Privacy Policy
Date of Last Revision: December 20th, 2024
TL;DR: Your privacy is important to us. Our business model has never been to sell data and it never will. Our service collects only basic login information, the content you save, and ordinary error monitoring and product analytics enabling us to build better and better software. You can opt out of marketing emails and export your data anytime from Readwise and Reader.
At Readwise, we care about your personal information, so we have prepared this Privacy Policy to explain how we collect and use it. This Privacy Policy describes the privacy practices of Readwise, Inc. (“Readwise”, “we”, “us”, or “our”) and how we handle personal information that we collect through our mobile application, website and any other sites or services (collectively, the “Services”).
Information we collect
Information you provide to us:
- Account information, such as your first and last name, email address, and phone number.
- Titles, metadata, tags, highlights, and annotations from books and articles which you save to Readwise from Amazon Kindle, Apple iBooks, Instapaper, Pocket, Twitter, subscription newsletters, RSS, email, websites, PDFs, EPUBs, and any other means.
- Third-party integrations. When you connect the Services with a third-party service (e.g. Evernote, Notion, OpenAI, Google Docs), you direct the service to send us your access tokens to authenticate the integration with our Services.
- Feedback or correspondence, such as information you provide when you contact us with questions, feedback, product reviews, or otherwise correspond with us online.
- Marketing information, such as your preferences for receiving communications about our activities and publications, and details about how you engage with our communications.
- Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.
Information we obtain from other sources:
- Payment information. We use a third-party payment processor, Stripe, to process payments for the Services. All personal information related to credit card payments is governed by their privacy policy, which may be viewed at https://stripe.com/legal. Stripe may disclose to us certain information you provide them, including the name, partial payment card number and billing information.
- Social media information. We may maintain pages on social media platforms, such as Twitter, Meta, LinkedIn, and other third-party platforms. When you visit or interact with our pages on those platforms, you or the platforms may provide us with information and we will treat such information in accordance with this Privacy Policy. Please note that the platform provider’s privacy policy will apply to their collection, use and processing of your personal information.
- Third-party login information. When you link, connect, or login to the Services with a third party service (e.g. Amazon or Apple), you direct the service to send us certain information, such as your name and email address.
Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our Services, our communications and other online services, such as:
- Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.
We use the following tools for automatic data collection:
- Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
- Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
- Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
How we use your information
We use personal information for one or more of the following purposes:
- Providing and supporting the Services. We use your personal information to operate, maintain, and provide you with the Services. In particular, we will use your personal information to perform our contractual obligation under our terms of use towards you, such as to:
- Allow you to create an account and use the Services.
- Respond to your requests, provide customer support, contact you in case of any issue with your account, and send you announcements, updates, security alerts, and support and administrative messages.
- Improve, monitor, personalize, and protect our Services and communications. It is in our legitimate business interests to improve and keep our Services safe for our users, which includes:
- Troubleshooting, testing and research and to keep the Services secure.
- Investigating and protecting against fraudulent, harmful, unauthorized, or illegal activity.
- Providing customized Services and communications that may be relevant or of interest to you.
- To send you direct marketing communications. We may send you direct marketing communications as permitted by law, including, but not limited to, sending newsletters, and notifying you of special promotions, offers and events via email and other means. If you choose to subscribe to our marketing communications, we process your personal information based on your consent, which you may withdraw at any time as described in the “Unsubscribe from direct marketing communications” section below.
- To enforce our agreements, to comply with legal obligations and to defend us against legal claims or disputes. We may use your personal information in our legitimate business interests to enforce and comply with our terms and policies, to ensure the integrity of our Services and to defend ourselves against legal claims or disputes. Some processing may also be necessary to comply with a legal obligation, for example to keep records of transactions, or as requested by any judicial process or governmental agency.
How we share your information
Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate our Services (such as customer support, content moderation, hosting, analytics, email delivery, marketing, identity verification, fraud detection, payment processing, and database management).
Google API Services User Data Policy. Readwise’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use Requirements.
Professional advisors. We disclose personal information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.
For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.
Business transfers. In connection with a business transfer such as a corporate divestiture, merger, consolidation, acquisition, reorganization, sale of assets, public offering of securities, or in the event of bankruptcy or dissolution your information will likely be included in the transfer. As part of such a transfer, we will make reasonable efforts to require the recipient to honor this Privacy Policy. Please note that this paragraph does not give us the right (nor do we want the right) to sell your information to a third-party.
Your rights and choices
Unsubscribe from direct marketing communications. You may opt out of marketing-related communications by following the opt out or unsubscribe instructions contained in the marketing communication we send you or by contacting us using the details in the “Contact us” section below.
Information requests. We also offer you choices that affect how we handle the personal information that we control. You may request the following in relation to your personal information:
- Information about how we have collected and used your personal information. We have made this information available to you without having to request it by including it in this Privacy Policy.
- Access to a copy of the personal information that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
- Correction of personal information that is inaccurate or out of date.
- Deletion of personal information that we no longer need to provide the Services or for other lawful purposes.
- Additional rights, such as to object to and request that we restrict our use of your personal information, and where applicable, you may withdraw your consent.
To make a request, please email us or write to us as provided in the “Contact us” section below. We may ask for specific information from you to help us confirm your identity. California residents can empower an “authorized agent” to submit requests on their behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.
Limits on your choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the “Contact us” section below.
Complaints. If you are based in certain jurisdictions, you may lodge a complaint about how we handle your personal information with a supervisory authority, including in your country of residence, place of work, or where you believe an incident took place.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals.To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Google Analytics. We use Google Analytics to help us better understand how people engage with our Site by collecting information and creating reports about how users use our Services. For more information on Google Analytics, click here. For more information about Google’s privacy practices, click here. You can opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
Children’s privacy
Our Services are not intended for use by children under 16 years of age. If we learn that we have collected personal information through the Services from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it. If you are a parent or guardian and you are aware that your Child has provided us with personal information, please contact us as set out in the “Contact us” section below.
International data transfers
Since we are based in the United States, you will provide your data directly to us in the United States. We may transfer your personal information to our affiliates and service providers in the United States and other jurisdictions. Please note that such jurisdictions may not provide the same protections as the data protection laws in your home country.
In these instances, we will ensure that relevant safeguards are in place to afford adequate protection for your personal information and we will comply with applicable data protection laws, in particular by relying on an EU Commission or UK government adequacy decision or on contractual protections for the transfer of your personal information. For more information about how we transfer personal information internationally, please contact us as set out in the “Contact us” section below.
Retention of your information
We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws or until you withdraw your consent (where applicable).
To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we use your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Security practices
We use reasonable organizational, technical, and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration, and destruction of personal information. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information.
Other sites, mobile applications, and services
Our Services may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us.
We do not control third-party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our Services. We may also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through our Services.
Contact us
Readwise is the entity responsible for the processing of your personal information and is the data controller in respect of such processing. If you have any questions or comments about this Privacy Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information, please contact us by email at hello@readwise.io or write to us at Readwise, Inc., 5540 Centerview Drive, Suite 204, Raleigh, NC 27606.
Readwise accepts service of legal process by email to legal@readwise.io from government and law enforcement agencies, provided it is transmitted from the official email address of the requesting agency.
EEA representative contact information
For users in the EEA, we have appointed VeraSafe Ireland Ltd., at Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland as our EU data representative, and VeraSafe United Kingdom Ltd., at 37 Albert Embankment, London SE1 7TL, United Kingdom as our UK data representative. You can contact our EU representative at the address above or alternatively by using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031. You can contact our UK representative at the address above or alternatively by using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.