Bookvise
Home
Privacy at Bookvise

Your data, kept simple and safe.

Bookvise exists to help you read with depth and recall with confidence — nothing in our business depends on selling your information. This page explains, in plain language up top and a formal document below, exactly what we collect, why, and how to control it.

Version 1.0 Last updated 4 May 2026 Effective 4 May 2026
A 60-second read

The whole policy, at a glance.

Account & identity

Phone number (for OTP login), the name you choose to display, and an optional email if you provide one.

School profile (optional)

School name, grade, board, and pincode — used to surface relevant books. Skipping this is fine.

Reader preferences

Theme, font family, font size, and layout choices for quizzes and flashcards.

Learning activity

Quiz attempts and answers, flashcard reviews, revision progress, and the books on your shelf.

Session & device

IP address, browser user-agent, last-seen time, and an issued session token — kept to keep you signed in safely.

Cookies

One essential Authorization cookie that holds your sign-in. No advertising or tracking cookies.

The short version: we collect what's needed to log you in, remember your preferences, and show you your own progress. Nothing more.

To sign you in

Your phone number lets us deliver an OTP. The session token lets you stay signed in across devices.

To save your progress

Quiz attempts, flashcard reviews, and shelf items are saved so your study picks up where you left off.

To respect your preferences

We store your reader settings so the theme and layout follow you on every session.

To keep accounts safe

Session metadata (IP, user-agent) helps spot suspicious activity and lets you sign out from a strange device.

What we never do

We do not sell your data, run advertising on Bookvise, or build a profile of you for third parties.

What we may do

Use anonymised, aggregated patterns (e.g. average quiz time) to improve the product. Never tied to you.

Firebase Authentication

Google Firebase verifies the OTP and issues a token. It sees your phone number — nothing about your reading.

Google reCAPTCHA Enterprise

Used on the login page to block bots. It evaluates request signals; we never pass your reading data to it.

Cloud database hosting

Your data lives in a managed MongoDB cluster. The provider stores it on our behalf and cannot use it.

Retention

Account data is kept while your account exists. Sessions auto-expire. Logs roll off in 90 days.

No data brokers

We do not share your data with advertisers, brokers, or analytics companies that build personal profiles.

Legal disclosure

We will disclose data only if required by valid Indian law and only the minimum necessary to comply.

Access & correction

View and edit your name, school details, and reader preferences from your profile at any time.

Deletion

Ask us to delete your account and we will remove your personal data within 30 days, with backups rolling off after that.

Export

Request a copy of your account data in a portable format. We will send it to you within 30 days.

Sign out everywhere

Logging out invalidates your session token. We can revoke all of your active sessions on request.

How to ask

Email privacy@bookvise.net from the address we have on file or your registered phone number.

Response time

We aim to respond to every privacy request within 7 working days and complete it within 30.

The formal document Version 1.0 Last updated 4 May 2026

Bookvise — Privacy Policy. Version 1.0 · Effective and last updated 4 May 2026.

01Overview

This Privacy Policy describes how Bookvise ("Bookvise", "we", "us", "our") collects, uses, stores, shares, and protects information about the people who use our website and applications (the "Service"). Bookvise is a focused workspace for self-learners that pairs structured eBooks with section notes, visual guides, flashcards, quizzes, and timed mock tests.

We have written this policy to be readable. The summary at the top of this page captures the essentials; this section and those that follow are the formal, controlling text. By using Bookvise, you agree to the practices described here.

Scope. This policy covers the Bookvise web application and any features served from bookvise.net and its subdomains. It does not cover third-party sites you may reach by following links from Bookvise.

02Information we collect

We collect only the information needed to provide the Service. The categories below correspond to fields actually stored by Bookvise; we do not maintain hidden profiles.

2.1 Information you provide

  • Phone number. Required for sign-in. Bookvise is currently available for Indian (+91) numbers only.
  • Display name. The name you set during sign-up or in your profile. You can change it any time.
  • Email address. Optional. If you choose to add one, we use it only for privacy and account communications.
  • School profile. Optional fields for school name, grade level, education board, and pincode. Used to suggest relevant books; you can leave them blank or remove them.
  • Reader preferences. Theme, font family, font size, and layout choices for the questions and flashcards views.

2.2 Information generated by your use of the Service

  • Quiz attempts. The quizzes you take, the answers you select, the time spent per question, and the resulting reports.
  • Flashcard reviews. Spaced-repetition data — which cards you have reviewed, your responses, and scheduling state.
  • Revision progress. Items you mark for revision and the progress you make through them.
  • Shelves. The books you save and the structure of your personal shelves.

2.3 Information collected automatically

  • Session metadata. When you sign in, we record an issued-at time, expiry, last-seen time, and a revoked flag for the session.
  • IP address and user-agent. Captured for each session so you (and we) can recognise unusual activity. We do not derive a precise location from your IP; the location field on your session is left blank unless we explicitly enable a coarse-grain lookup in future.
  • Diagnostic logs. Standard server logs — request paths, status codes, error traces — which may incidentally include your IP and user-agent.

2.4 Information from third parties

When you sign in, our identity provider (Google Firebase Authentication) verifies that the OTP delivered to your phone matches and returns a signed token. We receive the verified phone number and the token; we do not receive your contacts, social profiles, or anything else from the provider.

