Legal

Effective date: April 18, 2026

Privacy Policy

1. Overview

The Lettween Collection ("we", "us", or "our") operates a private, invitation-only web application for managing a personal rare book collection. This Privacy Policy explains what personal information we collect, how we use it, and the choices you have. By using this application, you agree to the collection and use of information as described in this policy.

2. Information We Collect

We collect the following categories of personal information:

  • Account information: your name, email address, and a hashed version of your password when you register or are invited.
  • Mobile phone number: if you enable two-factor authentication, we collect and store your mobile phone number to send one-time verification codes.
  • Device information: if you choose "Remember this device", we store a hashed token linked to your browser to avoid repeated 2FA prompts for 30 days.
  • Usage and activity data: we maintain an audit log of actions you take within the application (e.g., creating, editing, or deleting records) associated with your account for security and accountability purposes.
  • Technical data: IP addresses and browser user-agent strings may be collected for rate-limiting and security purposes.

3. How We Use Your Information

We use the information we collect to:

  • Authenticate you and maintain your session securely.
  • Send SMS verification codes when two-factor authentication is enabled.
  • Maintain audit logs for security and administrative review.
  • Protect the application against unauthorized access and abuse.
  • Comply with applicable legal obligations.

We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not use your information for advertising.

4. Third-Party Services

We use the following third-party services that may process your data:

  • Twilio: used to deliver SMS one-time codes when two-factor authentication is enabled. Your phone number is transmitted to Twilio solely for this purpose. Twilio's privacy policy is available at twilio.com/legal/privacy.
  • Supabase / PostgreSQL: your data is stored in a hosted PostgreSQL database. Data is encrypted at rest and in transit.
  • Vercel: the application is hosted on Vercel's infrastructure. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.

5. Data Retention

We retain your account information for as long as your account is active. Audit logs are retained for a minimum of one year for security purposes. If your account is deleted, your personal information is removed from active databases within 30 days, except where retention is required by law or legitimate business interest.

6. Security

We take reasonable technical and organizational measures to protect your information, including password hashing (bcrypt), encrypted connections (TLS), and session-based authentication. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete the personal information we hold about you. To exercise these rights, contact the application administrator. We will respond to verifiable requests within 30 days.

8. Cookies and Local Storage

We use session cookies necessary for authentication. If you choose "Remember this device" for two-factor authentication, we store a device token in your browser's local storage. We do not use cookies for tracking or advertising.

9. Children's Privacy

This application is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The effective date at the top of this page will reflect the most recent revision. Continued use of the application after changes are posted constitutes acceptance of the updated policy.

11. Contact

For questions or concerns about this Privacy Policy, please contact the application administrator.

Terms of Service

1. Acceptance of Terms

By accessing or using The Lettween Collection application ("Service"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the Service. Access is limited to authorized, invited users only.

2. Eligibility and Access

Access to the Service requires an invitation from an administrator. You must be at least 13 years of age to use the Service. Account credentials are personal and non-transferable. You are responsible for maintaining the confidentiality of your credentials and for all activity under your account.

3. Permitted Use

The Service is provided solely for managing the Lettween rare book collection. You agree to use the Service only for its intended purpose and in compliance with all applicable laws and regulations. You agree not to:

  • Attempt to gain unauthorized access to any part of the Service or its systems.
  • Introduce malware, viruses, or other harmful code.
  • Scrape, copy, or redistribute data from the Service without authorization.
  • Use the Service for any unlawful or fraudulent purpose.
  • Interfere with or disrupt the integrity or performance of the Service.

4. User Content

You retain ownership of content you enter into the Service (such as book records and notes). By entering content, you grant us a limited license to store and display it solely for the purpose of operating the Service. You are responsible for ensuring that content you submit is accurate and does not violate any third-party rights.

5. Account Suspension and Termination

We reserve the right to suspend or terminate your account at any time, with or without notice, if we determine that you have violated these Terms or if continued access poses a security risk. Upon termination, your right to use the Service ceases immediately.

6. Availability

We do not guarantee that the Service will be available at all times or free from errors. We may suspend the Service for maintenance, upgrades, or other reasons without prior notice. We are not liable for any loss or inconvenience caused by downtime.

7. Disclaimer of Warranties

The Service is provided "as is" and "as available" without warranties of any kind, either express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement. We do not warrant that the Service will be uninterrupted, error-free, or free of harmful components.

8. Limitation of Liability

To the fullest extent permitted by applicable law, we shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of data, loss of profits, or business interruption, arising from your use of or inability to use the Service, even if we have been advised of the possibility of such damages.

9. Indemnification

You agree to indemnify and hold harmless The Lettween Collection and its operators from any claims, damages, losses, or expenses (including reasonable legal fees) arising out of your use of the Service or violation of these Terms.

10. Governing Law

These Terms are governed by and construed in accordance with the laws of the jurisdiction in which the operator resides, without regard to its conflict of law provisions. Any disputes arising under these Terms shall be resolved in the courts of that jurisdiction.

11. Changes to Terms

We reserve the right to modify these Terms at any time. The effective date at the top of this page will be updated accordingly. Continued use of the Service after changes are posted constitutes your acceptance of the revised Terms.

12. Contact

For questions about these Terms, please contact the application administrator.

© 2026 The Lettween Collection. All rights reserved.