Privacy Policy

Introduction

This privacy policy sets out the terms under which InfoBooks.org (hereinafter "InfoBooks," "we," "our") collects, uses, stores, and protects the information of its users (hereinafter "you," "user").

By accessing and using our website, you agree to the practices described in this policy. If you do not agree with these terms, please do not use our site.

InfoBooks reserves the right to modify this privacy policy at any time. Any changes will be posted on this page with an update to the date indicated above. We recommend that you check this page regularly.

Data Controller

The controller of the personal data collected through this site is Network Capitals Group LLC, a limited liability company incorporated in the State of New Mexico, United States, doing business as InfoBooks.org. For the purposes of this policy, references to "InfoBooks," "we," or "our" shall be understood as references to Network Capitals Group LLC.

Controller contact details:

• Legal name: Network Capitals Group LLC
• Corporate website: networkcapitals.com
• U.S. taxpayer identification number (EIN): 35-2872330
• Registered address: 8206 Louisiana Blvd NE, Ste A, Albuquerque, NM 87113, United States
• Contact email: [email protected]
• Site hosting: Cloudflare Pages

Data Collected

InfoBooks does not require account creation to access its content. Some optional features, such as downloading every book on a page in a single ZIP, require signing in with Google. The data collected varies depending on how you interact with our site:

Automatically Collected Data

When you visit our site, the third-party services we use may automatically collect certain technical data:

• IP address (anonymized by Umami Analytics);
• browser type and operating system;
• pages visited and visit duration;
• country of origin of the connection;
• referral source (the site that directed you to InfoBooks).

Voluntarily Provided Data

When you use our contact form, you voluntarily provide us with the following information:

• your name;
• your email address;
• the content of your message.

This information is used exclusively to respond to your inquiry and is not shared with third parties or used for commercial purposes.

Sign-in data with Google

If you choose to sign in with Google to use features that require an account, such as downloading every book on a page in a single ZIP, Google delivers to us the following data through the standard OAuth 2.0 flow:

• your email address;
• your name as it appears on your Google account;
• the public URL of your Google profile picture;
• a unique identifier provided by Google (Google ID).

This information is stored in a secure database operated by Supabase Inc., described in the "Supabase Auth" subsection below, and is used solely to keep you signed in across visits and to deliver the bulk-download feature. We do not request access to your emails, contacts, calendar, or any other Google service.

Newsletter Subscription

InfoBooks operates an email newsletter that delivers daily book recommendations, typically one fiction title and one non-fiction title, to readers who voluntarily subscribe through the form available on the site. This section describes in detail how we process the data of newsletter subscribers.

Data we collect on subscription

When you subscribe to the newsletter you provide us with your email address. We do not collect any other personal data at the time of subscription. We do not ask for your name, your age, your location, or any other additional identifying information.

Legal basis for processing

The processing of your email address for the purpose of sending the newsletter is carried out on the basis of your explicit consent, given by completing the subscription form and agreeing to receive our emails. Under EU and UK General Data Protection Regulation (GDPR) this corresponds to Article 6(1)(a) (consent). For California residents, this constitutes express opt-in consent under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Equivalent consent-based legal bases apply under other data protection laws worldwide.

InfoBooks does not buy, rent, or import email addresses from third-party lists. All addresses on our list come exclusively from individuals who have voluntarily subscribed through the form on this site.

Purpose and frequency

The addresses we collect are used solely to send the book-recommendation newsletter. We typically send one email per day. Occasionally we may send an additional message to inform you about relevant changes to the service, for example a material update to this privacy policy. We do not use your address for third-party advertising, we do not transfer it to third parties for commercial purposes, and we do not use it for any other purpose.

Retention

We retain your email address for as long as you remain subscribed to the newsletter. If you unsubscribe, your address is moved to an internal suppression list that prevents accidental re-sending, and the data associated with your active subscription is deleted. The suppression list is maintained solely to ensure that we do not send you emails again without your consent.

If an address generates permanent bounces, for example because the mailbox has been cancelled, or if the recipient marks the message as spam, that address is automatically removed from sending and recorded in the suppression list.

Right to unsubscribe

You may unsubscribe from the newsletter at any time, without having to give a reason and at no cost. Detailed instructions are provided in the section "How to unsubscribe from the newsletter" below.

