Privacy Policy

Last updated: May 7, 2026

The Online Reader ("we," "us," or "our") operates the website at theonlinereader.com (the "Service"). This Privacy Policy explains what information we collect when you use the Service, how we use it, who we share it with, and the choices you have. By using the Service you agree to the practices described here.

1. Information We Collect

a. Information you provide

b. Information collected automatically

What we do not collect. Aside from the cookieless Cloudflare Web Analytics beacon described above, we do not run behavioural or session-replay analytics (no Google Analytics, no Mixpanel, no Hotjar, no Plausible, etc.), we do not embed advertising or marketing trackers, and we do not use any cross-site tracking technology.

2. How We Use Your Information

3. Legal Bases for Processing (EU/UK Users)

If you are located in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:

4. Cookies and Local Storage

The Online Reader uses only strictly-necessary cookies and local-storage entries - those required for the Service to function (authentication and login state). Because all cookies in use are strictly necessary, we do not require or collect explicit consent for non-essential cookies, as we do not set any. The full list:

NameTypeExpiryPurpose
auth_tokenHTTP cookie (HttpOnly)7 daysKeeps you signed in after login. Holds your authentication token; cannot be read by JavaScript.
connect.sidHTTP cookie (HttpOnly)Session (cleared on browser close)Used only during the Google sign-in redirect to securely complete the OAuth round-trip.
tor-pending-librarysessionStorageUntil browser tab closesRemembers a rate-this-page action you started before signing in, so you can complete it after login.
tor-cookie-notice-acklocalStoragePersistent (until you clear browser storage)Records that you've seen the cookie notice, so the banner doesn't reappear on every page load.

5. Third-Party Services

We use a small number of third-party services to operate the Service. Each is listed below with the data shared and the provider's role:

6. How We Share Your Information

We do not sell, rent, or trade your personal information. We share it only in the following circumstances:

7. Data Retention

8. Your Rights and Choices

Depending on your location, you may have some or all of the following rights with respect to your personal information:

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Data Security

We protect your data using industry-standard practices: HTTPS for all traffic in transit, JWTs stored in HttpOnly cookies (so they cannot be read by client-side JavaScript), bcrypt-hashed passwords (we never see your password in clear text), rate limiting on authentication endpoints, and access controls on internal services. No system is perfectly secure, however, and we cannot guarantee absolute security.

10. Children's Privacy

You must be at least 13 years old to use the Service. If you live in a country where the age of digital consent is higher than 13 (16 in most EU countries), you must have the consent of a parent or guardian if you are below that age. Age is self-declared at registration; we do not verify it. If you become aware that someone below the applicable age has registered, please contact us and we will remove the account and any associated personal information.

11. International Data Transfers

Our service providers (including MongoDB Atlas, Resend, Google, OpenAI, and Stripe) operate in multiple jurisdictions, which may include the United States, the European Union, the United Kingdom, and elsewhere. By using the Service, you understand that your information may be transferred to and processed in countries other than your own. Where required by law, we rely on appropriate safeguards such as Standard Contractual Clauses.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes that affect your rights, we will provide a more prominent notice (e.g., via email or an in-app announcement). Please review this page periodically.

13. Contact Us

Questions, comments, or requests regarding this Privacy Policy? Email us at [email protected], or use the contact form.

Related