Arc Reader Back home
Document · 02 · Legal

Privacy Policy.

Arc Reader is an offline-first app. Most of what you do — paste a link, download a chapter, listen to it — never leaves your device. Here is exactly what does, and why.

Effective · 2026.04.23 Version · 1.0 Reading time · ~10 min
On this page
  1. 01Our principles
  2. 02Who is the controller
  3. 03What we collect
  4. 04Why we collect it
  5. 05Legal basis (GDPR)
  6. 06Third-party processors
  7. 07Ads & identifiers
  8. 08Source websites you paste
  9. 09Storage & retention
  10. 10International transfers
  11. 11Security
  12. 12Your rights
  13. 13Children
  14. 14California (CCPA / CPRA)
  15. 15Changes
  16. 16Contact

This Privacy Policy explains how Arc Reader (“we,” “us”) collects, uses, shares, and protects information when you use the Arc Reader mobile applications and related services (the “Service”). It sits alongside our Terms of Service.

01Our principles

Before the legal language, the spirit of the thing:

  1. Local by default. Your library, chapters, highlights, and reading position live on your device. Cloud sync is opt-in.
  2. No account required. You can read for free, forever, without giving us an email.
  3. No behavioural advertising inside the app. The optional rewarded ad on the free tier shows the same video to everyone in a region — we do not profile you.
  4. No selling or sharing of personal data. Ever. Not for money, not for training, not in bulk to anyone.
  5. Minimum necessary. If we can do our job without a piece of data, we don’t collect it.

02Who is the controller

The data controller for personal information processed by the Service is the operator of Arc Reader, reachable at trongthien18@gmail.com. If we appoint a formal Data Protection Officer, we will list them here.

03What we collect

We split what we handle into four buckets:

A · Information you give us directly

  • Email address — if you choose to register or to contact support.
  • Display name — optional, shown only in the app UI.
  • Feedback, bug reports, support correspondence — including attachments you add.
  • URLs you paste. We use them to fetch the requested chapter; we do not retain them server-side beyond what is needed to serve your request.

B · Information your device sends automatically

  • Device & install ID — a random ID issued on first launch so we can give a guest user a persistent library without asking for an email.
  • App version, OS version, device model, language, region — for debugging and compatibility.
  • IP address — seen by our servers and by platform intermediaries when you make a network request. We do not log full IP addresses beyond 30 days, and we do not associate them with a reading profile.
  • Diagnostic events — crashes, non-fatal errors, and anonymous usage counters (e.g. “a batch download was started”). These are aggregated; they do not capture chapter content or URLs.

C · Information generated by your reading

  • Library metadata — the novels you have added: title, author, cover, source domain, chapter list.
  • Progress & highlights — chapter number, scroll position, notes, bookmarks.
  • Listen-mode state — playback speed, voice preference, sleep timer.

These stay on your device unless you enable cloud sync, in which case they are stored in our database under your account and encrypted in transit.

D · Purchase information

  • Subscription status & receipt — provided to us by Apple or Google via RevenueCat. We never see your card number, billing address, or other payment credentials.
  • Coin balance & ledger — for registered users with cloud sync on. For guest users, coins are device-local.

04Why we collect it

DataPurpose
Email & accountAuthenticate you, allow sync across devices, contact you about your account.
Device & install IDIssue a guest session so progress persists without an account.
URLs you pasteFetch the chapter you asked for. Resolve title, author, cover.
Library, progress, highlightsProvide the service; sync when enabled.
Diagnostic events & crash logsFix bugs, improve performance, prevent abuse.
IP address & rate limitsBlock DDoS, scraping, and abusive automation.
Purchase receiptUnlock premium features, honour refunds, prevent fraud.
Feedback & support messagesReply to you and improve the app.

We do not use any of the above to build advertising profiles, to train machine-learning models, or to sell to data brokers.

05Legal basis (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the following legal bases under Article 6 GDPR apply:

  • Contract (Art. 6(1)(b)) — providing the Service you requested: delivering chapters, syncing your library, processing subscriptions.
  • Legitimate interests (Art. 6(1)(f)) — keeping the Service secure, fixing bugs, preventing fraud and abuse. We balance these against your rights.
  • Consent (Art. 6(1)(a)) — where we ask for it, for example for optional rewarded ads or for non-essential analytics if we ever add any.
  • Legal obligation (Art. 6(1)(c)) — responding to valid government or legal requests.

06Third-party processors

We use a small set of service providers to run the app. Each only receives the minimum data needed to do its job, under a contract that restricts further use.