Third-Party Services and Data Processing

InfoBooks uses the following third-party services, each with their own data collection practices:

Google AdSense

We use Google AdSense to display advertisements on our site. Google AdSense uses cookies and web beacons to:

• serve ads based on your previous visits to our site and other sites;
• measure the effectiveness of advertising campaigns;
• limit the number of times the same ad is displayed.

Google, as a third-party provider, uses the DART cookie and other cookies to serve ads based on your visits to InfoBooks and other websites. You can opt out of the DART cookie by visiting the Google Ads Settings page.

For more information about Google's privacy practices, see the Google Privacy Policy.

Umami Analytics

We use Umami as our web analytics solution. We operate a self-hosted instance of Umami on a virtual server contracted from Hetzner Online GmbH, physically located in Germany at the Falkenstein data center. This means that analytics data is not transferred to an external SaaS provider: it is processed on infrastructure under our direct control, within the European Economic Area.

Umami is a privacy-friendly alternative with the following characteristics:

• no cookies are used;
• no personally identifiable data is collected;
• IP addresses are anonymized;
• data is aggregated and does not allow identification of individual users;
• fully GDPR compliant without the need for consent.

Amazon Affiliate Program

InfoBooks.org participates in the Amazon Affiliate Program. When you click on a link to Amazon from our site, Amazon may place cookies on your device to:

• track purchases made through our referral links;
• calculate affiliate commissions.

These cookies are managed by Amazon. For more information, see the Amazon Privacy Policy.

Cloudflare

Our site is hosted on Cloudflare Pages. Cloudflare may collect certain technical data for security and performance purposes (DDoS attack protection, network optimization). For more information, see the Cloudflare Privacy Policy.

Ezoic

We use Ezoic, a service provided by Ezoic, Inc. (United States), as an ad-optimization platform. Ezoic operates alongside Google AdSense to deliver advertisements and measure their performance, and for that purpose may set cookies and receive technical data from your browser (IP address, advertising identifiers, page views, ad interactions). Ezoic processes this data on servers located in the United States. The international transfer of personal data is covered by the Standard Contractual Clauses approved by the European Commission.

As part of the Ezoic service we also enable two optional features described in their own subsections below: a Google sign-in prompt (Google One Tap) and an advertising identity module (Ezoic ezID).

For more information, see the Ezoic Privacy Policy.

Supabase Auth (authentication and session)

Account management and sign-in is handled through Supabase, a service operated by Supabase Inc. (United States). When you sign in with Google, Supabase acts as the intermediary between Google and our site: it receives your Google profile data (email, name, profile picture, unique Google ID), creates or updates a record in its database, and returns to your browser an encrypted session cookie that lets us recognize you on future visits.

The session cookie is HttpOnly and Secure (it cannot be read from JavaScript and is never transmitted over unencrypted channels) and remains active until you sign out or until the refresh token expires.

Supabase processes data on servers located in the United States. The international transfer of personal data is covered by the Standard Contractual Clauses approved by the European Commission.

For more information, see the Supabase Privacy Policy.

Google Sign-In (One Tap and OAuth)

Sign-in is provided by Google Sign-In (also known as Google Identity Services), a service operated by Google LLC (United States). On most pages you may see an inline "Sign in with Google" prompt (Google One Tap) asking whether you wish to continue with one of the Google accounts you are already signed into in your browser. The prompt is optional and can be dismissed by clicking the X. If your browser blocks the prompt, the standard OAuth 2.0 redirect flow is offered as a fallback.

If you choose to continue, Google issues a sign-in token containing your email address, your name as it appears on your Google account, the public URL of your Google profile picture, and a unique internal identifier. This token is delivered to Supabase Auth (described in the previous subsection), which creates or updates your account in our database and returns the encrypted session cookie to your browser. We do not request from Google any other permission or access to your emails, contacts, calendar, or other services.

You can revoke at any time the access granted through this sign-in from your Google account at myaccount.google.com/permissions. For more information, see the Google Privacy Policy.

Ezoic ezID (advertising identity)

When you sign in with Google, in addition to creating your account in Supabase as described above, our site shares a derived identifier with Ezoic to associate your visit with your advertising profile across the Ezoic publisher network. The identifier is a cryptographic hash of your email address that does not allow the original email to be reconstructed. Your email is never transmitted in plain text to Ezoic. This mechanism, called Ezoic ezID, is part of the Ezoic service described above and improves the relevance of ads shown to you. You can stop participating at any time by signing out of your account on this site or by revoking access from your Google account.

