Privacy Policy
Effective Date: 4/18/26 Last Updated: 4/18/26
This Privacy Policy explains how Compread ("Compread," "we," "us," or "our"), operated by Compread, collects, uses, discloses, and protects information when you use the Compread website, web application, and related services (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this Policy. This Policy is incorporated into and forms part of our Terms of Service.
1. Summary (Quick Read)
We built Compread to help you study — not to turn your studying into data anyone else can see. In plain terms:
- Your study content stays private to your Account. We do not share, sell, publish, or display the passages, Modules, or notes you create to other Users, the public, or third-party buyers.
- We do not use your Content to train AI/ML models — ours or anyone else's.
- We do not sell your personal information.
- We do not run third-party advertising inside the Service.
- We collect the minimum information needed to run the Service, keep it secure, and bill you if you have a paid subscription.
The rest of this Policy explains the details.
2. Information We Collect
2.1 Information You Provide
- Account information: name or username, email address, and password (stored as a salted hash). Optionally, profile details you choose to add.
- Payment information (if you purchase Paid Features): payment card details are collected and processed by our third-party payment processor (Stripe). Compread does not store ANY payment information on its servers.
- User Content: the passages, Modules, notes, annotations, tags, and similar study materials you create, upload, or store on the Service.
- Communications: messages you send to our support or feedback channels, including attachments.
2.2 Information Collected Automatically
When you use the Service, we and our service providers automatically collect certain technical data:
- Device and browser data: IP address, browser type and version, operating system, device type, screen size, language preference, and time zone.
- Usage data: pages and features accessed, timestamps, session duration, referring URLs, and diagnostic event logs (e.g., errors, crashes).
- Cookies and similar technologies: see Section 7 below.
2.3 Information from Third Parties
If you sign up or log in using a third-party identity provider (e.g., Google) we receive basic profile information (name, email, unique identifier) from that provider consistent with the permissions you grant at login.
2.4 We Do Not Knowingly Collect
- Sensitive categories of personal data (e.g., health, biometric, precise geolocation, government IDs). Do not submit such information as Content.
- Children's data. See Section 9 (Children's Privacy).
3. How We Use Information
We use the information we collect only for the following purposes:
- To provide the Service — authenticate you, render your Modules in ModuleView, save your progress, and deliver features you request.
- To maintain and improve the Service — diagnose technical problems, prevent abuse, monitor uptime and performance, and develop new features.
- To communicate with you — send transactional emails (account confirmations, password resets, billing receipts, important policy changes) and respond to your support requests.
- To process payments — through our payment processor, for Users who purchase Paid Features.
- To protect the Service — detect, investigate, and prevent fraudulent, abusive, or illegal activity, and enforce our Terms of Service.
- To comply with legal obligations — respond to lawful requests from public authorities, meet tax and accounting requirements, and defend our legal rights.
We do not:
- Use your User Content to train, fine-tune, or evaluate any machine-learning model.
- Sell, rent, or lease your personal information or Content to third parties.
- Share your Content with other Users or with advertisers.
- Build advertising profiles about you.
4. Legal Bases for Processing (EEA / UK Users)
If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data on the following legal bases under the GDPR / UK GDPR:
- Performance of a contract — to provide the Service you have signed up for (Art. 6(1)(b)).
- Legitimate interests — to secure the Service, prevent abuse, and improve features, where such interests are not overridden by your rights (Art. 6(1)(f)).
- Consent — where we rely on your consent, such as for certain cookies; you may withdraw consent at any time (Art. 6(1)(a)).
- Legal obligation — to comply with applicable law, such as tax and fraud-prevention requirements (Art. 6(1)(c)).
5. How We Share Information
We share information only in the limited circumstances below. We never share your User Content with other Users, advertisers, or data brokers.
5.1 Service Providers
We share limited operational data with trusted vendors that perform services on our behalf, under contracts that restrict their use of the data to providing services to us. These include, for example:
- Cloud hosting and storage (GCP, Vercel)
- Payment processing (Stripe)
- Transactional email delivery (Resend)
- Error monitoring and analytics (Vercel)
These providers may process personal data (e.g., account email, IP address, device data) but do not receive your User Content except to the extent necessary to store or transmit it on our behalf, in which form it remains private to your Account.
5.2 Legal Compliance and Protection
We may disclose information when we reasonably believe disclosure is required by law, subpoena, court order, warrant, or other legal process; necessary to investigate or defend against claims; or necessary to protect the rights, property, or safety of Compread, our Users, or the public. Where permitted by law, we will attempt to notify affected Users before producing their information.
