the legal bit

Privacy Policy

last updated May 1, 2026

reading.pet is a small read-later app. We need a tiny amount of your data to make it work, and we try not to ask for anything else. This page explains exactly what gets collected, where it goes, and how to get rid of it.

If anything below is unclear, write to support@reading.pet and we will explain it in plain words.

What we collect

1. Your Google account basics

When you sign in with Google we ask for the openid, email, and profile scopes. From the ID token Google sends back we store:

  • your Google account ID (a stable identifier so we can recognise you next time)
  • your email address
  • your display name
  • your profile picture URL

That is it. We do not request access to Gmail, Drive, Calendar, contacts, or any other Google service. We never see your Google password. We do not store any tokens that would let us read your inbox or anything else outside this app.

2. The stuff you save

When you add an article we store the URL you give us, the page title and description, a thumbnail URL if the page exposes one, and the parsed reader-mode content of the article. We also store your tags, favourites, read state, archive state, and reading-stat counters.

3. Your preferences

Things like font size, reader theme, app theme, target translation language, and similar settings.

4. Operational logs

Cloudflare (our hosting provider) keeps short-term request logs that include IP address, user agent, and the path you requested. We use these only to debug problems and to rate-limit abusive traffic. We do not run analytics, tracking pixels, or third-party ad scripts.

What we do not collect

  • No advertising identifiers, no ad networks, no fingerprinting.
  • No location beyond what your IP roughly implies in server logs.
  • No contacts, no calendar, no mail, no files from your device.
  • No payment data (the app is currently free).

Why we collect it

  • Sign-in data so you can log in and so your bookmarks belong to you across devices.
  • Articles and tags so we can show them back to you, search them, and sync them.
  • Preferences so the reader looks the way you set it.
  • Logs to keep the service running and to stop abuse.

We do not sell your data. We do not share it with advertisers. We do not train AI models on it.

Where it lives

Everything is hosted on Cloudflare. Specifically:

  • Cloudflare D1 (a managed SQLite database) holds your account, bookmarks, tags, and preferences.
  • Cloudflare R2 (object storage) holds the parsed article content and translations.
  • Cloudflare KV holds short-lived items like rate-limit counters and session lookups.

Cloudflare may process this data in any of their global data centres. Their privacy practices are described at cloudflare.com/privacypolicy.

Third parties we hand data to

  • Google. Only the OAuth handshake when you sign in. We send Google nothing about your saved articles.
  • Cloudflare Workers AI. When you ask for a summary or translation, the relevant article text is sent to a Cloudflare-hosted model (for example llama-3.3-70b). The output is cached so we do not have to send it again. Cloudflare does not use this content to train its models. See Workers AI privacy.
  • Source websites. When you save an article we fetch the page from its original host so we can extract the readable content. That fetch comes from our server, not your browser, so the source site sees our IP, not yours.

Cookies and local storage

We use one essential cookie to keep you signed in (a session token). It is httpOnly and secure, set on this domain only, and removed when you sign out. The browser also stores small bits of data locally so the app can work offline (cached articles, your queued actions). Clearing your browser storage will wipe those.

We do not use any third-party tracking cookies.

How long we keep things

Bookmarks and account data live for as long as your account exists. If you delete your account all of it gets removed. Cloudflare request logs are short-lived (Cloudflare currently keeps them for a few days at most).

Your rights and how to use them

  • Export. The settings page has an export button that downloads your bookmarks.
  • Delete a bookmark. Use the delete action on any article.
  • Delete your account. Settings → account → delete account. This wipes your user record, your bookmarks, your tags, and your preferences.
  • Ask a human. If any of the above is broken, email support@reading.pet and we will sort it out by hand within a reasonable time.

Depending on where you live you may have additional rights under laws like the GDPR (EU/UK) or the CCPA (California). Email us and we will honour any valid request.

Children

reading.pet is not intended for children under 13 (or under 16 in regions where that is the applicable threshold). Do not use the service if you are below the age limit. If you believe a child has signed up, write to us and we will remove the account.

Security

We use Cloudflare for hosting, HTTPS everywhere, OAuth sign-in (so we never see your Google password), and short-lived session tokens. No system is perfectly safe, but we keep the attack surface small on purpose: no payment data, no Google API tokens beyond sign-in, no third-party trackers.

Changes to this policy

If we change anything material we will update the date at the top of this page and, for big changes, show a notice in the app the next time you sign in.

Contact

Questions, requests, complaints, or just hellos: support@reading.pet.