Privacy Policy

1. Introduction

This Privacy Policy describes how ReadWith (“we”, “us”, or “our”) collects, uses, discloses, and protects personal information in connection with the ReadWith service available at readwith.app (the “Service”).

ReadWith is operated by Pascal Laliberté, operating as ReadWith, and any successor entity that may assume operation of the Service. ReadWith is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario privacy law.

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account registration information, including your name and email address.
• Notes and reading metadata you create within the Service.
• Book lists, reading progress, and reading goals.
• Communications you send to ReadWith, including abuse reports.

2.2 Information Generated Through Use

• Group membership and sharing activity (which groups you belong to, which notes you have shared and with whom, via reference only).
• Reading activity patterns, including which books you are tracking and progress indicators.
• Account preferences and settings.
• Log data, including IP address, browser type, pages visited, and timestamps, collected automatically when you access the Service.

2.3 Payment Information

If you subscribe as an Organizer, payment is processed through Stripe. ReadWith does not collect or store payment card data. Stripe’s collection and use of payment information is governed by Stripe’s Privacy Policy.

2.4 Information from Invitations

If you create an account through an Organizer’s invitation, your onboarding experience may reference the Reading Group or book associated with that invitation. The fact of your invitation is associated with your account. The content of any Organizer-customized invitation communications is the responsibility of the Organizer.

3. How We Use Your Information

We use the information we collect to:

• Create and maintain your account.
• Provide, operate, and improve the Service.
• Send transactional communications, including account confirmation, group invitations, and service notifications.
• Respond to abuse reports and enforce our Terms of Service.
• Comply with legal obligations.
• Derive anonymized or aggregated datasets as described in Section 7.

We do not use your information for advertising purposes. ReadWith does not serve advertisements and does not share your personal information with advertisers.

4. Note Encryption and Access

4.1 Encryption at Rest

Notes are encrypted at rest at the database level using a key controlled by ReadWith. This protects your notes from unauthorized access in the event of a database breach or unauthorized server access.

This is application-level encryption: ReadWith is technically capable of decrypting note content. This is not end-to-end encryption. ReadWith does not represent that notes are unreadable by ReadWith.

No secondary search index or copy of note content is maintained outside the primary database. Full-text search of notes is not currently available as a feature.

4.2 Conditions for Access

ReadWith will access encrypted note content only when at least one of the following conditions is met:

• A report has been submitted through the designated abuse reporting mechanism, and ReadWith has independently determined that review is warranted; or
• A support request has been submitted by the user, and access is necessary to investigate or resolve the reported issue.

In all cases, each instance of access is logged with a stated reason and a reference to the associated report or support request (such as a link to the support conversation).

ReadWith will not access note content for commercial purposes, product development, AI training, or any purpose other than those described in this Policy.

4.3 Access Logging

All instances of staff access to encrypted note content are logged, including the stated reason for access. These logs are retained for 24 months.

5. How We Share Your Information

5.1 Within the Service

Notes and reading data you share with a Reading Group or Club are made accessible to members of that group or club by reference. No copies are made. You control what you share and with whom through your group membership settings and sharing toggles.

5.2 Service Providers

We share personal information with third-party service providers who assist us in operating the Service. These providers are authorized to use your information only as necessary to provide services to us. Current service providers include:

• Heroku (Salesforce): cloud hosting and infrastructure. Data is hosted on servers that may be located in the United States.
• MailerSend: transactional email delivery. Receives your email address and the content of emails sent to you by the Service. MailerSend is based in the European Union.
• Honeybadger: application error tracking. May incidentally receive usage context data included in error reports. ReadWith configures error reporting to filter sensitive user data from error reports.
• Stripe: payment processing for Organizer subscriptions. Governed by Stripe’s own Privacy Policy.

5.3 Data Outside Canada

Your personal information may be transferred to and processed in countries other than Canada, including the United States and European Union member states, where our service providers operate. These countries may have privacy laws that differ from those in Canada. By using the Service, you consent to this transfer. Foreign authorities may have the ability to access your data under their own laws.

