Privacy Policy

Last Updated: December 12, 2025

1. Introduction

BurnOnRead ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address and password when you create an account
  • Secret Content: The encrypted messages you create through the Service
  • Payment Information: Payment details are collected and processed by Stripe (not stored by us)

2.2 Automatically Collected Information

  • Usage Data: IP address, browser type, device information, and pages visited
  • Cookies: We use authentication cookies to maintain your logged-in session
  • Log Data: Server logs that include timestamps and request details

2.3 Information From Third Parties

  • Payment Provider (Stripe): Subscription status and payment confirmation

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide the Service: Process and encrypt your secrets, manage user accounts
  • Authentication: Verify your identity and maintain session security
  • Payment Processing: Handle subscription billing and upgrades
  • Service Improvement: Analyze usage patterns to improve functionality
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Comply with legal obligations and enforce our Terms of Service
  • Communications: Send service-related notifications and updates

4. How We Protect Your Information

4.1 Encryption

All secrets are encrypted using AES-256-GCM encryption before being stored. We use a server-side encryption key that is never transmitted to clients.

4.2 Secure Transmission

All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.

4.3 Access Controls

Access to user data and encryption keys is restricted to authorized personnel only.

4.4 Automatic Deletion

Secrets are automatically and permanently deleted after viewing or expiration. We cannot recover deleted secrets.

5. Data Retention

  • Secrets: Deleted immediately after viewing or upon expiration (15 minutes to 7 days depending on settings)
  • Account Data: Retained until you request account deletion
  • Payment Records: Retained as required by law (typically 7 years for tax purposes)
  • Server Logs: Retained for 90 days for security and debugging purposes

6. Information Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties except in the following circumstances:

6.1 Service Providers

  • Stripe: Payment processing for Pro subscriptions
  • Hosting Provider: Infrastructure for running the Service

6.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

6.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6.4 Consent

We may share information with your explicit consent.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 Access and Portability

You have the right to request a copy of the personal data we hold about you.

7.2 Correction

You have the right to request correction of inaccurate personal data.

7.3 Deletion

You have the right to request deletion of your personal data, subject to legal retention requirements.

7.4 Objection and Restriction

You have the right to object to processing of your personal data or request restriction of processing.

7.5 Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time.

To exercise these rights, contact us at privacy@burnonread.com

8. Cookies and Tracking

Essential Cookies: We use session cookies to maintain your logged-in state. These are essential for the Service to function.

Analytics: We may use analytics tools to understand how users interact with the Service. You can opt-out by using browser settings or privacy extensions.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Children's Privacy

The Service is not intended for users under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or sending an email. The "Last Updated" date at the top of this policy indicates when it was last revised.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to deletion
  • Right to non-discrimination for exercising CCPA rights

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Legal basis for processing: Consent, contract performance, legitimate interests, legal obligations
  • Right to lodge a complaint with your local data protection authority
  • Data Protection Officer contact: dpo@burnonread.com

14. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:

Email: privacy@burnonread.com

Address: [Your Business Address]

← Back to Home