Privacy Policy

Overview

Hidden Library ("we", "us", "our") operates the Hidden Library website and newsletter service. This Privacy Policy explains how we collect, use, store, and protect your Personal Data when you interact with our service.

By using Hidden Library, you consent to the practices described in this policy.

Last updated: December 30, 2025

1. Data Controller

The Data Controller responsible for your personal data is:

Tatjana Chernenko
Bergheimer Str. 38, 69115 Heidelberg
Email: email@hiddenlibrary.club

If you have any questions about this Privacy Policy, please contact us.

2. Information We Collect

While using our service, we may collect the following types of Personal Data:

Required:

• Email address

Optional:

• Name
• Genre preferences
• Book submission data (for authors)

Automatically collected:

• Server logs (IP address, browser type, date/time, referrer)
• Technical usage information necessary for security and operation
• Website analytics data (via Google Analytics, with your consent)

We do not intentionally collect data from individuals under the age of 18.

3. Legal Basis for Processing (GDPR Art. 6)

We process your data on the following legal bases:

Consent (Art. 6(1)(a))

For sending newsletters and marketing emails.

Performance of a contract (Art. 6(1)(b))

For managing author submissions and platform accounts.

Legitimate interest (Art. 6(1)(f))

For security, fraud prevention, server logs, analytics, and service improvement.

Compliance with legal obligations (Art. 6(1)(c))

When required by German or EU law.

You may withdraw consent at any time.

4. How We Use Your Personal Data

We use collected information to:

• Deliver newsletter updates and book promotions
• Manage author submissions and communication
• Improve the quality, stability, and security of our service
• Analyse usage patterns (minimal technical analytics)
• Maintain internal records and operational logs

We do not sell personal data.

5. Third-Party Service Providers (Data Processors)

We use the following service providers to operate Hidden Library:

• Supabase – database, authentication, and secure data storage
• Resend – transactional email delivery
• Vercel – website hosting and serverless infrastructure
• Google Analytics (Google LLC) – website analytics and usage statistics

Each provider processes data in accordance with its own privacy policy.

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), including the United States.

Where data is transferred internationally, we rely on:

• The EU–US Data Privacy Framework, when applicable
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Additional safeguards required under GDPR

You may request a copy of the relevant transfer mechanism.

7. Cookies and Tracking Technologies

Hidden Library uses the following types of cookies:

Essential Cookies (Required):

• Session management
• Security
• Authentication

Analytics Cookies (With Your Consent):

• Google Analytics – to understand how visitors use our website, which pages are most popular, and to improve user experience
• These cookies collect anonymized data including page views, session duration, and referrer information
• You can opt out at any time via the cookie settings banner

We do not use marketing or advertising cookies.

Cookie Retention:

• Essential cookies: Session-based or up to 30 days
• Analytics cookies: Up to 24 months (Google Analytics default)

Managing Cookies:

You can control cookie preferences through:

• The cookie consent banner when you first visit the site
• Your browser settings (instructions: aboutcookies.org)
• Google Analytics opt-out: tools.google.com/dlpage/gaoptout

7a. Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC ("Google"), to help us understand how visitors interact with our website.

What Google Analytics Collects:

• Pages visited and time spent on each page
• Referring website or search engine
• Browser type, device type, and screen resolution
• Approximate geographic location (country/city level, not precise address)
• Anonymized IP addresses (last octet removed)

Legal Basis:

We process this data based on your consent (GDPR Art. 6(1)(a)).

Data Sharing:

Google Analytics data is processed by Google LLC in the United States under the EU-US Data Privacy Framework and Standard Contractual Clauses.

Your Rights:

• You may withdraw consent at any time via cookie settings
• You may opt out of Google Analytics: tools.google.com/dlpage/gaoptout
• This will not affect your ability to use Hidden Library

Data Retention:

Analytics data is retained for 26 months, after which it is automatically deleted.

Google's Privacy Policy:

https://policies.google.com/privacy

8. Email Communications (CAN-SPAM, UK GDPR, Spam Act 2003)

By subscribing to the newsletter, you agree to receive emails from us.

To comply with global requirements:

• All emails include a functional unsubscribe link
• You may opt out at any time
• Emails clearly identify the sender
• We retain a minimal record of unsubscribed addresses to prevent resending

We comply with:

• CAN-SPAM Act (USA)
• UK GDPR
• Australia Spam Act 2003

9. Data Storage and Security

Your data is stored securely using industry-standard encryption and access controls.

We implement appropriate technical and organisational measures, but note that no method of internet transmission is 100% secure.

10. Data Retention

We retain personal data only as long as necessary for:

• Providing the service
• Legal and operational requirements
• Security purposes

We do not hard-delete data immediately; instead, we may archive or anonymise it.

You may request permanent deletion (see Section 11).

11. Your Data Protection Rights (GDPR)

If you are located in the EEA or UK, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request erasure ("right to be forgotten")
• Restrict processing
• Object to processing
• Request data portability
• Withdraw consent
• Lodge a complaint with your local data protection authority

To exercise these rights, contact us at the address above. We respond within 30 days.

12. Data Breach Notification

In the unlikely event of a data breach:

• We will assess the risk
• Notify affected users without undue delay if there is a high risk
• Notify relevant authorities in accordance with GDPR

13. Children's Privacy

Hidden Library is not intended for individuals under 18. We do not knowingly collect data from children. Please inform us if such data was submitted.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a new "Last updated" date.

15. Contact Us

If you have any questions about this Privacy Policy or your personal data:

Email: email@hiddenlibrary.club

We are happy to assist you.