MailerLite (current newsletter sender)

The newsletter is currently delivered via MailerLite, a service operated by UAB MailerLite (Lithuania, European Union). When we send a newsletter, your email address is transmitted to MailerLite as the recipient of the message. MailerLite also receives delivery metrics (bounces, spam complaints) that we use to keep the list clean. MailerLite processes data on infrastructure located in the European Union and the United States; transfers to the United States take place under the Standard Contractual Clauses approved by the European Commission.

For more information, see the MailerLite Privacy Policy.

Amazon SES (newsletter, infrastructure being deployed)

We are in the process of migrating newsletter delivery to Amazon Simple Email Service, known as Amazon SES, a service of Amazon Web Services, Inc. Once the migration is complete, your email address will be transmitted to Amazon SES as the recipient of the message, and Amazon SES will receive technical metadata associated with delivery (bounces and spam complaints) that we will use to keep the list clean and to prevent sending to invalid addresses or to people who no longer wish to receive our emails.

Amazon SES processes data on servers located in the United States, in the us-east-1 region (Northern Virginia). This involves an international transfer of personal data outside the European Economic Area. The transfer takes place under the Standard Contractual Clauses approved by the European Commission, included in the Amazon Web Services service agreement.

For more information, see the Amazon Web Services Privacy Notice.

Listmonk and hosting of the subscriber list

Once the migration to Amazon SES is complete, the newsletter subscriber list will be managed with Listmonk, a free and open-source software for mailing-list management. Our Listmonk instance is already deployed and runs on a virtual server contracted from Hetzner Online GmbH, physically located in Germany at the Falkenstein data center. Hetzner acts solely as an infrastructure provider: although it has potential technical access to the data stored on the server, it does not use that data for its own purposes and operates under European Economic Area safeguards.

For more information, see the Hetzner Privacy Policy.

Google Workspace (email reception)

Reception of emails sent to [email protected] is handled through Google Workspace, a service of Google LLC. Google Workspace processes data on servers located in the United States. This transfer takes place under the Standard Contractual Clauses approved by the European Commission.

For more information, see the Google Privacy Policy.

Subprocessors

The following table provides a consolidated list of the third parties that act as subprocessors in the processing of your personal data, the purpose of the processing, and the location where it takes place. This list is kept up to date as our providers change; if a change involves an additional international transfer, we will reflect it in this section.

These subprocessors act on behalf of and under the instructions of Network Capitals Group LLC and may not use the data for their own purposes.

Cookies

A cookie is a small text file stored on your computer or mobile device when you visit a website. InfoBooks uses the following cookies:

Note: Umami Analytics does not use any cookies.

Cookie Management

You can control and delete cookies through your browser settings. Please note that disabling certain cookies may affect site functionality. Here's how to manage cookies in major browsers:

• Google Chrome
• Mozilla Firefox
• Safari
• Microsoft Edge

You can also disable Google personalized advertising by visiting the Ad Settings page or by using the Google Analytics opt-out browser add-on available at tools.google.com.

Data Usage

The data collected is used exclusively for the following purposes:

• Traffic analysis: understanding how visitors use our site to improve content and user experience (via Umami Analytics).
• Advertising: displaying relevant ads that help fund the free operation of the site (via Google AdSense).
• Affiliate: tracking purchases made through our Amazon referral links to earn commissions.
• Communication: responding to your messages sent through the contact form.
• Security: protecting the site against threats and abuse (via Cloudflare).
• Authentication and bulk downloads: identifying you across visits so you can download every book on a page in a single ZIP without signing in again.

InfoBooks does not sell, transfer, or distribute your personal information to third parties without your consent, unless required by law.

Sharing Data with Third Parties

To operate the newsletter and the services of the site, we share personal data only with the subprocessors listed in the "Subprocessors" section, and exclusively for the purposes indicated there. These subprocessors act on behalf of and under the instructions of Network Capitals Group LLC and may not use the data for their own purposes.

Beyond those subprocessors, we do not share, sell, or rent your personal information to any third party. In particular, we do not transfer your email address or any other data to third parties for marketing purposes. We do not "sell" or "share" personal information for cross-context behavioral advertising within the meaning of the California Consumer Privacy Act (CCPA/CPRA).

