WormReads

Introduction

Welcome to WormReads ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

Information We Collect

Personal Information

When you register and use our services, we collect:

Account Information: Username, email address, display name
Authentication Data: Password (hashed using Argon2) or OAuth credentials when using Google Sign-In
Profile Information: Bio, profile picture, banner image
Social Media Links: YouTube, Facebook, Instagram, TikTok, Twitter, Discord, Medium, Substack profiles
Contact Information: Email address for communications and account verification

Content You Create

When you create content on our platform, we store:

Articles: Title, content, excerpt, cover images, publication status
Ebooks: Title, description, cover images, file URLs, pricing information
Comics: Title, description, cover images, comic pages, publication status
Comments: All comments and replies you post on content
Tags and Categories: Topics and keywords associated with your content

User Activity Data

We collect information about your interactions with our platform:

Engagement: Likes, bookmarks, comments, follows
Bookmark Lists: Your saved content and custom lists
Reading Preferences: Theme preferences, followed tags, followed categories
Notifications: Interactions that trigger notifications (likes, comments, follows)

Technical Information

We automatically collect certain technical data:

Session Data: Session tokens for authentication
IP Addresses: Used for rate limiting and security purposes
Device Information: Browser type, operating system (through user agent)
Usage Patterns: Time stamps, feature usage

Third-Party Data

When you use Google Sign-In, we receive:

Your Google account email address
Your Google profile name
Your Google profile picture

How We Use Your Information

Service Provision

Create and manage your account
Authenticate your identity
Enable content creation and publishing
Facilitate social interactions (follows, likes, comments)
Deliver personalized content recommendations
Provide notifications for activities

Communication

Send email verification links
Deliver password reset emails
Share system announcements and important updates
Provide customer support when requested

Security and Safety

Protect against fraud, abuse, and security threats
Enforce rate limiting to prevent system abuse
Investigate and respond to reports of harmful content
Comply with legal obligations

Platform Improvement

Analyze usage patterns to improve our services
Test new features and functionality
Debug technical issues

How We Share Your Information

Public Information

The following information is publicly visible on your profile:

Username and display name
Profile picture and banner
Bio and social media links
All published content (articles, ebooks, comics)
Public comments and replies
Follower and following counts

Service Providers

We work with third-party service providers who help us operate our platform:

AWS SES (Simple Email Service): For sending transactional emails
Google OAuth: For authentication services
Unsplash: For image resources
Google Fonts: For typography
Database Hosting: PostgreSQL for data storage
Redis: For caching and rate limiting

Legal Requirements

We may disclose your information if required by law or to:

Comply with legal processes, subpoenas, or government requests
Enforce our Terms of Service
Protect our rights, privacy, safety, or property
Prevent or address fraud, security, or technical issues

What We Do NOT Share

We do not sell your personal information to third parties
We do not share your email address with advertisers
We do not share your password or authentication tokens
We do not share your bookmark lists with others

Data Security

We implement industry-standard security measures to protect your personal information:

Password Security: All passwords are hashed using Argon2, a state-of-the-art cryptographic hashing algorithm
Encrypted Connections: We use HTTPS/TLS encryption for all data transmission
Session Security: Secure session token management through NextAuth
Rate Limiting: Protection against brute-force attacks and abuse
Origin Validation: Same-origin checks to prevent CSRF attacks
Access Controls: Role-based access control for administrative functions
Data Isolation: User data is isolated through foreign key relationships

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

Data Retention

We retain your personal information for as long as necessary to provide our services:

Account Data: Retained until you delete your account
Content: Published content is retained indefinitely unless deleted
Comments: Retained until deleted by you or as part of content removal
Verification Tokens: Expire after 24 hours (email verification) or 1 hour (password reset)
Session Data: Deleted when sessions expire or you log out
Rate Limit Data: Automatically purged after the rate limit window expires

Your Rights and Choices

Access and Update

View and update your profile information
Manage your content and publications
Control your notification preferences
Review and delete your comments

Privacy Controls

Block users to prevent unwanted interactions
Manage who can follow you
Control cookie preferences through our cookie banner

Account Management

Change your password at any time
Disconnect your Google account
Request account deletion

GDPR Rights

If you are located in the European Economic Area (EEA), you have additional rights:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a structured format
Right to Object: Object to processing of your personal data
Right to Withdraw Consent: Revoke consent where we rely on consent

To exercise these rights, please contact us through your account settings or our customer support channels.

Children's Privacy

Our platform is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our services, you consent to the transfer of your information to these countries.

Third-Party Links

Our platform may contain links to third-party websites or services. This privacy policy does not apply to external websites. We encourage you to review the privacy policies of any third-party services you access.

Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "Last updated" date. You are advised to review this privacy policy periodically for any changes.

Contact Us

If you have any questions about this privacy policy or our data practices, please contact us through our account page.