Rabbit ReaderRabbit Reader

Privacy Policy

Last updated: February 11, 2026

This Privacy Policy describes how Rabbit Reader ("we," "us," or "our") collects, uses, and shares information when you use our mobile application ("App"). By using the App, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information You Provide

  • Account Information: When you create an account, we collect your email address and password (securely hashed — we never store or have access to your plaintext password).
  • Uploaded Content: Books you import into the App (EPUB and TXT files), including their text content and metadata such as title, author, and word count.
  • Annotations: Bookmarks (with optional labels and color preferences), text highlights (with optional notes), and reading positions you save within books.
  • Preferences: Your reading settings, including words per minute (WPM), reading mode, font family, font size, theme selection, and display preferences.

Information Collected Automatically

  • Reading Statistics: When you read, we automatically record session data including words read, reading duration, average WPM, reading mode used, and start/end timestamps. We also track daily reading activity for streak calculations.
  • Exercise Data: When you complete Eye Gym, Sprint Reader, or other training exercises, we record the exercise type, level, target and actual WPM, quiz accuracy, XP earned, and completion timestamps.
  • Device Identifier: We generate a random unique identifier (UUID) for your device to enable multi-device reading position sync and device limit enforcement. This identifier is not tied to your hardware or advertising identifiers.
  • Timezone Information: We collect your device's timezone and UTC offset (derived from your device clock, not GPS) to accurately track reading streaks in your local time.
  • Subscription Status: We receive subscription status information (active, expired, trial, renewal dates) from our payment processor to determine your feature access level. We do not receive or store your payment card details.

Information We Do Not Collect

We do not collect your precise or coarse location, contacts, photos, camera or microphone input, advertising identifiers (IDFA), browsing history, health or fitness data, financial information, or data from other apps on your device. The App contains no third-party analytics, advertising, or tracking SDKs. We do not track you across other companies' apps or websites.

How We Use Your Information

We use the information we collect for the following purposes, and only these purposes:

  • To provide the App's core functionality, including speed reading tools, eye training exercises, and the public domain book library
  • To sync your reading progress, bookmarks, highlights, settings, and exercise data across your devices (up to 3 devices per account)
  • To calculate and display your reading statistics, streaks, achievements, and progress over time
  • To manage your subscription status and premium feature access
  • To enforce usage limits for free and trial accounts (e.g., daily download limits, file size limits, maximum book count)
  • To respond to your support requests

We do not use your data for profiling, automated decision-making, targeted advertising, or any purpose beyond providing and improving the App's functionality.

Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

  • Performance of a Contract: Processing your account information, uploaded content, annotations, reading statistics, and settings is necessary to provide you with the App's services as described in our Terms of Service.
  • Legitimate Interest: We process device identifiers and timezone information to enforce device limits and ensure accurate streak tracking, which are necessary for the proper functioning of the App. Our legitimate interests do not override your fundamental rights and freedoms.
  • Consent: Where we rely on your consent to process data, you may withdraw your consent at any time by deleting your account or contacting us. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Data Storage & Security

The App uses an offline-first architecture. Your data is stored locally on your device using encrypted storage for authentication tokens (via the iOS Keychain) and standard local storage for other data. When you are signed in, your data is synced to our cloud database hosted on Supabase (with servers located in the United States).

Cloud data is protected by row-level security (RLS) policies that ensure your data is only accessible to your authenticated account. All data in transit is encrypted via HTTPS/TLS. Uploaded book content is stored in a secure storage bucket scoped to your user account. Passwords are securely hashed — we never have access to your plaintext password.

While we implement commercially reasonable security measures, no method of electronic storage or transmission is 100% secure. In the unlikely event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law.

