OneBookList logo
OneBookList One person, one book, one story

privacy

PRIVACY POLICY

Version 3 · Published 2026-01-16

Effective date: 15.01.2026

This Privacy Policy explains how Jan Piotrzkowski (“OneBookList”, “we”, “us”) collects, uses, and shares personal data when you use onebooklist.com and related pages and features (the “Service”). It also explains your rights under the GDPR and Polish law.

1. Data Controller And Contact

Data Controller: Jan Piotrzkowski

Address: ANNY SZWED-ŚNIADOWSKIEJ 45/63, 30-389 Kraków, Poland

NIP: 6793280479

REGON: 52672563500000

Privacy contact email: piotrzkowski.dev@gmail.com

2. What Data We Collect

We collect the following categories of personal data depending on how you use the Service:

Account and identity data
1.1 Google sign in data such as your Google account identifier and basic profile information returned by Google (typically name, email address, profile image, depending on your Google settings and consent)

Profile and public presence
2.1 Your display name, avatar, and any profile information you choose to add in the Service
2.2 Your public activity in the Service (for example published stories and interactions)

User Content
3.1 Stories, book submissions, reviews, comments, and any content you post
3.2 Metadata related to your content (timestamps, edits, moderation status)

Communications
4.1 Emails you send us (support requests, complaints, moderation requests) and our replies
4.2 Any information you include in those messages

Technical and usage data
5.1 IP address, device and browser information, pages viewed, and events needed to operate and secure the Service
5.2 Security logs, anti abuse signals, and diagnostic data

Cookies and similar technologies
6.1 Essential cookies required for login sessions and security
6.2 Optional cookies (for example analytics) only if enabled and only where required, with your consent

3. How We Use Data And Our Legal Bases

We process personal data for the following purposes and legal bases under the GDPR:

To provide and operate the Service (GDPR Article 6(1)(b) contract)
1.1 Creating and maintaining your account
1.2 Authenticating you via Google sign in
1.3 Displaying your content and enabling core features

To secure the Service and prevent abuse (GDPR Article 6(1)(f) legitimate interests)
2.1 Rate limiting, fraud prevention, spam control, and threat detection
2.2 Maintaining logs to investigate incidents and keep the Service stable

To moderate content and enforce rules (GDPR Article 6(1)(f) legitimate interests)
3.1 Reviewing, approving, rejecting, or removing submissions
3.2 Handling reports, complaints, and enforcement actions

To communicate with you (GDPR Article 6(1)(b) and or 6(1)(f))
4.1 Support replies and operational messages related to your account or requests
4.2 Responding to legal and rights related requests

To comply with legal obligations (GDPR Article 6(1)(c))
5.1 Handling lawful requests
5.2 Retaining certain records when required by law

Optional analytics and non essential cookies (GDPR Article 6(1)(a) consent)
6.1 If we use optional analytics or similar tools, we will rely on consent where required and allow you to withdraw it

4. Public Content And Search Engines

User Content you publish may be public and visible to other visitors.

Public pages may be indexed by search engines.

If you delete content, we will stop displaying it publicly within a reasonable time, but copies may persist temporarily due to caching, backups, or third party indexing.

5. How We Share Data

We do not sell your personal data.

We may share personal data only in the following situations:

Service providers (processors)
We use trusted providers to host and operate the Service. They process data on our behalf under contractual obligations and security requirements.

Google sign in
Authentication is provided through Google. Google processes data under its own policies. We receive limited account information needed to create and maintain your OneBookList account.

Affiliate and third party links
If you click links to third party sites such as Amazon or Audible, your interaction happens with those third parties under their own privacy policies. We do not control what they collect.

Legal and safety reasons
We may disclose data if required by law or if necessary to protect rights, safety, and security of the Service, users, or the public.

Business transfers
If the Service is transferred as part of a merger, acquisition, or asset sale, data may be transferred as part of that transaction, subject to applicable law.

6. International Transfers

Some providers we use (for example Google) may process data outside the European Economic Area. When transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses and other measures required by the GDPR.

7. Data Retention

We keep personal data only as long as necessary for the purposes described above.

Account data
Kept while your account is active. If you request deletion, we delete or anonymize account data within a reasonable time, subject to legal obligations and technical constraints.

User Content
Kept until you delete it or request deletion, unless removal is not possible for legal or technical reasons (for example, evidence for fraud prevention, legal claims, or already distributed promotions).

Logs and security data
Typically retained for a limited period needed for security and debugging, then deleted or anonymized.

Backups
Backup copies may persist for a limited time before being overwritten.

8. Your Rights Under GDPR

If you are in the EU or EEA, you have the following rights, subject to legal limitations:

Access: obtain a copy of your personal data

Rectification: correct inaccurate data

Erasure: request deletion of your data

Restriction: limit processing in certain cases

Portability: receive certain data in a portable format

Objection: object to processing based on legitimate interests

Withdraw consent: where processing is based on consent (for example optional cookies)

Complaint: lodge a complaint with a supervisory authority

To exercise rights, email piotrzkowski.dev@gmail.com
.

Polish supervisory authority: Prezes Urzędu Ochrony Danych Osobowych (UODO).

9. Cookies And Similar Technologies

Essential cookies
We use cookies necessary for login sessions, security, and basic functionality.

Optional cookies
If we use optional cookies (for example analytics), we will request consent where required and provide a way to change your preferences.

10. Security

We use reasonable technical and organizational measures designed to protect data. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.

11. Children

The Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided data, contact us and we will take appropriate steps.

12. Changes To This Privacy Policy

We may update this Privacy Policy from time to time. We will post the latest version on the Service with a new effective date.

13. Contact

For privacy questions or requests, contact: piotrzkowski.dev@gmail.com