Privacy Policy

Last updated: March 7, 2026

1. What We Collect

When you create an account and use PlotBunny, we collect:

  • Account information: email address, username, display name, and password (stored as a bcrypt hash — your actual password is never stored)
  • Profile information: bio and avatar URL you choose to add
  • Reading data: books you add to your library, reading status, ratings, and reviews you write
  • Social data: users you follow, book clubs you join or create
  • Usage data: activity timestamps used to generate your reading heatmap and stats

We do not collect payment information, precise location, or browsing history outside of PlotBunny.

2. How We Use Your Information

  • To provide, operate, and improve the PlotBunny service
  • To display your profile, reviews, and activity to other users (subject to your privacy settings)
  • To generate your reading statistics, charts, and heatmaps
  • To send account-related notifications if you have enabled them

We do not sell your personal information. We do not use your data for advertising or share it with data brokers.

3. Third-Party Services

PlotBunny uses the following third-party services:

  • Google Books API: When you search for books, your search query is sent to Google. Google's use of this data is governed by the Google Privacy Policy.
  • MongoDB Atlas: Your data is stored on MongoDB Atlas servers (MongoDB, Inc.), hosted in the United States. MongoDB's privacy practices are described in their Privacy Policy.
  • Vercel: PlotBunny is hosted on Vercel. Web requests pass through Vercel's infrastructure per their Privacy Policy.

4. Data Storage & Security

Your data is stored in MongoDB Atlas in the United States. Passwords are hashed using bcrypt and never stored in plaintext. We use HTTPS for all data in transit. While we take reasonable measures to protect your data, no system is completely secure and we cannot guarantee absolute security.

5. Your Rights & Account Deletion

You have the right to:

  • Access your data through your profile and settings pages
  • Update your profile information at any time in Settings
  • Delete your account — you can permanently delete your account from the Settings page. This removes your profile, reading history, reviews, and all other personal data from our systems.

If you are in the EU/EEA, you may also have rights under GDPR including data portability and the right to lodge a complaint with a supervisory authority.

6. Children's Privacy

PlotBunny is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with their information, please contact us and we will delete it.

7. Cookies & Sessions

We use a single session cookie to keep you logged in (via NextAuth.js). This is a strictly necessary cookie — it is not used for tracking or advertising, and does not require consent under most cookie laws. We do not use analytics cookies or third-party tracking cookies.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the site. Continued use of PlotBunny after changes are posted constitutes acceptance of the updated policy.

9. Contact

Questions about this Privacy Policy? Email us at hello@plotbunny.app.