03How we use your information

We use your information for the following purposes, and only these purposes:

  • Operate the Service. Sign you in, keep you signed in, and route you to your books, shelves, quizzes, and flashcards.
  • Save your progress. Persist quiz attempts, flashcard reviews, revision progress, and shelf structure so your study continues across sessions and devices.
  • Personalise your experience. Apply your reader preferences (theme, font, layout) and surface content relevant to your school profile if you have provided one.
  • Protect accounts. Detect and respond to suspicious activity using session metadata and rate signals; protect the login page using reCAPTCHA Enterprise.
  • Improve Bookvise. Analyse aggregated, anonymised usage patterns — for example, average time spent on a question or completion rates of a chapter — to improve content and tools. We do not single you out in any analysis we publish.
  • Communicate with you. Send service messages such as security alerts, policy updates, and responses to your privacy requests. We do not send marketing messages without your consent.

We rely on the following bases under applicable Indian law (including the Digital Personal Data Protection Act, 2023) and, where relevant, comparable laws in other jurisdictions:

  • Performance of the Service. Processing required to deliver Bookvise once you sign up.
  • Consent. For optional fields such as school profile or email, and for any future processing that goes beyond providing the Service.
  • Legitimate interests. Keeping accounts secure, preventing abuse, and improving the Service through aggregated analysis.
  • Legal obligations. Where we must retain or disclose data to comply with valid laws or court orders.

05Sharing and processors

We do not sell your personal information. We share it only with the limited set of service providers ("processors") who help us run Bookvise, and only to the extent each provider needs it.

ProcessorPurposeData shared
Google Firebase AuthenticationPhone-OTP verification and token issuancePhone number, OTP attempt metadata
Google reCAPTCHA EnterpriseBot protection on the sign-in pageRequest signals required by reCAPTCHA
Managed MongoDB hostingStorage of your account, profile, reader settings, and learning activityAll categories described in §2, encrypted at rest
Cloud infrastructure providerHosting the application servers and edge cachingWhatever your browser sends in HTTP requests

Each processor is bound by a written agreement to use your data only on our instructions, to keep it secure, and to return or delete it when our relationship ends.

We may also disclose information when we believe in good faith that disclosure is required by law, to enforce our terms, or to protect the rights, property, or safety of Bookvise, our users, or the public. We will give you notice of any such request unless we are legally prohibited from doing so.

06Retention

  • Account and profile. Retained while your account is active. If you delete your account, we delete or anonymise account and profile data within 30 days, except where we are required to retain it by law.
  • Learning activity. Retained alongside your account so you can return to your progress. Deleted on account deletion.
  • Sessions. Each session expires automatically. Revoked or expired sessions are pruned from our records on a rolling basis.
  • Server logs. Retained for up to 90 days for security and debugging, then deleted or aggregated.
  • Backups. Encrypted backups roll off according to a fixed schedule (typically 30–60 days). Deletions take full effect once backups age out.

07Security

We protect your data with measures appropriate to its sensitivity:

  • Transport. All traffic between your browser and Bookvise is encrypted with HTTPS/TLS.
  • Storage. Data is stored on managed databases with encryption at rest.
  • Authentication. Sessions are bound to a JWT delivered through an Authorization cookie marked HttpOnly, Secure, and SameSite=Strict, so it is not readable by JavaScript and is not sent on cross-site requests.
  • Access controls. Production access is limited to a small set of engineers, audited, and gated by per-person credentials.
  • Bot mitigation. The sign-in page is protected by Google reCAPTCHA Enterprise to discourage automated abuse of phone numbers.

No method of storage or transmission is perfectly secure; we work to keep risks low and to respond quickly if anything goes wrong.

08Your rights and choices

You have the following rights over your personal information. We will honour valid requests free of charge and within 30 days.

  • Access. You can view your name, school profile, and reader preferences in the app, and request a portable copy of your account data.
  • Correction. You can edit your display name, school profile, and reader preferences directly in your profile and settings.
  • Deletion. You can ask us to delete your account and the personal data attached to it.
  • Withdraw consent. Where we rely on consent (e.g. optional fields), you may withdraw it at any time without affecting earlier processing.
  • Object. You can ask us to stop processing your data for a specific legitimate-interest purpose; we will weigh your reasons and respond.
  • Sign out everywhere. Logging out invalidates your current session token; you can request that we revoke all of your active sessions.
  • Complaint. If you are not satisfied with how we have handled a privacy request, you may complain to the relevant data-protection authority in your jurisdiction.

To exercise any of these rights, write to us at privacy@bookvise.net from the email address we have on file, or from the phone number registered with your account.

09Cookies and similar technologies

Bookvise uses a small, fixed set of essential cookies and storage. We do not use advertising or cross-site tracking cookies.

NamePurposeTypeLifetime
AuthorizationHolds your signed session token so you stay logged in.Essential · HttpOnly · Secure · SameSite=StrictSession — cleared on logout or expiry
reCAPTCHA cookies (Google)Set on the sign-in page to evaluate whether the request is human.Essential — securitySet by Google; see the Google Privacy Policy
Local storage (preferences)Caches your reader theme/font choice for an instant first paint.Essential — preferenceUntil cleared from your browser

10Children's privacy

Bookvise is designed for self-learners, including students. If you are under 18, you should use Bookvise only with the involvement of a parent or guardian, and should not provide your phone number, email, or school details without their consent. We do not knowingly collect personal data from children below the age of 13. If you believe a child below that age has provided us with personal data, please contact us and we will delete it.

11Changes to this policy

We may update this policy as Bookvise evolves. When we do, we will:

  • Increment the version number and update the "Last updated" date at the top of this page.
  • Keep an archive of previous versions available on request.
  • Tell you in-app or by email about any change that materially expands what we collect or how we use it, and obtain consent where required.

12Contact us

For privacy questions, requests, or complaints, write to:

We will acknowledge your request within 7 working days and aim to resolve it within 30 days.

End of policy. Bookvise · Version 1.0 · Last updated 4 May 2026.