Coral Reader — Privacy Policy
1. Who we are & how to contact us
The app “Coral Reader” is published by Yanai Hollander, an individual sole proprietor resident in Israel, who acts as the data controller for the limited data described in this policy.
For any privacy question or request, email yanayh90@gmail.com.
2. Scope
This policy applies to the Coral Reader mobile app on Android and iOS, including data processed on your device and data processed by the integrated third-party providers listed in Section 6.
3. What we do NOT collect
- No user accounts, logins, or passwords; no name, email address, username, phone number, contacts, photos, or precise location.
- We never upload, host, copy, transmit, sell, or read the EPUB/PDF files or book content you import. Imported books are stored and processed entirely on your device.
- We do not sell personal information, and we do not use your data for cross-context behavioral advertising or for tracking you across other apps or websites.
4. What we DO collect
The app collects only anonymous and pseudonymous telemetry, summarized below.
| Category | Examples | Collected by |
|---|---|---|
| Usage / analytics events | book_opened, reading_session_end, paywall_shown,
purchase_completed, book_imported,
onboarding_completed, plus parameters such as an internal local
book_id (never the book’s title, content, or file), source, trigger, and
duration. |
Firebase Analytics |
| Device & app context | App-instance ID, device model, OS version, app version, language/locale, and an approximate region derived from IP address. | Firebase Analytics |
| Crash & diagnostics | Crash stack traces, device state at the time of a crash, app version, and OS version — keyed to anonymous device/instance identifiers. | Firebase Crashlytics |
| Subscription status | Whether you have an active subscription/entitlement, the product identifier, purchase/renewal/trial status, an anonymous RevenueCat app-user ID, and a device identifier. We never receive your payment card details. | RevenueCat + App Store / Google Play |
5. Why we process it & legal bases (GDPR Art. 6)
- To provide and operate the app: performance of a contract (Art. 6(1)(b)).
- To manage subscriptions and verify entitlements: performance of a contract (Art. 6(1)(b)).
- To understand usage and improve the product: your consent (Art. 6(1)(a)) where required, otherwise our legitimate interests (Art. 6(1)(f)). You can withdraw consent at any time via the Settings opt-out described in Section 10.
- To diagnose crashes and keep the app stable and secure: our legitimate interests (Art. 6(1)(f)).
6. Third-party providers
We rely on a small number of established providers that process data on our behalf or as independent controllers for billing. Each maintains its own privacy policy:
- Google Firebase Analytics — usage analytics (firebase.google.com/support/privacy, policies.google.com/privacy).
- Google Firebase Crashlytics — crash reporting (firebase.google.com/support/privacy).
- RevenueCat — subscription management and receipt validation (revenuecat.com/privacy).
- Apple App Store — payment processing and subscription billing on iOS (apple.com/legal/privacy).
- Google Play — payment processing and subscription billing on Android (policies.google.com/privacy).
7. International data transfers
Some providers are based in the United States or operate globally, so your data may be transferred outside Israel, the EEA, or the UK. Where this happens, the transfer relies on the providers’ safeguards, such as the EU Standard Contractual Clauses or applicable adequacy decisions.
8. Data retention
Data stored on your device persists until you remove it (delete a book, clear the app’s data, or uninstall the app). Analytics, crash, and subscription data are retained according to the providers’ configured retention windows and then deleted or aggregated.
9. Your rights
Depending on where you live, you may have rights under the EU/UK GDPR, the Israeli Protection of Privacy Law, and the California CCPA/CPRA — including the right to access, correct, delete, or object to processing, and to opt out of any “sale” or “sharing” of personal information. Because Coral Reader has no accounts, most data is either stored only on your device or is pseudonymous telemetry keyed to a device/instance identifier. To make a request, email yanayh90@gmail.com; we may ask for information needed to locate the relevant identifiers.
10. Analytics consent & opt-out
Firebase Analytics and Crashlytics are enabled by default. You can turn them off at any time using the “Share anonymous usage data” toggle in Settings. When you turn it off, analytics and crash collection stop, and essential app functionality is unaffected.
11. Children’s privacy
Coral Reader is intended for a general audience and is not directed to children. You must be at least 13 years old (or the minimum age of digital consent in your country, if higher) to use the app. We do not knowingly collect data from children below that age; if you believe a child has used the app, contact us and we will address it.
12. Do Not Sell or Share (CCPA/CPRA)
We do not sell or share personal information, and we do not process it for cross-context behavioral advertising. There is therefore nothing to opt out of in that respect, but you may still use the analytics opt-out in Section 10.
13. App store privacy labels & tracking
Consistent with this policy, the data we collect is classified as Usage Data, Diagnostics, and Purchases, is not linked to your identity, and is not used to track you. We do not use the advertising identifier (IDFA) or any advertising SDKs, so no App Tracking Transparency prompt is required on iOS.
14. Security
We use local-first, on-device storage for your books, encrypt data in transit to our providers using TLS, store no account credentials, and minimize and pseudonymize the telemetry we collect.
15. Changes to this policy
If we make material changes, we will update the “Last updated” date above and, where required, surface the change inside the app so you can review it.
16. Contact
Questions or requests: yanayh90@gmail.com.