restore points can also include the format, reading start, reading finish, and reading activity data stored for a book.

2.3 Optional Google cloud backup

If you enable the optional Google cloud backup, Booky stores a private app snapshot in a private area of your Google Drive account reserved for Booky. This can include library and wishlist data, relevant cover files, stored format, reading start, reading finish, and reading activity data for books, and snapshot metadata such as total entry count, separate library and wishlist counts, generation time, app version, and device name.

To show connection status in the app, Booky may also keep local sync metadata such as timestamps of successful syncs, known cloud snapshot times, total entry counts, library and wishlist counts, and local error or reconnect state. Google does not provide Booky with account name or email address in this authorization flow.

2.4 ISBN, title, and author lookup

When you load book data via ISBN, title, or author search, or manually search for a cover by title inside the app, the ISBN or query is normally first sent to a Booky server operated by SolidStack. The app uses canonical Booky endpoints for ISBN, title, and author requests. That server orchestrates the request server-side and forwards it, depending on source availability, language, search mode, and fallback, to Google Books, the German National Library (DNB SRU), and/or Open Library. Technical response caches can be reused on the server. The server may also proactively refresh popular cache entries in the background before they expire, so frequently requested results stay up to date.

In addition, the server may build a server-side knowledge library from successful lookup results, collecting derived book metadata such as titles, authors, languages, categories, page counts, and cover links to enrich future search results and improve result quality. The server may further supplement entries in this knowledge library in the background with publicly available metadata from the German National Library, such as original titles, translators, or series information.

For books already stored locally with ISBN data, Booky may also perform limited background lookups to supplement missing total page counts. To improve language quality, especially for English Google Books results, the server may additionally use a separately configured Booky relay or an additional server location in another region, including the United States. If the Booky server is temporarily unreachable, Booky may instead use a degraded outage fallback and query Google Books directly from your device so the lookup can still continue.

For proxy-bound Android server requests, the app may additionally attach a Play Integrity token generated by Google Play / Google Play services together with a request-specific hash. The Booky server verifies this information server-side against the Google Play Integrity API to distinguish genuine app traffic from abuse; direct outage-fallback requests to Google Books do not include this Booky-side server verification.

The server also stores privacy-reduced technical logs for troubleshooting, abuse protection, rate limiting, and operational diagnostics. These logs are not intended to store your raw search query, but instead use minimized technical data, hashed fingerprints, and operational attributes such as provider, operation, language, cache status, data source, search mode, integrity status, latency, response size, platform, app version/app build, and coarse error types. These logs can be viewed internally through an administrative Booky dashboard; the same dashboard also allows internal access to server-side cache entries and knowledge library data. Raw Play Integrity tokens are not intended to be stored in the audit log.

2.5 Suggestions

If you enable personal suggestions, Booky builds a reading profile locally on your device from your library and wishlist. This can involve local processing of authors, languages, categories, series, ratings, read state, and terms derived from titles and descriptions.

Booky may also store a refreshable local suggestion state containing, for example, externally loaded candidate metadata, prepared visible suggestion snapshots, diagnostics, and your suggestion feedback. External suggestion lookups use only derived search signals such as author, category, series, title keywords, ISBN, or thematic terms, sent to the Booky server and from there to Google Books and/or Open Library, never your complete library as one upload. The same cache, logging, fallback, and language-quality mechanisms described in section 2.4 also apply here.

2.6 Cover downloads and your own cover photos

Missing covers can be downloaded through the Booky server from available metadata sources and stored locally. The server may technically cache cover responses to reduce external rate-limit pressure. If you select a cover manually, the chosen cover is stored locally and marked as manually set in the app. You can also add your own cover via the camera or the photo gallery. Such photo covers are stored exclusively on your device and are not transmitted to Booky servers or any third party. The images are re-encoded when saved; metadata such as EXIF location information is not preserved. Because your own photo covers cannot be reconstructed from the internet, they are always included in local backups, exports, and – if you have enabled it – in the Google cloud backup, even if you choose "reload covers after import" during export.

2.7 Camera permission

The camera is used only for features you actively trigger: scanning ISBN barcodes and capturing your own cover photo. Barcode recognition is performed entirely on your device using Google ML Kit (on-device API). No camera images are transmitted to Google servers. Cover photos you take remain locally on your device and are not sent to Booky servers or any third party.

2.8 Feedback

When you send feedback, your message, a local technical sender identifier, platform information, app version, and the UTC timestamp of the submission are transported via FormSubmit and delivered by email to SolidStack@outlook.de.

2.9 Donations

Booky may store locally when the app was first launched, how often it has been opened, when a voluntary donation reminder was last shown, and when you last intentionally opened the PayPal donation flow. This is used only to keep the donation reminder rare, unobtrusive, and limited to calm moments when the app is not busy.

On this website, PayPal is opened only when you intentionally tap the donation button. Before that, the donation page does not load PayPal content. The same applies when you start the donation flow from the app.

2.10 In-app purchases

Booky offers optional in-app purchases (e.g. premium themes) via Google Play Billing. Your purchase status is stored locally on your device. Booky itself does not collect any payment or account information — payment processing is handled entirely by Google Play.

2.11 No advertising, no third-party analytics

Booky currently does not use advertising SDKs, third-party analytics, or third-party crash reporting.