5.3 Business Transfers
If Compread is involved in a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of that transaction. We will notify affected Users before personal information becomes subject to a different privacy policy. Any successor entity is bound by the privacy commitments made in this Policy with respect to data transferred, including that User Content will continue to be treated as private.
5.4 With Your Consent
We may share information for other purposes with your explicit consent.
6. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.
| Category | Retention |
|---|---|
| Account profile (email, username) | For the life of your Account |
| User Content (Modules) | For the life of your Account, or until you delete it |
| Payment and billing records | As required by tax and accounting law |
| Server logs and diagnostic data | Up to 90 days |
| Support correspondence | Up to 3 years after resolution |
| Backups | Up to 30 days after deletion from production systems |
When you delete your Account, we delete or anonymize your personal data and User Content from our active systems promptly and from backups within the backup-retention window above, except where retention is required by law.
7. Cookies and Tracking Technologies
We use a minimal set of cookies and similar technologies:
- Strictly necessary cookies — required to run the Service, keep you signed in, and secure your session. These cannot be disabled without breaking the Service.
- Preference cookies — remember your settings (e.g., UI preferences, language).
We do not use third-party advertising cookies or cross-site tracking technologies on the Service.
You can control cookies through your browser settings and, where applicable, through our in-product cookie banner. We honor Global Privacy Control (GPC) signals where technically feasible and required by law.
8. Data Security
We implement reasonable technical and organizational safeguards to protect personal information, including:
- TLS encryption for data in transit.
- Encryption at rest for account credentials and, where technically appropriate, for User Content.
- Access controls restricting employee access to production data to a narrow group of authorized personnel who need such access to operate the Service.
- Regular security reviews, logging, and monitoring.
No method of transmission or storage is perfectly secure. While we work hard to protect your information, we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.
If we become aware of a security breach affecting your personal information, we will notify you and applicable authorities as required by law.
9. Children's Privacy
The Service is not directed to children under 13 (or under 16 in jurisdictions that require it, such as certain EU Member States). We do not knowingly collect personal information from children under those ages.
If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at [support@compread.com]. We will delete the information and terminate the account as required by law.
If you are between the ages of 13 and 18 (or the applicable age of majority), you may use the Service only with the involvement of a parent or legal guardian.
10. Your Privacy Rights
Depending on where you live, you may have some or all of the following rights regarding your personal information:
- Access — request a copy of the personal information we hold about you.
- Correction / Rectification — ask us to correct inaccurate or incomplete information.
- Deletion / Erasure — ask us to delete your personal information, subject to certain legal exceptions.
- Portability — receive your information in a structured, machine-readable format.
- Restriction / Objection — limit or object to certain processing, including processing based on legitimate interests.
- Withdrawal of Consent — withdraw consent where processing is based on it.
- Non-discrimination — we will not discriminate against you for exercising your privacy rights.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, email [support@compread.com] from the email address associated with your Account. We will respond within the time frame required by applicable law (typically 30–45 days). We may need to verify your identity before acting on your request.
10.1 California Residents (CCPA / CPRA)
California residents have additional rights under the California Consumer Privacy Act, as amended by the CPRA. In the past 12 months, we have collected the categories of personal information described in Section 2 for the purposes described in Section 3.
- We do not sell personal information as defined by the CCPA.
- We do not share personal information for cross-context behavioral advertising.
- We do not use or disclose sensitive personal information for purposes that require a right to limit under the CPRA.
California residents may designate an authorized agent to make requests on their behalf.
10.2 Other U.S. State Privacy Laws
Residents of other U.S. states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and others) have rights substantially similar to those described above. We honor those rights to the extent required by your state's law.
11. International Data Transfers
Compread is based in the United States [adjust if different]. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States or in other countries where our service providers operate.
Where we transfer personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide adequate protection, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum, where applicable). You may request a copy of these safeguards by contacting us.
12. Third-Party Links
The Service may include links to third-party websites or services. This Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you interact with.
13. Do Not Track
Some browsers offer a "Do Not Track" (DNT) signal. Because there is no industry consensus on how to respond to DNT signals, the Service does not currently respond to them. We do, however, honor Global Privacy Control (GPC) signals as described in Section 7.
14. Changes to This Privacy Policy
We may update this Policy from time to time. When we do, we will post the revised Policy on the Service and update the "Last Updated" date. If changes are material, we will notify you by email or in-product notice at least [INSERT NUMBER, e.g., 14] days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.
15. Contact Us
If you have questions, concerns, or requests regarding this Policy or your personal information, please contact us:
Compread Compread Privacy inquiries: [support@compread.com]
By using Compread, you acknowledge that you have read and understood this Privacy Policy.