The Reading DNA

Privacy Policy

Last updated: 22 June 2026

The Reading DNA (“we”, “us”, “our”) is a reading platform at getbacklist.com. This policy explains what personal data we collect, why we collect it, and your rights over it. We have tried to write it plainly. If anything is unclear, email us at hello@getbacklist.com.

1. Data we collect

We collect only what is needed to provide the service:

  • Email address. Collected when you sign up or log in via magic link. Used for authentication and to send you transactional emails (login links, account notices).
  • Reading history, shelves, and ratings. Books you add, shelf status (want to read, reading, read, abandoned), ratings, and notes you record in The Reading DNA.
  • Imported library data. If you import from Goodreads, we store the books and ratings from that export. We do not retain the raw CSV file after import.
  • Reading DNA. A preference profile derived from your reading history, stored as numerical attributes (pacing, tone, themes, etc.). This is computed from your own data and lives in your account.
  • Conversation history. Messages exchanged with the Librarian, our AI reading companion, are stored so the conversation persists across sessions.
  • Usage data. Actions you take in the app (adding a book, rating, abandoning, recommendations viewed) are logged to an append-only events table. This is the signal our recommendation engine learns from. No third-party analytics scripts are loaded.
  • Attribution data. If you arrive via a link with UTM parameters (e.g. from a campaign or referral), we store the first-touch source once at sign-up. This helps us understand which channels are working.

We do not collect payment information (no purchases occur on The Reading DNA), and we do not run third-party advertising or sell data to anyone.

2. How we use your data

  • To authenticate you and keep your account secure.
  • To provide the core service: your shelf, recommendations, Reading DNA, and the Librarian.
  • To send transactional emails (magic-link logins, account-related notices). We will only send marketing or newsletter emails if you explicitly opt in.
  • To improve the service: aggregate, anonymised usage patterns help us understand what features are working.

We do not use your data to train AI models. Your reading history and conversations are not used to train Anthropic’s models (we use the API under Anthropic’s standard data-handling terms).

3. Data storage and processors

Your data is stored in Supabase (PostgreSQL database and authentication). Supabase is our primary data processor. The following third-party services also process data on our behalf as part of delivering the service:

ProcessorPurposeData shared
SupabaseDatabase, authentication, storageAll account and reading data
Anthropicthe Librarian AI companion (Claude API)Your messages to the Librarian
Voyage AIBook embeddings (recommendation engine)Book titles and descriptions only — not personal data
VercelHosting and deploymentStandard web request metadata (IP, headers)
Resend (planned)Transactional email deliveryYour email address

All processors are contracted to handle data only as instructed by us and not to use it for their own purposes.

4. Cookies and local storage

The Reading DNA uses the following cookies and browser storage:

  • Supabase auth session cookie. Set on login to keep you signed in. Strictly necessary; the service cannot function without it.
  • Attribution cookie (fc_attr). Set once when you first visit if a UTM source is present. Stores the referral source so we can record it at sign-up. Expires at the end of the session.

We do not use advertising cookies, tracking pixels, or any third-party cookies.

5. Affiliate links

The Reading DNA participates in the Amazon Associates programme. When we link to a book on Amazon (buy or listen links), those links may contain an affiliate tag. If you purchase through such a link, we may earn a small commission at no extra cost to you. Affiliate links do not affect which books we recommend — recommendations are driven entirely by your Reading DNA.

6. Your rights

You have the following rights over your personal data. To exercise any of them, email hello@getbacklist.com from the address associated with your account.

  • Access. Request a copy of the personal data we hold about you.
  • Correction. Ask us to correct inaccurate data (e.g. an email address you want to update).
  • Deletion. Request that we delete your account and all associated personal data. We will action deletion requests within 30 days and confirm by email.
  • Portability. Request an export of your reading data (shelves, ratings, Reading DNA) in a machine-readable format.
  • Objection. Object to any processing of your data that is based on our legitimate interests rather than your consent.

If you are in the European Economic Area or the UK, you have the right to lodge a complaint with your local data protection authority. We are based in the UK.

7. Data retention

We retain your personal data for as long as your account is active. If you request deletion, we will remove your account and all associated data within 30 days, except where we are required to retain it by law (e.g. financial records, if any). Anonymised, aggregate usage statistics may be retained indefinitely.

8. Children

The Reading DNA is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

9. Changes to this policy

If we make material changes to this policy, we will update the “Last updated” date at the top and, where the changes are significant, notify active users by email. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

10. Contact

Questions, requests, or concerns about this policy: hello@getbacklist.com