Privacy Policy

Lyfword is a reading platform that turns books into immersive, scroll-driven experiences. This policy explains what data we collect, why we collect it, and your rights over it.

Lyfword is operated from South Africa under POPIA, and where applicable to readers in the EU and UK, GDPR. For data requests or any privacy questions, contact us at hello@lyfword.com — we can put you in touch with the named data controller for any formal request.

You can read every published book on Lyfword without an account. The data we collect depends on what you do.

If you read without signing in

• Anonymous device ID— a random identifier we generate and store in your browser's local storage on first visit. We use it to remember your reading place, highlights, and notes on this device, and to count one reaction per device per book. It is not linked to your name or email.
• Reading events — when you open a book, reach a chapter, share a book, or react to one, we record the event with the anonymous device ID so authors can see how their books are being read.
• Local content — your highlights, notes, and current reading position are stored on your device.

If you sign in

• Account details — your email address, and (if you sign in with Google) your Google display name and profile picture. We use these to identify your account and show your name where appropriate.
• Cross-device library — once signed in, your highlights, notes, and reading positions are uploaded to our backend so they follow you to other devices.
• AI usage logs— when you use Lyfword AI (summarise, character profile, takeaways), we log the call type, the book it was on, and the credit cost. We do not store the model's response back to you.
• Payment metadata — if you make a donation or buy credits, our payment provider returns a transaction ID and status. Card details are handled by the provider; we never see them.

If you join the waitlist

• Email address and any optional fields (name, note about why you're interested). Used only to send you launch updates. One-click unsubscribe is honoured immediately.

• To run the reader: remember your place, sync highlights, show your library.
• To run reader-side AI features when you trigger them.
• To give authors aggregate, non-identifying engagement signals on their books (opens, completion rates, reactions).
• To send you launch and update emails — only if you've joined the waitlist or made a donation. Never marketing emails about anyone else's product.
• To detect and prevent abuse (e.g. cap one reactor per device, cap reader-AI usage per day).

We use a small set of trusted third parties to run Lyfword. Your data passes through them only as needed:

• Supabase — database, authentication, file storage. Hosts your account, library, and waitlist row.
• Anthropic — language model behind Lyfword AI. Receives the book context plus your prompt at the moment you ask. Anthropic does not train on these prompts.
• Replicate— image-generation model used by authors when crafting cinematic scenes. Readers' data does not pass through Replicate.
• Paystack — handles donations and credit purchases. Receives your name, email, and payment details directly; we receive only the transaction status and amount.
• Vercel — hosts the site and serves pages. Collects standard request logs and anonymised analytics (page views, country, browser).
• Google — only if you choose to sign in with Google. Your Google profile email is shared with Lyfword at the moment you click sign-in.

We do not sell your data to anyone. We do not use third-party ad trackers.

• Anonymous device data: as long as you keep the browser storage. Clearing your browser wipes it.
• Account data: until you ask us to delete it. Email hello@lyfword.comfrom your registered email and we'll delete your account, your highlights, your notes, and your AI usage history within 14 days.
• Aggregate, anonymous reading events: kept indefinitely, since they no longer identify you.
• Payment records: kept for 7 years as required by South African tax law.

You can:

• Ask what data we hold about you.
• Ask us to correct anything that's wrong.
• Ask us to delete your account.
• Export your highlights and notes.
• Withdraw consent for marketing emails at any time.

For any of the above, email hello@lyfword.com. South African readers have additional rights under POPIA; readers in the EU and UK under GDPR. We honour both.

Lyfword is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has signed up, email us and we will delete the account.

Connections are encrypted in transit (HTTPS). Account passwords are hashed by Supabase and never visible to us. Payments are tokenised by Paystack. Only a small number of operators have backend access, and access is logged.

If we make material changes we will note them at the top of this page and, where reasonable, email account holders before the change takes effect.

Questions, requests, complaints: hello@lyfword.com.