1. Data controller
The data controller is the owner of myBibliotek. Contact: admin@mybibliotek.com
2. Data collected
We collect the following data:
- Account data: name, email address, SSO provider (Google, Apple, Microsoft)
- Library data: titles, authors, ISBNs, covers, locations, loans
- Technical data: IP address, browser type, access logs
3. Purposes of processing
- Provide and improve the library management service
- Authenticate users
- Send service-related notifications (loans, invitations)
- Ensure the security of the service
4. Marketing communications (opt-in)
myBibliotek does not send any marketing email by default. If you explicitly enable the "Recommendations and new releases" option in your profile, you consent to occasionally receive by email:
- Reading suggestions
- New release announcements
This option is disabled by default. You can disable it at any time from your profile in the app, or by clicking the "Unsubscribe" link at the bottom of every email sent. The date and time of your consent are kept as proof, in accordance with Article 7 of the GDPR.
5. Legal basis
Processing is based on user consent (registration) and contract performance (provision of the service). Marketing communications are based on explicit consent, revocable at any time.
6. Hosting
Data is hosted by IONOS, in data centers located in Europe.
7. Data retention
- Account data: retained until account deletion
- Library data: retained until deleted by the user
- Technical logs: 12 months maximum
- Backups: 7-day rolling window
8. Data sharing
Your data is never sold. It is shared only with:
- Members of your shared libraries (library data only)
- SSO identity providers (Google, Apple, Microsoft) for authentication
- IONOS for hosting and backups
- Google Books API, OpenLibrary and BnF (Bibliothèque nationale de France) for bibliographic metadata (title, author, cover) — no personal data transmitted
- Cloudflare for network protection and content delivery (CDN)
9. Cookies
myBibliotek uses only technical cookies essential to the operation of the service (session, language preferences). No advertising or tracking cookies are used.
10. Your rights (GDPR)
Under the General Data Protection Regulation, you have the following rights:
- Access: obtain a copy of your data (export available in the app)
- Rectification: modify your information from your profile
- Erasure: delete your account and all your data
- Portability: export your data in standard format (XLSX/CSV)
- Objection: object to the processing of your data
To exercise these rights, contact us at admin@mybibliotek.com
11. Security
We implement technical and organizational measures to protect your data:
- Personal data encryption: your name and email address are encrypted (AES-256) in the database. Even in the event of unauthorized access to the database, this data remains unreadable.
- Encryption in transit: all communications are protected by HTTPS (TLS).
- Secure authentication: signed JWT tokens, passwords hashed with bcrypt.
- Encrypted backups: automatic daily backups, stored securely.
- Restricted access: server access limited by SSH key, no public access to the database.
12. Complaints
If you believe your rights are not being respected, you may file a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés): www.cnil.fr