Privacy Policy

Last updated: March 31, 2026

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and username. If you sign in via a third-party provider (Google, GitHub, Discord, LinkedIn, or Microsoft), we receive your name, email, and profile image from that provider.

1.2 Content You Create

We store the content you publish on the Platform, including blog posts, books, eZine submissions, marginalia, comments, reviews, and associated metadata (titles, descriptions, tags, cover images).

1.3 Payment and Financial Information

When you make a purchase or set up monetization, payment information (credit card numbers, bank account details) is collected and processed directly by our payment processor, Stripe, Inc. divita does not store full credit card numbers or bank account details on our servers. We receive and store: transaction records (amounts, dates, items purchased), Stripe customer and account identifiers, partial payment method information (e.g., last four digits of a card), and billing contact information.

1.4 Usage Data

We collect anonymized usage data including page views (deduplicated by session), post engagement metrics (likes, bookmarks), reading positions, and navigation patterns to provide features like reading progress, analytics dashboards, and personalized recommendations.

1.5 Uploaded Files

Images and audio files you upload (profile photos, cover images, post images, narration audio) are stored on our servers or cloud storage provider. We do not analyze uploaded files beyond processing them for display and playback on the Platform.

1.6 Device and Log Data

We automatically collect certain information when you access the Platform, including IP address, browser type and version, operating system, referring URL, pages visited, and access timestamps. This data is used for security, abuse prevention, and aggregate analytics.

1.7 Tax Information

If you participate in author monetization, we may collect tax identification information (e.g., W-9 or W-8BEN forms) as required by law for tax reporting purposes.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Platform, including your account, blogs, books, and published content
  • Process payments, manage subscriptions, and facilitate author payouts
  • Send transactional communications (purchase receipts, subscription confirmations, payout notifications)
  • Send notifications about activity on your content (new followers, reactions, marginalia, eZine submission updates)
  • Send periodic digest emails summarizing Platform activity (you can disable this in settings)
  • Personalize your experience through discovery recommendations based on your reading and engagement patterns
  • Moderate content and enforce our Terms of Service
  • Generate anonymous, aggregate analytics (trending posts, explore page ranking)
  • Detect, prevent, and address fraud, abuse, security issues, and technical problems
  • Comply with legal obligations, including tax reporting

3. Legal Basis for Processing (EEA/UK Users)

If you are in the European Economic Area or United Kingdom, we process your data under the following legal bases:

  • Contract performance: Processing necessary to provide the Platform, process payments, and fulfill purchases
  • Legitimate interest: Analytics, fraud prevention, product improvement, and personalized recommendations
  • Legal obligation: Tax reporting, responding to legal requests, and maintaining financial records
  • Consent: Marketing emails, digest notifications, and optional data processing you opt into

4. Information Sharing

We do not sell your personal information. We share information only in these cases:

  • Public content: Posts, books, eZine issues, and marginalia you publish are visible to other users and may be indexed by search engines
  • Profile information: Your name, username, bio, and profile image are publicly visible
  • Payment processing: We share necessary transaction data with Stripe to process payments, manage subscriptions, and facilitate payouts. Stripe processes this data under its own Privacy Policy
  • Author earnings: If you purchase content, the author may see that a purchase was made but does not receive your payment details
  • Content reports: If you report content, your identity is visible to Platform administrators but not to the content author
  • External integrations: Flag data may be shared with configured external systems (ticketing, moderation tools) via API when enabled by administrators
  • Text-to-speech: If you use audio narration, your post content is sent to ElevenLabs for processing under their privacy policy
  • Legal requirements: We may disclose information if required by law, subpoena, court order, or government request, or to protect the rights, property, and safety of divita, its users, or the public
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy

5. Cookies and Local Storage

We use the following:

  • Session cookie: Required for authentication (managed by NextAuth). Strictly necessary.
  • Provider hint cookie (divita_last_provider): Remembers your last sign-in method. Functional.
  • Stripe cookies: Set by Stripe during payment flows for fraud prevention and payment processing. Necessary for payments.
  • Theme preference: Stored in local storage to persist your chosen color theme. Functional.
  • Reading position: Stored in local storage to resume reading where you left off. Functional.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies (e.g., Google Analytics). All analytics are first-party and anonymized.

6. Data Retention

6.1 Account Data

Your content and account data are retained as long as your account is active. When you delete your account, your data is scheduled for deletion after a 14-day grace period. After the grace period, your account, profile, and all associated content (posts, books, marginalia, comments) are permanently deleted.

6.2 Financial Records

Transaction records, payout history, and tax-related information are retained for a minimum of 7 years after the transaction date, as required for tax, legal, and regulatory compliance, even if your account is deleted.

6.3 Aggregate Data

Anonymized aggregate data (view counts, engagement scores) may be retained indefinitely as it cannot be linked to individual users.

6.4 Purchased Content

Content that has been purchased by other users or published as part of eZine issues may be retained to fulfill those obligations, even if the author deletes their account.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate personal data through your profile settings
  • Deletion: Delete individual posts, books, or your entire account from settings
  • Export: Export your content as EPUB or PDF at any time (data portability)
  • Restriction: Request that we restrict processing of your personal data in certain circumstances
  • Objection: Object to processing based on legitimate interest
  • Withdraw consent: Withdraw consent for optional processing (e.g., marketing emails) at any time
  • Non-discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us using the information in Section 14. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

8. International Data Transfers

The Platform is hosted in the United States. If you access the Platform from outside the US, your data will be transferred to and processed in the US. We rely on standard contractual clauses and other legally approved mechanisms to ensure appropriate safeguards for international data transfers.

9. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Hashed passwords using bcrypt with appropriate work factors
  • Secure, short-lived session management (password reset tokens expire after 1 hour, email verification tokens after 24 hours)
  • Payment data handled exclusively by PCI DSS-compliant Stripe infrastructure
  • Rate limiting and abuse prevention on API endpoints
  • Role-based access controls for administrative functions

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If we become aware of a data breach that affects your personal information, we will notify you as required by applicable law.

10. Children’s Privacy

divita is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal information, please contact us immediately.

Users between 13 and 18 may use the Platform with parental consent but may not make purchases or participate in monetization features.

11. Do Not Track

We do not track users across third-party websites. We do not use third-party analytics or advertising trackers. As such, we do not respond to Do Not Track (DNT) browser signals because our practices already align with DNT principles.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You can request the categories and specific pieces of personal information we have collected about you
  • Right to delete: You can request deletion of your personal information, subject to legal exceptions
  • Right to opt out of sale: We do not sell personal information, so this right does not apply
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us using the information in Section 14. We will verify your identity before processing requests.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notification at least 30 days before they take effect. Continued use after the effective date constitutes acceptance. The “Last updated” date at the top of this page indicates when the policy was last revised.

14. Contact

For questions about this Privacy Policy, to exercise your data rights, or to report a privacy concern, contact us at [email protected].

If you are in the EEA and believe your data protection rights have not been addressed, you have the right to lodge a complaint with your local data protection supervisory authority.

Terms of Service|Create an account