Privacy Policy
Last updated: June 17, 2026
This Privacy Policy explains how Sideways Lab ("we", "us", or "our") collects, uses, shares, and protects information when you use ChapterUp, our gamified reading app for iOS and Android. It supplements our general Sideways Lab Privacy Policy; where the two differ, this ChapterUp policy governs the app.
1. Information We Collect
We collect only what we need to run ChapterUp. Most data is tied to your account; some is processed by the service providers listed in section 3.
Account information
- Your email address (required to create an account).
- Optional profile details you choose to add: username, display name, and avatar.
- Your date of birth, if you choose to provide it. We use it only to determine whether you are under 13 and to apply the protections described in section 5.
- Preferences such as time zone, reading speed, and daily/weekly/monthly goals.
Reading activity
- Books you add and their status (want to read, reading, finished, did not finish).
- Reading sessions: time spent, pages read, dates, and optional mood and environment tags.
- Streaks, daily progress, experience points (XP), levels, achievements, and quests.
Content you create
- Book reviews and ratings, reading notes, highlights, and quotes.
- Book-club discussion posts and book recommendations (including any message you add).
- Custom bookshelf names and descriptions.
You control the visibility of your reviews (public, friends only, or private). Some content, such as public reviews and book-club posts, is visible to other users.
Social connections
- Friend relationships you create and the book clubs you join or create.
- Your standing on friends-only weekly and monthly leaderboards.
Purchases
ChapterUp lets you buy "Runes" (an in-app currency) with real money. When you do, we keep a record of the transaction — the store, product, transaction identifier, price, and Runes credited. Payment itself is handled by Apple, Google, and our payments provider RevenueCat; we never receive or store your card details.
Device and advertising data
- When ads are shown, our advertising provider (Google AdMob) may access your device's advertising identifier, approximate location (derived from your IP address), and device information to deliver and measure ads.
- RevenueCat may use the advertising identifier to manage and restore your purchases.
- We use Sentry to capture crash and error reports so we can fix bugs. We configure Sentry not to send personal information and strip network-request details from these reports.
Camera and book search
If you scan a book's barcode, the camera image is processed on your device to read the ISBN — the image is not stored or transmitted. When you search for books, your search terms are sent to book-data providers (Google Books and Open Library) to return results; we do not store your search history on our servers.
2. How We Use Your Information
- To provide your library and sync your reading progress across devices.
- To power gamification — streaks, XP, achievements, quests, and leaderboards.
- To enable the social features you choose to use.
- To process and validate in-app purchases.
- To show and measure ads (never to users identified as under 13).
- To diagnose crashes and improve the app.
- To enforce age-based restrictions and keep the service safe.
- To send you service messages, such as password resets.
We do not sell your personal information for money. We do share advertising identifiers with our advertising provider to show personalised ads, which some US state privacy laws treat as a "sale" or "share" of personal information — see "Your US Privacy Choices" below.
3. Third Parties & Service Providers
We share data only with providers that help us operate ChapterUp:
- Supabase — our backend, authentication, and database host. Your account data is stored on Supabase infrastructure located in the European Union.
- Apple App Store, Google Play, and RevenueCat — process and validate in-app purchases.
- Google AdMob — serves ads (not shown to users under 13).
- Sentry — crash and error diagnostics, configured to exclude personal data.
- Google Books and Open Library — provide book metadata and search results.
These providers process data under their own privacy policies and our agreements with them. We do not share your information with third parties for their own marketing.
4. Advertising
ChapterUp shows interstitial and rewarded ads through Google AdMob; rewarded ads can grant Runes. Ads are not shown to users identified as under 13, and we do not collect an advertising identifier for them. On iOS, we ask your permission before using your advertising identifier (App Tracking Transparency). You can reset or limit your advertising identifier, and opt out of personalised ads, in your device settings.
5. Children's Privacy
ChapterUp is intended for a general audience and is not directed primarily at children. When a user indicates (via date of birth) that they are under 13, we apply additional protections:
- their profile is set to private and cannot be made public;
- they cannot add friends, join or create book clubs, post reviews or discussions, or appear on social leaderboards;
- they cannot make in-app purchases;
- they are not shown personalised ads and we do not collect an advertising identifier for them;
- crash diagnostics are collected without personal information.
We do not knowingly collect personal information from children under 13 beyond what is needed to provide this restricted experience and to comply with law. Age is self-reported. If you are a parent or guardian and believe your child has provided information without your consent, contact us at [email protected] and we will delete it. We handle children's data consistent with the Children's Online Privacy Protection Act (COPPA) in the US and the General Data Protection Regulation (GDPR) in the EU/EEA. The GDPR's age of digital consent varies by country (between 13 and 16); where a user is below that age, applicable law may require verifiable parental consent.
6. Data Storage, Security & Location
Your account data is stored on Supabase infrastructure in the European Union. Because book and advertising providers operate globally, some data — for example, searches sent to Google Books or Open Library, and ad or purchase processing — may be handled in other countries, including outside the EU/EEA. Where required, such transfers rely on appropriate safeguards.
Data is encrypted in transit using TLS and at rest. The app's on-device database is encrypted with SQLCipher (AES-256). No method of transmission or storage is completely secure, but we take reasonable technical and organisational measures to protect your information.
7. Data Retention & Deletion
- We keep your account data for as long as your account is active.
- You can permanently delete your account and all associated data at any time from Settings → Delete Account in the app. This removes your profile, reading data, content, social connections, and purchase records from our servers and clears the app's local data on your device.
- Social activity items (such as "finished a book") are removed from friends' feeds after about 90 days.
- Backup copies held by our hosting provider may persist for a limited period before being overwritten.
8. Your Rights & Choices
Depending on where you live — including the EU/EEA and the UK under the GDPR — you may have rights to access, correct, delete, export, or restrict the processing of your personal data, and to object to certain processing. You can exercise many of these directly in the app: edit your profile, control review visibility, and delete your account. For anything else, contact us at [email protected]. You can control ad tracking through your device settings.
9. Your US Privacy Choices (Do Not Sell or Share)
ChapterUp shows personalised ads, which involves sharing advertising identifiers with our advertising provider (Google AdMob). Under some US state privacy laws — including the California Consumer Privacy Act, as amended by the CPRA — this may be considered a "sale" or "share" of personal information. We do not exchange your personal information for money.
You can opt out of this sharing at any time:
- On Android, reset or delete your advertising ID, or turn off ad personalisation, in your device settings.
- On iOS, decline tracking when prompted (App Tracking Transparency), or turn it off in Settings.
Users identified as under 13 are never shown personalised ads, and we do not collect an advertising identifier for them.
10. Changes to This Policy
We may update this policy as ChapterUp evolves. We will revise the "Last updated" date above and, for material changes, provide notice within the app.
11. Contact Us
Questions about this policy or your data? Email [email protected].