Privacy Policy

Overview

ZRead is designed with your privacy in mind. We collect minimal data necessary to provide and improve our service.

Data Collection

We use Firebase Analytics to collect anonymous usage data, including:

• App usage patterns (feature usage, reading sessions)
• Device information (model, OS version)
• Crash reports via Firebase Crashlytics

This data is anonymous and cannot be used to identify you personally.

On-Device Processing

All AI features (text-to-speech with Kokoro, image enhancement) run entirely on your device. Your book content is never sent to external servers.

Books and Reading Data

Your books, reading progress, and settings are stored locally on your device. We do not have access to what you read.

Google User Data (Google Drive)

ZRead can optionally connect to your Google Drive account to let you browse and download your own book files into the app's local library. This integration uses the drive.readonly OAuth scope.

How we use Google user data

We use the data obtained via the drive.readonly scope solely to provide the user-facing features you request: listing folders and book files in your Drive, displaying file metadata, and downloading the specific files you choose to import into ZRead's local library. We do not use Google user data for any other purpose. Specifically:

• We do not sell, rent, or share your Google user data with any third party.
• We do not use your Google user data for advertising or to serve ads.
• We do not use your Google user data to develop, improve, or train generalized AI or machine-learning models.
• We do not upload, modify, or delete anything in your Google Drive (the scope is read-only).
• We do not proxy your Drive traffic or transmit your Drive files or credentials to any server we operate. The app communicates with Google's APIs directly from your device.

Data protection

We protect Google user data with the following mechanisms:

• Encryption in transit — all communication with Google APIs uses HTTPS/TLS.
• Encryption at rest — OAuth access and refresh tokens are stored exclusively in the iOS Keychain, protected by iOS data protection. Tokens never leave your device.
• Minimum scope — ZRead requests only drive.readonly, the minimum scope needed for the feature.
• No server-side storage — downloaded book files and any cached file metadata are kept only in the app's sandboxed storage on your device, which is protected by iOS file-system encryption when the device is locked.

Data retention and deletion

• Tokens — OAuth tokens are retained on your device only while you remain connected to Google Drive. When you disconnect the account from within the app, ZRead revokes the token with Google and deletes it from the Keychain.
• Cached metadata — any cached file/folder listings are deleted from your device when you disconnect, when you delete the app, or when you manually clear app data in iOS Settings.
• Downloaded files — books you imported from Drive are stored locally and remain until you delete them from ZRead's library or uninstall the app. Deleting them in ZRead does not affect the original files in your Drive.
• How to request deletion — you can delete all Google user data held by ZRead at any time by disconnecting Google Drive from within the app and/or uninstalling the app. To revoke ZRead's access from Google's side, visit myaccount.google.com/permissions.

ZRead's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Dropbox User Data

ZRead can optionally connect to your Dropbox account to let you browse and download your own book files into the app's local library. This integration uses Dropbox's read-only file scopes (files.metadata.read and files.content.read).

How we use Dropbox user data

We use the data obtained via these scopes solely to provide the user-facing features you request: listing folders and book files in your Dropbox, displaying file metadata, and downloading the specific files you choose to import into ZRead's local library. We do not use Dropbox user data for any other purpose. Specifically:

• We do not sell, rent, or share your Dropbox user data with any third party.
• We do not use your Dropbox user data for advertising or to serve ads.
• We do not use your Dropbox user data to develop, improve, or train generalized AI or machine-learning models.
• We do not upload, modify, or delete anything in your Dropbox (the scopes are read-only).
• We do not proxy your Dropbox traffic or transmit your Dropbox files or credentials to any server we operate. The app communicates with Dropbox's APIs directly from your device.

Data protection

We protect Dropbox user data with the following mechanisms:

• Encryption in transit — all communication with Dropbox APIs uses HTTPS/TLS.
• Encryption at rest — OAuth access and refresh tokens are stored exclusively in the iOS Keychain, protected by iOS data protection. Tokens never leave your device.
• Minimum scopes — ZRead requests only the read-only scopes needed for the feature.
• No server-side storage — downloaded book files and any cached file metadata are kept only in the app's sandboxed storage on your device, which is protected by iOS file-system encryption when the device is locked.

Data retention and deletion

• Tokens — OAuth tokens are retained on your device only while you remain connected to Dropbox. When you disconnect the account from within the app, ZRead revokes the token with Dropbox and deletes it from the Keychain.
• Cached metadata — any cached file/folder listings are deleted from your device when you disconnect, when you delete the app, or when you manually clear app data in iOS Settings.
• Downloaded files — books you imported from Dropbox are stored locally and remain until you delete them from ZRead's library or uninstall the app. Deleting them in ZRead does not affect the original files in your Dropbox.
• How to request deletion — you can delete all Dropbox user data held by ZRead at any time by disconnecting Dropbox from within the app and/or uninstalling the app. To revoke ZRead's access from Dropbox's side, visit dropbox.com/account/connected_apps.

OPDS Catalogs

ZRead supports browsing OPDS catalogs to discover and download books. When you use OPDS catalogs:

• ZRead connects directly to the catalog server you specify. We do not proxy or intercept these connections.
• Catalog URLs you add are stored locally on your device.
• We do not track which catalogs you browse or which books you download.

Subscriptions

Subscription purchases are processed through Apple's App Store. We use RevenueCat to manage subscription status. RevenueCat receives an anonymous identifier but not your personal information.

Third-Party Services

• Firebase Analytics & Crashlytics — anonymous usage and crash data
• RevenueCat — subscription management
• Google Drive — optional cloud storage integration (read-only access, OAuth 2.0)
• Dropbox — optional cloud storage integration (read-only access, OAuth 2.0)

Data Sharing

We do not sell, trade, or share your personal data with third parties.

Contact

If you have questions about this privacy policy, contact us at support@zread.app.

Last updated: April 27, 2026