Book Blaster Privacy Policy

Effective date: March 23, 2026

Book Blaster (“we”, “us”, or “our”) operates bookblaster.io and app.bookblaster.io (the “Service”). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

  • Account data: name, email address, and password (hashed) when you create an account.
  • Book and campaign data: titles, ISBNs, cover images, marketing copy, and campaign settings you provide.
  • Payment data: billing details are processed by Stripe. We do not store full card numbers.
  • Meta Ads integration data: if you connect a Facebook / Meta account, we store your OAuth access token, ad account ID, pixel ID, and page ID in order to publish campaigns on your behalf. We only request the permissions you explicitly authorize.
  • Usage and analytics data: pages visited, features used, and error logs, collected to improve the product.
  • Communications: any messages you send us via email or in-app support.

2. How We Use Your Information

  • Provide, operate, and maintain the Service.
  • Publish Meta ad campaigns and landing pages on your behalf when you request it.
  • Process payments and manage subscriptions.
  • Send transactional emails (account confirmation, password reset, receipts).
  • Send product updates and marketing emails (you may unsubscribe at any time).
  • Detect and prevent fraud or abuse.
  • Comply with legal obligations.

3. Meta / Facebook Data

When you connect your Meta account via OAuth, Book Blaster receives access tokens and account identifiers necessary to create and manage Facebook and Instagram ad campaigns on your behalf. We use this data only to perform the actions you explicitly request inside the app.

We do not sell or share your Meta credentials with third parties. We store the minimum data required for ad campaign management.

You can revoke Book Blaster's access to your Meta account at any time from Facebook Settings → Apps and Websites → Book Blaster. You can also disconnect from inside Book Blaster at Settings → Integrations. Upon disconnection, your access token is deleted from our systems immediately.

4. Data Deletion

You may request deletion of your account and all associated data by emailing hello@bookblaster.io. We will process your request within 30 days.

If you remove Book Blaster from your Facebook apps, we will automatically delete any Meta-related data we hold for your account in accordance with Meta's Platform Terms.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Service providers (Supabase, Stripe, SendGrid, Vercel, OpenAI, Google) who process data on our behalf under confidentiality agreements.
  • Meta Platforms when you use the Meta Ads integration — data is sent to Meta's Graph API to fulfill your ad publishing requests.
  • Law enforcement if required by applicable law or valid legal process.

6. Cookies and Tracking

We use cookies and similar technologies for authentication sessions and basic analytics. We do not use third-party advertising cookies on our own properties. You can control cookies through your browser settings, though disabling them may affect Service functionality.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. When you delete your account, we delete or anonymize your data within 30 days, except where we must retain it for legal or audit purposes (e.g., billing records, which we keep for 7 years).

8. Security

We implement industry-standard security measures: encrypted connections (TLS), database row-level security, hashed passwords, and access controls. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us personal information, contact us and we will delete it.

10. Your Rights

Depending on your location, you may have rights to access, correct, delete, or port your data, and to object to or restrict processing. To exercise any of these rights, email hello@bookblaster.io.

California residents may have additional rights under the CCPA. EEA/UK residents may have rights under GDPR. We will respond to all requests within 30 days.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice. Continued use of the Service after changes take effect constitutes acceptance.

12. Contact Us

Questions about this policy? Email us at hello@bookblaster.io.