Privacy Policy

1.1 Information You Provide

• Readwise API Token: Your personal API token from Readwise.io, stored locally using hardware-backed encryption (AES-256-GCM via Android KeyStore).
• Widget Configuration: Your widget display preferences (font size, max lines, colors) stored locally on your device.

1.2 Information Automatically Collected

• Book Highlights: Text highlights and metadata synced from your Readwise account via their API.
• Book Cover Images: Public CDN URLs for book cover images (loaded from third-party CDNs like images-na.ssl-images-amazon.com).

1.3 Information We Do NOT Collect

• No analytics or tracking data
• No advertising identifiers
• No device fingerprinting
• No location data
• No contact information (unless you email us)

We use the information we collect solely for the following purposes:

• Display Highlights: Show your Readwise highlights on your Android home screen widget.
• Sync Data: Periodically fetch new highlights from Readwise API to keep your widget up-to-date.
• Local Caching: Store highlights locally for offline access and performance optimization (7-day automatic deletion).

We do not:

• Share your data with third parties (except Readwise API as required)
• Use your data for advertising or marketing
• Sell or monetize your personal information
• Track your behavior or analytics

3.1 Local Storage

All data is stored exclusively on your Android device:

• API Token: Encrypted using Android KeyStore with AES-256-GCM (EncryptedSharedPreferences)
• Highlights Database: Room database with SQLCipher encryption (locally on device)
• Widget Settings: Android SharedPreferences (locally on device)

3.2 Security Measures

• Hardware-backed encryption (Android KeyStore)
• HTTPS-only communication with Readwise API
• No plaintext storage of sensitive data
• Certificate pinning for API requests

3.3 Data Retention

• Highlights: Automatically deleted after 7 days (configurable in future versions)
• API Token: Stored until you log out or uninstall app
• Widget Settings: Deleted when widget is removed

4.1 Readwise API

• Purpose: Fetch your book highlights
• Data Shared: Your API token (via HTTPS)
• Privacy Policy: https://readwise.io/privacy

4.2 Book Cover CDNs

• Purpose: Display book cover images in widget
• Data Shared: Public CDN requests (no personal data)
• Examples: images-na.ssl-images-amazon.com, etc.

4.3 No Other Third Parties

We do not integrate with:

• Analytics services (Google Analytics, Firebase, etc.)
• Advertising networks
• Social media platforms
• Crash reporting services

If you are located in the European Union, you have the following rights:

• Right to Access: Request a copy of your data (stored locally on your device - use Android backup tools).
• Right to Deletion: Delete your data by uninstalling the app or clearing app data in Android Settings.
• Right to Rectification: Modify your data by updating widget settings or re-syncing from Readwise.
• Right to Portability: Export your data using Android backup/export features.
• Right to Object: Stop data processing by logging out or uninstalling the app.

Legal Basis: Consent (you provide your API token voluntarily)

If you are a California resident, you have the following rights:

• Right to Know: Request information about data collection (see Section 1).
• Right to Delete: Request deletion of your data (uninstall app or clear app data).
• Right to Opt-Out: We do not sell your personal information, so no opt-out needed.
• Right to Non-Discrimination: We do not discriminate against users who exercise their privacy rights.

Note: We do not sell personal information.

ReadwiseWidget is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

8.1 We Do Not Share Your Data

We do not share, sell, rent, or trade your personal information with third parties for marketing purposes.

8.2 Legal Requirements

We may disclose your information if required by law, such as:

• Court orders or subpoenas
• Government investigations
• Protection of our legal rights

Note: Since all data is stored locally on your device, we have no access to your data unless you provide it to us directly.

All data is stored locally on your Android device. The only international data transfer occurs when:

• You sync highlights from Readwise API (HTTPS encrypted)
• Readwise servers may be located in the United States

Safeguards: HTTPS encryption, no third-party data sharing

We do not use cookies, tracking pixels, or analytics.

• No advertising cookies
• No analytics trackers (Google Analytics, etc.)
• No social media pixels
• No fingerprinting techniques

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Updating the "Last Updated" date at the top of this policy
• Displaying a notice in the app (for significant changes)
• Posting updates to this webpage

Your continued use of the app after changes constitutes acceptance of the updated policy.

In the unlikely event of a data breach affecting your personal information, we will:

• Notify affected users within 72 hours (GDPR requirement)
• Provide details of the breach and affected data
• Outline steps to mitigate harm
• Report to relevant authorities if required

Note: Since data is stored locally on your device, breaches are unlikely unless your device is compromised.

We process your personal information based on the following legal grounds:

• Consent: You provide your Readwise API token voluntarily
• Legitimate Interest: Providing widget functionality you requested
• Contractual Necessity: Fulfilling our service to display your highlights

For privacy-related inquiries, please contact: