Back to Bound overview
Policy Document

Bound Privacy Policy

How Bound handles account data, reading stats, analytics, and your rights across Supabase and PostHog.

View Terms

Privacy Policy — Bound

Last updated: 23 December 2025

This Privacy Policy explains how Snowdrop Labs Ltd ("Snowdrop Labs", "we", "us") collects, uses, shares, and protects information in relation to Bound, a React Native/Expo reading tracker. Bound lets users sign up, search books via Open Library, manage their library, track reading stats and goals, view weekly/monthly progress, and share progress. Bound uses Supabase for authentication/data and PostHog for analytics.

1. Who we are & contact

For questions or to exercise your rights, contact our Data Protection Officer:

Anna van Wingerden, Snowdrop Labs Ltd, SPACE4, 113-115 Fonthill Road, London, N4 3HH

annaencodehack@gmail.com

2. Eligibility & scope

Bound is not intended for children under 13 (or under 16 where applicable). Do not use the app if you do not meet this requirement.

3. Information we collect

3.1 Account data

Email address (used for account creation and login), password (hashed), authentication tokens, and basic device/session identifiers created by Supabase.

3.2 User identification

User ID (account identifier) used to associate your data with your account across our services.

3.3 Library & reading activity

Product interaction data including: books added to your library, reading progress, completion dates, shelves/lists, reading sessions, progress percentages, time spent, goals, milestones, notes, timestamps, and sharing preferences.

3.4 App usage & analytics

App usage events including: screen views, button clicks, searches, feature usage events, performance metrics, device model, OS version, app version, IP address, and identifiers generated by PostHog and Supabase. We do not collect precise GPS location.

3.5 Device information

Device ID (for analytics purposes, not linked to personal identity), device model, OS version, and app version.

3.6 Diagnostics

Crash and error logs, and limited technical data needed to troubleshoot issues.

3.7 Support

Information you provide when you contact us (email, screenshots, device details you choose to share).

4. How we use information

  • Account management: Authenticate accounts, secure access, provide and maintain your account, and sync your library/stats across devices.
  • App features: Provide app features including book search (via Open Library), progress tracking, goals, insights, and sharing.
  • Analytics: Understand app usage, improve features, and identify bugs through analytics data collected via PostHog.
  • Operate, maintain, and improve performance, reliability, and user experience.
  • Detect and prevent fraud/abuse, and comply with legal obligations.
  • We do not use third-party advertising networks in Bound.

5. Third-party services

PostHog (EU-hosted)
Supabase

Authentication, database, storage, and security controls.

Open Library

Book search queries and metadata retrieval (no Bound account credentials are sent).

6. Data sharing

  • We do not sell your personal data.
  • Data is shared with PostHog (EU-hosted) for analytics only.
  • Data may be disclosed if required by law or to comply with legal obligations.
  • Service providers and advisors as needed to operate the app or comply with law.

We only share what is necessary to operate Bound or as required by law.

7. Legal bases (EU/UK/EEA)

  • Contract: to provide Bound, sync your library, and maintain your account.
  • Legitimate interests: analytics, service improvement, security, and fraud prevention.
  • Consent: where required for notifications or certain analytics/telemetry features.

8. Data retention

  • Account, library, and reading data: kept while your account is active; deleted when you delete your account, subject to short-term backups that are removed on a rolling basis.
  • Analytics and telemetry (PostHog): retained per provider defaults and then aggregated or deleted. Some anonymized analytics data may be retained for statistical purposes.
  • Crash/diagnostic logs: retained for a limited operational period to debug issues.
  • Support interactions: kept as needed to resolve your request and meet legal obligations.

9. Your rights (GDPR/CCPA compliance)

You have the following rights regarding your personal data:

  • Access your data: Request a copy of your personal data by contacting us at the email address below.
  • Delete your data: Delete your account via app settings (if available) or by emailing us. Deletion requests are handled promptly, typically within 30 days.
  • Opt-out: You can contact us to opt-out of analytics. Note: opting out of analytics may affect app functionality and our ability to improve the service.
  • Data portability: Request your data in a portable format by contacting us at the email address below.
  • Where applicable, you may object to or restrict processing, or withdraw consent for optional features.

10. Data security

  • Encryption in transit (HTTPS/TLS) for all data transmission.
  • Secure storage with Supabase, including encryption at rest.
  • Hashed passwords and role-based access controls.
  • Principle-of-least-privilege access to production data.
  • Reasonable security measures to protect your data from unauthorized access, disclosure, alteration, or destruction.

No method is 100% secure; keep your credentials safe.

11. International transfers

Data may be processed in regions where Supabase and PostHog host services (including outside your country). PostHog services are hosted in the EU at https://eu.i.posthog.com. Where required, we rely on safeguards such as standard contractual clauses.

12. Children's privacy

Bound is not intended for users under 13 (or applicable age in your jurisdiction). We do not knowingly collect data from children.

13. Changes to privacy policy

We may update this policy. Material changes will be posted on this page with a new "Last updated" date. We may also notify users of significant changes via email or through the app. Continued use of Bound after changes means you accept the updated policy.

14. Contact information

For privacy requests, questions, or to exercise your rights, contact our Data Protection Officer:

Anna van Wingerden
Snowdrop Labs Ltd
SPACE4, 113-115 Fonthill Road
London, N4 3HH
United Kingdom

Email: support@bound.app (for privacy requests and general inquiries)

Alternative contact: annaencodehack@gmail.com