5.4 Third-Party AI Providers

ReadWith may engage third-party large language model or AI service providers to process certain non-note content, including table of contents data and reading progress information, for the purpose of generating features such as proposed reading timelines or content analysis.

ReadWith will not transmit encrypted note content to third-party AI providers without a prior update to this Privacy Policy and, where required, user consent. Data transmitted to AI providers is subject to those providers’ own data retention and processing terms.

5.5 Business Transfers

If ReadWith is involved in a merger, acquisition, restructuring, or sale of assets, your personal information may be transferred to the acquiring entity as part of that transaction. We will notify you by email or prominent notice within the Service before your information is transferred and becomes subject to a different privacy policy.

5.6 Legal Requirements

We may disclose your personal information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect the rights or safety of ReadWith, our users, or others.

5.7 What We Will Never Do

ReadWith will never:

• Sell your notes or the content of your notes to any third party.
• Share your personal information with advertisers.
• Use your note content for AI model training without a prior update to this Privacy Policy and your explicit consent.

6. Data Retention

We retain your personal information for as long as your account is active or as necessary to provide the Service.

Upon account deletion:

• Your notes, reading data, and account information are removed from active systems immediately.
• Encrypted database backups may retain your data for up to 30 days as part of routine backup procedures, after which they are permanently purged.
• Deleted notes are removed from group access immediately. ReadWith may retain a copy of deleted note content for up to 30 days to facilitate recovery in the event of accidental deletion. Recovered content is accessible only to the note’s owner.

Access logs as described in Section 4.3 are retained for 24 months regardless of account status.

Payment records are retained as required by applicable tax and financial regulations.

7. Derived and Aggregated Data

ReadWith may derive aggregated or anonymized datasets from user activity, including book edition metadata, table of contents structures, and colloquial book identifiers (“Derived Data”). This Derived Data may be used internally to improve the Service or licensed to third parties.

Derived Data will be anonymized or aggregated in a manner that does not identify individual users before any external use or transfer. Derived Data derived from your activity may be traced back to your account at the point of collection, but will not be transferred or sold in a form that identifies you.

8. Your Rights Under PIPEDA

As a Canadian resident, you have the following rights with respect to your personal information:

• Right to access: you may request a copy of a personal information we hold about you.
• Right to correction: you may request that we correct inaccurate or incomplete personal information.
• Right to withdraw consent: you may withdraw consent to certain uses of your personal information, subject to legal or contractual restrictions. Withdrawal of consent may affect your ability to use the Service.
• Right to file a complaint: you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) if you believe we have not handled your personal information appropriately.

To exercise any of these rights, please contact us at frontdesk@readwith.app. We will respond within 30 days.

9. Minors

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly.

10. Security

ReadWith implements technical and organizational measures designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include database-level encryption of note content and filtering of sensitive data from error tracking reports.

No method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

11. Third-Party Services and Links

The Service may reference or link to third-party book databases or services via identifiers. ReadWith does not currently store third-party book metadata beyond such identifiers. Third-party services are governed by their own privacy policies, and ReadWith is not responsible for their practices.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by prominent notice within the Service at least 30 days before the changes take effect. Material changes include, but are not limited to:

• New categories of personal information collected.
• New categories of third-party data processing not previously disclosed.
• Changes to note encryption or access practices.
• Introduction of AI processing of note content.
• Introduction of a search index or secondary data store for note content.
• New uses of Derived Data.

Replacing an existing service provider with another performing the same function (such as changing hosting or email providers) will be reflected in an updated policy but does not constitute a material change requiring advance notice or re-acceptance.

Continued use of the Service after the effective date of any update constitutes acceptance of the revised Policy.

13. Contact and Privacy Complaints

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact:

ReadWith
204-78 George Street
Ottawa, Ontario K1N 5W1
frontdesk@readwith.app

We will acknowledge your inquiry within 5 business days and provide a substantive response within 30 days.

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or 1-800-282-1376.

Last updated June 9, 2026 - Version 2026-1
Pascal Laliberté, operating as ReadWith