This Privacy Policy describes how PenEarn ("we", "us", "our") collects, uses, and shares personal information when you use our website, services, and applications (the "Service"). By using PenEarn, you agree to the practices described here.
1. Information We Collect
Information You Provide
- Account information — your email address, username, display name, and password (stored as a one-way hash; we never store your raw password).
- Profile information — bio, country, website, social links, gender, avatar image, banner image, and any other content you add to your profile.
- Content you publish — books, chapters, comments, reviews, and any images or text you upload.
- Payment information — when you purchase virtual currency, our payment processor receives your card details. We receive only a transaction reference and the amount; we do not see your full card number.
- Communications — emails or messages you send us (e.g., to support).
Information Collected Automatically
- Activity data — books you bookmark, chapters you read, time spent reading, comments and likes you give, gifts sent and received.
- Engagement data — Aura points, ranking position, awards/badges earned. This data is intentionally public on your profile and the rankings page.
- Device and log information — IP address, browser type, operating system, referring URL, and access timestamps.
- Cookies and auth tokens — we store a session cookie (
penhub_auth_token) and a small user-info cookie (penhub_user) to keep you signed in.
Information from Third Parties
If you sign in with Google or Twitter (X), we receive basic profile information from those providers (typically your email and display name) according to the permissions you grant. We do not receive your password.
2. How We Use Information
- Provide, operate, and improve the Service.
- Authenticate you and keep your account secure.
- Display your profile, books, comments, and rankings to other users as configured.
- Send transactional emails (password reset, account suspension/reinstatement notices, important changes).
- Process virtual currency purchases, gifts, and withdrawals.
- Detect and prevent fraud, abuse, and violations of our Terms of Service.
- Compute Aura points, badges, and leaderboard positions.
- Respond to your inquiries and provide customer support.
- Comply with legal obligations.
3. How We Share Information
We do not sell your personal information. We share information in these limited circumstances:
- Public profile data — your username, avatar, banner, bio, books, public comments, badges, and ranking are visible to anyone who visits the Service.
- Service providers — vendors who help us operate the Service (storage, hosting, email delivery, payment processing). They process data on our behalf under confidentiality obligations.
- Legal compliance — when required by law, court order, or to protect the rights, property, or safety of PenEarn, our users, or the public.
- Business transfers — if PenEarn is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.
- With your consent — for any other purpose, with your explicit consent.
4. Third-Party Services
PenEarn relies on the following third-party services to operate. Each has its own privacy policy that governs its use of data:
- MongoDB Atlas — database hosting (your data is stored encrypted at rest).
- Contabo Object Storage — file storage for avatars, banners, book covers, and other uploads.
- Google OAuth — optional sign-in.
- Twitter (X) OAuth — optional sign-in.
- Email delivery (SMTP) — transactional emails such as password resets.
- Payment processors — for purchases of virtual currency.
5. Cookies & Local Storage
We use cookies and similar technologies to keep you signed in and to remember your preferences. Specifically:
penhub_auth_token— an HTTP-only cookie containing your authentication token. Required to use the Service when signed in.penhub_user— a non-sensitive cookie storing your username, id, and role so the UI can render without round-tripping.
You can clear cookies through your browser settings, but doing so will sign you out and may prevent you from using the Service.
6. Data Retention
We retain account data for as long as your account is active. When you delete your account:
- Your profile, bio, avatar, banner, and bookmarks are removed.
- Books and chapters you published are removed (subject to the rights of readers who have purchased access).
- Comments and reviews you posted may remain visible but disassociated from your identity, or may be removed at your request.
- Transaction records may be retained for tax, accounting, and fraud-prevention purposes for the period required by law.
- Server logs containing IP addresses are typically retained for up to 30 days.
7. Your Rights & Choices
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information (you can edit most of your profile yourself at /dashboard/settings).
- Delete your account and associated personal data.
- Object to or restrict certain processing.
- Export a copy of your data in a portable format.
- Withdraw consent where processing is based on consent.
To exercise these rights, email us at support@penearn.com. We will respond within a reasonable time, typically 30 days.
8. Security
We take reasonable measures to protect your information, including encryption in transit (HTTPS), hashed passwords, and access controls on our infrastructure. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you in accordance with applicable law.
9. Children's Privacy
PenEarn is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us and we will take steps to delete it. Users between 13 and the age of majority in their jurisdiction must have parental or guardian consent.
10. International Users
PenEarn is operated globally. By using the Service, you understand that your personal information may be transferred to, processed, and stored in countries outside your country of residence, where data-protection laws may differ. We take steps to ensure appropriate safeguards are in place for international transfers.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or via an in-app notice before they take effect. The "Last updated" date at the top indicates when the policy was last revised.
12. Contact
For questions about this Privacy Policy or our data practices, email us at support@penearn.com.