Legal

Privacy Policy

Last updated: 4 May 2026

Introduction

PageBack ("we", "us", or "our") operates the PageBack application at pageback.app (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.

By using the Service you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Local-first architecture

PageBack is designed as a local-first application. On the Free tier, your documents, reading progress, highlights, and notes are stored entirely on your device using browser-based storage (IndexedDB). These files never leave your device unless you explicitly enable cloud sync on a paid plan.

Information we collect

Account information

When you create an account we collect your email address and, if you choose social login, basic profile information provided by the identity provider (such as your name). This is used solely for authentication and account management.

Usage data

We collect anonymised, aggregated analytics through Vercel Analytics to understand how the Service is used. This may include page views, feature usage patterns, and performance metrics. No personally identifiable information is included in analytics data.

Cloud sync data (paid plans only)

If you subscribe to a Plus or Premium plan and enable cloud sync, your documents, metadata, reading positions, highlights, and notes are transmitted to and stored in our cloud infrastructure (powered by Supabase) so they can be accessed across your devices. Cloud-synced data is associated with your account and protected by row-level security policies.

AI enrichment

When you import a document, we may send limited metadata (such as the title, author, and a short excerpt) to a third-party AI service (OpenAI) to automatically classify and enrich your library. The full document content is never sent. You can review and override any AI-generated metadata at any time.

Social features

If you use recommendations or lending features, we store the minimum data needed to facilitate those interactions: connection identifiers, recommendation messages, and loan status. This data is stored in Supabase and protected by row-level security.

How we use your information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Sync your library across devices (paid plans)
  • Classify and enrich your document metadata
  • Facilitate recommendations and lending between connections
  • Send transactional emails (e.g. password resets)
  • Monitor performance and fix bugs

Data sharing and third parties

We do not sell your personal information. We share data only with the following categories of service providers, strictly to operate the Service:

  • Supabase — authentication, database, and cloud storage
  • Vercel — hosting and analytics
  • OpenAI — document metadata enrichment (limited metadata only, never full content)

Each provider processes data in accordance with their own privacy policies. We may also disclose information if required by law or to protect our rights.

Cookies and local storage

PageBack uses essential cookies for authentication session management. We do not use advertising or tracking cookies. Your documents and reading data are stored in IndexedDB, a browser storage mechanism that remains entirely on your device.

Data retention

Account information is retained for as long as your account is active. If you delete your account, we remove your personal data from our servers within 30 days, except where retention is required by law. Locally stored data in your browser is not affected by account deletion — you can clear it at any time through your browser settings.

Security

We take reasonable measures to protect your data, including encryption in transit (TLS), row-level security on all database queries, per-request nonce-based Content Security Policy headers, and secure authentication flows. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing

To exercise any of these rights, email no-reply@pageback.app.

Children's privacy

The Service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

Contact us

If you have questions about this Privacy Policy or how your data is handled, contact us at no-reply@pageback.app.

Privacy Policy - PageBack