Third-Party Services

We use the following third-party services to operate the App. Each of these services is contractually obligated to protect your data and may only process it for the purposes described below, providing the same or equivalent level of protection as described in this Privacy Policy:

  • Supabase — Authentication, cloud database, and file storage. Supabase stores your account information, reading data, settings, and uploaded book content. Supabase servers are located in the United States. Supabase Privacy Policy
  • RevenueCat — Subscription and in-app purchase management. RevenueCat receives your anonymous user identifier and processes purchase receipts and subscription status. RevenueCat does not receive your email address or personal information beyond what is necessary for subscription management. RevenueCat Privacy Policy
  • Apple App Store — Payment processing for subscriptions and in-app purchases. Apple handles all payment information directly; we never receive or store your payment card details, billing address, or financial information. Apple Privacy Policy
  • Project Gutenberg & Gutendex — Public domain book content and metadata. These services provide freely available books and do not require or receive your personal information.
  • Open Library — Book discovery and cover images. Used to browse and search for books. No personal data is shared with Open Library.

We do not use any third-party analytics, advertising, or crash reporting services. We do not sell, rent, trade, or otherwise share your personal data with third parties for their own marketing or commercial purposes.

Data Retention

We retain your data for as long as your account is active and as needed to provide you with the App's services. Reading statistics and exercise data are kept to provide long-term progress tracking.

If you delete your account, all associated data is permanently removed from our servers within 30 days, including your profile, books, bookmarks, highlights, settings, reading statistics, exercise progress, and uploaded book content. Local data on your device is also cleared at the time of deletion.

If you use the App without an account, all data is stored only on your device and is retained until you uninstall the App or clear the App's data.

Your Rights

Regardless of your location, you have the right to:

  • Access the personal data we hold about you — contact us to request a copy of your data
  • Correct inaccurate or incomplete data — you can update your email and preferences directly in the App
  • Delete your account and all associated data at any time from Settings > Danger Zone in the App, or by contacting us. Account deletion permanently removes all your data from our cloud servers
  • Withdraw Consent — you can stop data collection at any time by signing out (which stops cloud syncing) or deleting your account entirely
  • Use the App Offline — core reading features work without an account, with data stored only on your device

Additional Rights for EEA/UK Users (GDPR)

If you are located in the European Economic Area or the United Kingdom, you additionally have the right to:

  • Data Portability: Request a copy of your personal data in a structured, commonly used, machine-readable format
  • Restriction of Processing: Request that we restrict the processing of your personal data under certain circumstances
  • Object to Processing: Object to our processing of your personal data where we rely on legitimate interests as the legal basis
  • Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully

To exercise any of these rights, contact us at hello@rabbitreaderapp.com. We will respond to your request within 30 days.

Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights:

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your data
  • Right to Delete: You may request deletion of your personal information. You can exercise this right directly from the App (Settings > Danger Zone) or by contacting us
  • Right to Opt-Out of Sale or Sharing: We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising. There is nothing to opt out of
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights. You will not receive different pricing or quality of service for exercising these rights

In the preceding 12 months, we have collected the following categories of personal information: identifiers (email address, device UUID), commercial information (subscription status), and internet or electronic network activity (reading statistics, exercise data). We have not sold any personal information. We have disclosed personal information to our service providers (Supabase, RevenueCat) solely for the business purposes described in this policy.

Children's Privacy

The App is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. Users must be at least 13 years old to create an account. If you are between 13 and 18 years of age, you should review this Privacy Policy with your parent or legal guardian.

If we learn that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at the email below and we will delete the information.

International Data Transfers

Your data is processed and stored on servers located in the United States. If you are accessing the App from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For users in the EEA/UK, we rely on our service providers' compliance frameworks (including Standard Contractual Clauses where applicable) to ensure appropriate safeguards are in place for international data transfers in accordance with the GDPR. By using the App, you consent to the transfer of your information as described in this policy.

Do Not Track Signals

The App does not track users across third-party websites or apps, and therefore does not respond to Do Not Track (DNT) signals. We do not engage in any cross-site or cross-app tracking.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated Privacy Policy within the App and on our website, and updating the "Last updated" date at the top of this page. For significant changes, we may also notify you via email (if you have an account) or through an in-app notification.

Your continued use of the App after changes are posted constitutes your acceptance of the revised policy. If you do not agree to the updated policy, you should stop using the App and delete your account.

Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your data is handled, please contact us at:

Email: hello@rabbitreaderapp.com

Website: https://rabbitreaderapp.com

We aim to respond to all privacy-related inquiries within 30 days.