Privacy Policy

Last updated: 10 June 2026

1. Who we are

OurNextBook is a book club polling application. When we say "we", "us", or "our" in this policy, we're referring to the operator of this OurNextBook instance.

2. What data we collect

We collect only what's necessary to run the service:

  • Account information — username, email address, and a securely hashed password (Argon2id). We never store your password in plain text.
  • Profile information — display name, bio, and favourite genres (all optional, provided by you).
  • Usage data — polls you create or join, books you nominate, and votes you cast.
  • Guest participation — if you participate without an account, we store the display name you provide and a session token.
  • Technical data — server logs may contain IP addresses and request timestamps for security and debugging purposes. These are retained for no more than 30 days.

3. How we use your data

  • To provide the service — creating polls, managing nominations, tallying votes.
  • To send you emails — account verification, 2FA codes, and (if enabled) poll notifications. We will never send marketing emails.
  • To maintain security — detecting abuse, preventing spam, protecting accounts.

4. Anonymous voting

When a poll is configured with anonymous voting enabled, individual vote choices are not visible to other users or the poll creator. However, we do store which users have voted (to prevent duplicate votes). The specific choices are only used for tally calculations.

5. Data sharing

We do not sell, rent, or share your personal data with third parties. The only external service we connect to is the Open Library API (openlibrary.org) to fetch book information — no personal data is sent to them.

6. Cookies and local storage

We use a single essential session cookie to keep you logged in. We do not use tracking cookies, analytics cookies, or advertising cookies. No third-party tracking scripts are loaded.

7. Data retention

  • Account data — retained while your account is active. You can request deletion at any time.
  • Poll data — retained for the lifetime of the poll. Deleted polls are soft-deleted (hidden from view but retained for 90 days before permanent removal).
  • Server logs — retained for a maximum of 30 days.

8. Your rights

Under applicable data protection law (including UK GDPR), you have the right to:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct inaccurate information via your profile settings.
  • Erasure — request deletion of your account and associated data.
  • Portability — receive your data in a machine-readable format.
  • Object — object to processing of your data.

To exercise any of these rights, contact us at the email address below.

9. Security

We take security seriously:

  • Passwords are hashed with Argon2id (industry best practice).
  • All traffic is encrypted via HTTPS/TLS.
  • Optional email-based two-factor authentication is available.
  • Database credentials and secrets are stored in environment variables, never in code.

10. Children

This service is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top will reflect any changes. Continued use of the service after changes constitutes acceptance.

12. Contact

For privacy-related questions or data requests, contact us at: privacy@ournextbook.club