Data Retention

Data collected through the contact form (name, email, message) is retained only for the time necessary to process your request, then deleted.

Data collected by third-party services (Google AdSense, Amazon, Cloudflare) is subject to the retention policies of each respective service.

Aggregated analytics data collected by Umami Analytics does not contain any personally identifiable information and is retained for statistical purposes.

Data associated with your account (email, name, profile picture, unique Google ID) is retained while the account remains active. If you request the deletion of your account, all associated data is permanently removed from the database within 30 days.

Data Security

InfoBooks is committed to ensuring the security of your data. We implement appropriate technical and organizational measures to protect data against unauthorized access, modification, disclosure, or destruction. Our site is served via HTTPS to encrypt communications between your browser and our servers.

However, no method of transmission over the Internet or electronic storage method is completely secure, and we cannot guarantee absolute security.

Your Rights

InfoBooks operates globally and visitors come from many jurisdictions. Depending on where you reside, different privacy laws may grant you the rights described below. We honor these rights for all users to the fullest extent reasonably possible, regardless of their place of residence.

Rights under the EU and UK GDPR

In accordance with Regulation (EU) 2016/679 (EU GDPR) and the United Kingdom General Data Protection Regulation (UK GDPR), you have the following rights:

• Right of access: you have the right to request a copy of the personal data we hold about you.
• Right to rectification: you may request the correction of inaccurate or incomplete personal data.
• Right to erasure: you may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
• Right to restriction of processing: you may request the restriction of processing of your data in certain circumstances.
• Right to object: you have the right to object to the processing of your personal data, particularly regarding direct marketing.
• Right to data portability: you have the right to receive your data in a structured, commonly used, and machine-readable format.
• Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.
• Right to lodge a complaint: you have the right to lodge a complaint with a data protection supervisory authority in your country of residence or place of work.

Rights under the California Consumer Privacy Act (CCPA/CPRA)

If you are a resident of California, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, grants you the following additional rights:

• Right to know: you may request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share that information.
• Right to delete: you may request the deletion of personal information we have collected from you, subject to certain exceptions allowed by law.
• Right to correct: you may request the correction of inaccurate personal information we hold about you.
• Right to opt out of sale or sharing: we do not sell your personal information and we do not share it for cross-context behavioral advertising in the sense of CCPA/CPRA. Should this practice ever change, you will have the right to opt out.
• Right to non-discrimination: we will not discriminate against you for exercising any of your privacy rights.

Other jurisdictions

Residents of other jurisdictions may have additional or comparable rights under their local laws (for example, Quebec's Law 25, Australia's Privacy Act, or similar legislation). To exercise any of the rights described in this section, please contact us at [email protected]. We will respond to your request within the timeframes required by applicable law and, in any event, within 30 days where feasible. Specifically, to delete your account and all data associated with the Google sign-in, please write to [email protected] indicating the email address you signed in with, and we will delete it within 30 days.

How to unsubscribe from the newsletter

You may unsubscribe from the newsletter at any time, immediately and free of charge, through any of the following mechanisms.

Unsubscribe link in every email

Every newsletter email includes, at the bottom, a clearly identified unsubscribe link, typically labeled "unsubscribe." Clicking that link removes your address from the sending list and moves it to the internal suppression list. From that moment on, you will no longer receive the newsletter.

Email request

If for any reason the link above does not work, you can write to [email protected] indicating the email address with which you subscribed and requesting unsubscription. We will process the request within a maximum of 72 hours.

No penalty

Unsubscribing requires no justification and entails no penalty or consequence. You may resubscribe at any time in the future by completing the form on the site again.

Protection of Minors

InfoBooks is not specifically aimed at minors under the age of 16. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal information through the contact form, please contact us at [email protected] so that we can take the necessary measures.

Links to Third-Party Sites

Our site may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly recommend that you review the privacy policy of every site you visit.

InfoBooks has no control over the content, privacy policies, or practices of third-party sites or services and assumes no responsibility in this regard.

Changes to This Policy

InfoBooks reserves the right to update this privacy policy at any time. Any changes will be posted on this page with an update to the "last updated" date at the top of this page.

We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact

For any questions regarding this privacy policy or to exercise your rights, you can contact us:

• Email: [email protected]
• Contact form: Contact page