ProviderPurposeData they see
Apple App Store iOS distribution, subscription billing. Your Apple ID, payment method, subscription status. Governed by Apple’s privacy policy.
Google Play Android distribution, subscription billing. Your Google account, payment method, subscription status. Governed by Google’s privacy policy.
RevenueCat Unified receipt validation for iOS & Android subscriptions. Store-issued receipt, user pseudonym, subscription events.
Supabase Backend database & authentication for cloud sync. Your account email, library, progress, highlights — if cloud sync is on.
Cloudflare CDN and DDoS protection in front of our servers. Request IP, request metadata. Payloads are TLS-encrypted.
Sentry Crash and error reporting. Stack traces, OS & app version, breadcrumbs. URLs and chapter text are scrubbed before transmission.
AdMob (Google) Optional rewarded video ads on the free tier. Limited advertising identifier (if you consent), region. Shown only when you tap Watch ad.
Device TTS engines Text-to-speech playback. Chapter text you choose to play. Local processing on your device unless you enable premium cloud voices.

If we add, remove, or swap a processor we will update this table.

07Ads & identifiers

The free tier lets you earn coins by watching a short rewarded video ad. This is opt-in per ad — you choose to watch. Arc Reader never shows interstitial ads, banners, or any form of ad you did not ask to see.

If you grant the App Tracking Transparency prompt on iOS (or the equivalent Advertising ID permission on Android), the ad provider may use a limited advertising identifier to cap frequency and prevent repeat videos. You can revoke this at any time from your device settings. Arc Reader itself does not read, store, or transmit the advertising identifier.

Premium subscribers see no ads at all.

08Source websites you paste

When you paste a URL, your device or our resolver makes a request to that URL, exactly as a web browser would. The source site may observe:

  • the request’s IP address and user-agent string;
  • any cookies previously set by that site (if our in-app browser is used);
  • the page path you requested.

Those sites are not controlled by us and have their own privacy practices. Read their policies if you care — we cannot speak for them.

09Storage & retention

CategoryRetention
Account & library (cloud sync on)Until you delete your account.
Local data on your deviceUntil you delete the app or clear data from Settings.
Diagnostic events (aggregated)180 days.
Crash reports90 days.
Server access logs (IP, path)30 days, then deleted or anonymised.
Purchase receiptsRetained for the life of the subscription plus the period required by tax and consumer-law.
Support tickets24 months, then archived.

Account deletion removes your synced library and highlights within 30 days of the request. Receipts and billing records retained for legal reasons are kept in locked archives and are not used for any operational purpose.

10International transfers

Our infrastructure runs in Singapore and the United States, and our processors operate globally. Where data is transferred out of the EEA, UK, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses or equivalent safeguards, and we assess the destination for adequate protection.

11Security

We apply engineering controls proportionate to the sensitivity of the data:

  • TLS 1.3 everywhere in transit;
  • database encryption at rest;
  • row-level security for cloud-synced user data;
  • least-privilege access for engineers, with audit logging;
  • periodic security review of third-party packages.

No system is perfectly secure. If we become aware of a breach affecting your personal data, we will notify you and the relevant authority within the timeframes required by law.

12Your rights

Depending on where you live, you may have the right to:

  • access the personal data we hold about you;
  • correct it if it is inaccurate or incomplete;
  • delete it, subject to our obligations to keep certain records;
  • port it in a machine-readable format;
  • restrict or object to processing based on legitimate interests;
  • withdraw consent you previously gave, at any time, without affecting prior processing;
  • lodge a complaint with your local data-protection authority.

The fastest way to exercise most of these is inside the app (Settings → Account → Export or Delete). For anything else, email trongthien18@gmail.com and we’ll respond within 30 days.

13Children

Arc Reader is not directed to children under 13, and we do not knowingly collect personal data from them. If you are a parent or guardian and believe your child has provided us personal data, write to trongthien18@gmail.com and we will delete it.

14California (CCPA / CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act as amended by the CPRA:

  • the right to know what personal information we collect, use, and disclose;
  • the right to delete personal information we have collected about you;
  • the right to correct inaccurate personal information;
  • the right to opt out of sale or sharing of personal information. We do not sell or share personal information as those terms are defined by California law.
  • the right to non-discrimination for exercising these rights.

To exercise these rights, contact us at trongthien18@gmail.com. You may designate an authorised agent; we will verify both your identity and the agent’s authorisation before acting.

15Changes

When we make a material change to this policy, we will update the “Effective” date above and, where reasonably possible, notify you in-app or by email at least 14 days before the change applies.

16Contact

Questions, access requests, complaints:

Arc Reader — Privacy
Email — trongthien18@gmail.com

You read a privacy policy. On purpose. We’re a little moved.