Privacy Policy

1. Information we collect

Account information

When you sign up, we collect your email address and the username you choose. Your email is used for authentication and to contact you about your account. We store it securely and never sell it.

Profile information

Any information you add to your profile — display name, bio, avatar — is stored and displayed publicly unless otherwise noted.

Usage data

We track which stories you view and when, in order to maintain view counts and to provide reading progress features. For signed-in users, this is linked to your account. For guests, we use an anonymous session key stored in your browser's local storage.

Technical data

Like most web services, our servers may log IP addresses, browser type, and request timestamps for security and debugging purposes. These logs are retained for a limited period and are not used for advertising.

2. How we use your information

• –To operate and improve the Service
• –To authenticate your account and keep it secure
• –To display your reading progress and view counts
• –To send transactional emails (password reset, account changes)
• –To detect and prevent abuse or policy violations

We do not use your data for behavioral advertising, sell it to data brokers, or share it with third parties except as described in section 3.

3. Information sharing

Service providers

We use Supabase to store and manage data. Supabase acts as a data processor under our instructions. We may also use other service providers for infrastructure, monitoring, and email delivery. These providers are contractually bound to protect your data.

Legal requirements

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of Xofanic, our users, or others.

Business transfers

If Xofanic is acquired or merges with another company, your information may be transferred. We will notify you before any such transfer takes effect.

4. Data retention

We retain your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where retention is required by law. Anonymized, aggregated data (such as total view counts detached from your identity) may be retained indefinitely.

5. Security

We use industry-standard security practices: encrypted data transmission (HTTPS), secure password hashing, and row-level database security policies. No system is perfectly secure. If you suspect a security issue, please report it to support@xofanic.com.

6. Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal data. You can manage most of this directly from your account settings. For requests we cannot fulfill in-product, contact support@xofanic.com. We respond to all requests within 30 days.

See the Personal Data page for a detailed breakdown of what we hold and how to request changes.

7. Cookies and local storage

Xofanic uses session cookies for authentication. We also store an anonymous viewer key in your browser's local storage to deduplicate view counts across page loads. This key is a random UUID with no connection to your identity. You can clear it by clearing your browser's local storage.

We do not use advertising cookies or third-party tracking pixels.

8. Children's privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have done so, we will delete that information promptly.

9. Changes to this policy

We may update this policy from time to time. We will notify registered users of material changes by email before they take effect. The updated date at the top of this page always reflects the most recent revision.

10. Contact

Privacy questions? support@xofanic.com