Privacy Policy

FicLog is operated by DRUCODE S.R.L. (CUI: 52686077), a company registered in Romania at Jud. Iași, Sat Miroslava, Comuna Miroslava, Strada Alexandru Vlahuță, Nr. 22.

For the purposes of the EU General Data Protection Regulation (GDPR), we are the data controller for the personal data we process through FicLog.

If you have any questions about how we handle your data, you can reach us at support@ficlog.app.

Account Information: When you create an account, we collect your email address and a password (securely hashed with bcrypt). If you use social login (Google, Facebook, or Apple), we receive your name, email address, and a unique identifier from the provider.

Your Library: The fics you save, including titles, URLs, authors, metadata (word count, chapter count, fandom, genre), reading status, ratings, notes, and custom tags you add.

Reading Progress: When you use the in-app reader, we store your reading position (chapter, scroll position) and status updates so you can pick up where you left off.

Usage Analytics: We use PostHog to collect analytics data such as page views, button clicks, feature usage patterns, and session recordings on the website. See the "Analytics & Cookies" section below for details.

Device Information: Basic device data such as operating system, app version, screen size, and language settings, collected to ensure the app works correctly on your device.

Browser Extension Data: When you use the FicLog browser extension, it reads metadata from fanfiction pages you explicitly choose to save. See the "Browser Extension" section below.

Payment Information: Subscription payments are processed by LemonSqueezy. We do not store your credit card number or payment details directly. We receive transaction identifiers, subscription status, and billing email from LemonSqueezy.

Under the GDPR, we process your personal data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b)): Processing your account data, library, reading progress, and subscription information is necessary to provide the FicLog service you signed up for.
• Legitimate Interests (Art. 6(1)(f)): We use analytics to improve our service, ensure security, and prevent abuse. We have balanced these interests against your privacy rights and believe they do not override your fundamental rights.
• Consent (Art. 6(1)(a)): For non-essential cookies, marketing communications, and session recordings, we rely on your consent. You can withdraw consent at any time (see "Your Rights" below).

We use PostHog for product analytics. PostHog is hosted in the EU (Frankfurt, Germany), meaning your analytics data does not leave the European Economic Area.

What PostHog collects:

• Page views and navigation patterns on the website
• Button clicks and feature usage in the app
• Session recordings on the marketing website (not within your private library)
• Device type, browser, operating system, and screen size

What PostHog does not collect:

• Your library contents (fic titles, URLs, or reading lists)
• Your notes, ratings, or tags
• Your reading progress or position in the in-app reader

PostHog uses cookies to recognize returning visitors and understand usage patterns. You can opt out of PostHog tracking at any time by using the cookie settings on our website or by enabling the "Do Not Track" setting in your browser.

We rely on the following third-party services to operate FicLog. Each processes only the minimum data necessary for its function:

• PostHog (analytics) — EU-hosted (Frankfurt). Collects usage analytics and session data. Privacy Policy
• LemonSqueezy (payment processing) — Processes subscription payments. Receives your billing email and payment information. Privacy Policy
• Cloudflare (hosting & CDN) — Serves our website and API through their global network. May process IP addresses and request metadata for security and performance. Privacy Policy
• Google (social authentication) — If you choose to log in with Google, we receive your name, email, and profile identifier. Privacy Policy
• Facebook/Meta (social authentication) — If you choose to log in with Facebook, we receive your name, email, and profile identifier. Privacy Policy
• Apple (social authentication) — If you choose to log in with Apple, we receive your name (if shared) and email (or a relay address). Privacy Policy

The FicLog browser extension helps you save fics directly from fanfiction websites. Here is exactly what it does and does not do:

• When it activates: Only when you click the "Save to FicLog" button or use the extension popup. It never runs in the background or reads pages automatically.
• What it reads: Metadata from the current fanfiction page — title, author, word count, chapter count, summary, fandom, and URL.
• What it sends: Only the extracted metadata to FicLog servers, authenticated with your account token.
• What it does not do: It does not track your browsing history, read pages you don't explicitly save, or send any data to third parties.

FicLog includes an in-app reader that lets you read fanfiction directly within the app. When you use the reader, we store the following to help you pick up where you left off:

• Your current reading position (chapter and scroll position)
• When you last read each fic
• Automatic reading status updates (e.g., marking a fic as "Reading" when you open it)

This reading progress data is stored in your private library and is never shared with other users or third parties. It is included in data exports if you request one.

We take the security of your data seriously and implement the following measures:

• Encryption in transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
• Password hashing: Passwords are hashed using bcrypt and are never stored in plain text.
• Token security: Authentication tokens are hashed before storage.
• EU hosting: Your data is stored on servers located within the European Union.
• Rate limiting: API endpoints are rate-limited to prevent abuse.
• Access controls: Administrative access to our systems is restricted and logged.

While we use industry-standard security measures, no method of electronic storage or transmission is 100% secure. If you discover a security vulnerability, please report it to support@ficlog.app.

Active accounts: We retain your data for as long as your account is active.

Account deletion: When you delete your account, we permanently delete your library data, reading progress, custom tags, and profile information within 30 days. Some data may persist in encrypted backups for up to 90 days before being purged.

Analytics data: Anonymized analytics data may be retained for up to 12 months after collection for trend analysis.

Payment records: We retain basic transaction records (subscription dates and amounts) for up to 5 years to comply with Romanian tax and accounting regulations.

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of all personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Data Portability: Receive your data in a structured, machine-readable format (CSV export).
• Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
• Right to Object: Object to processing based on legitimate interests, including analytics.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@ficlog.app. We will respond to your request within 30 days.

If you believe we have not handled your data properly, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro, or with your local data protection authority if you are in another EU member state.

We aim to keep your data within the European Economic Area (EEA). Our primary servers and PostHog analytics are hosted in the EU.

However, some third-party services may process data outside the EEA:

• Cloudflare: May route traffic through edge nodes outside the EU for performance reasons. Cloudflare is certified under the EU-US Data Privacy Framework.
• Social login providers: Google, Facebook, and Apple may process authentication data in the US. These transfers are covered by Standard Contractual Clauses or the EU-US Data Privacy Framework.
• LemonSqueezy: May process payment data outside the EU under Standard Contractual Clauses.

In all cases, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V requirements.

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

• Email: support@ficlog.app
• Company: DRUCODE S.R.L., CUI: 52686077
• Address: Jud. Iași, Sat Miroslava, Comuna Miroslava, Strada Alexandru Vlahuță, Nr. 22, Romania