1. Introduction

The Open Shelf Library is a community lending library serving Hebrew-language readers in the greater Boston area and surrounding communities. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, mobile application, and book borrowing service.

We are committed to protecting your privacy and being transparent about our data practices. We are a volunteer-run community project operated by Ayelet Geri, based in Massachusetts, United States, with plans to incorporate as a non-profit organization.

2. Information We Collect

2.1 Information from Google Sign-In

When you sign in using your Google account, we receive and store the following information:

• Your display name, email address, and profile photo URL from your Google profile.
• Your Google account identifier, which links your Google account to your library account.
• Session credentials needed to maintain your signed-in session (for example, a short-lived access token or ID token and expiration). We do not store Google refresh tokens.

If you sign in through our mobile app, the same core fields (email, name, profile photo, and Google account identifier) are extracted from the Google ID token.

2.2 Membership Information

When you apply for or maintain a library membership, we may collect additional information beyond what Google provides:

• First and last name (which may differ from your Google display name).
• Phone number (optional).
• Physical address (optional).
• A membership ID, which is automatically generated when your membership is created.
• Membership type (such as regular, premium, or student) and membership status.
• The date you joined and, if applicable, your membership expiry date.

If you submit a membership application, the information in that application (name, phone, address) is also stored as part of the application record.

2.3 Library Activity

When you use the lending service, we collect and retain the following information:

• Books you currently have on loan, including loan dates and due dates.
• Your complete loan history, including past borrows, return dates, and renewal counts.
• Waitlist and hold requests you place, including your position in the queue and the status of each request.
• Loan requests for restricted books, including the approval status.

We also maintain an activity log that records actions taken on your account (such as loans created, membership updates, and status changes) along with timestamps and details of what changed. This log is used for administrative purposes and to resolve disputes.

2.4 Information Collected Automatically

Analytics (consent-gated): We use PostHog for usage analytics. PostHog tracking is disabled by default and only activates after you grant measurement consent through our cookie banner. When enabled, PostHog collects pageviews, page leave events, and general interaction patterns. We link analytics to your account using an internal user ID; we do not send PostHog your email address or name. PostHog data is processed on PostHog's servers in the United States.

Performance monitoring (always active): We use Vercel Web Analytics and Vercel Speed Insights to monitor website performance, including page load times and core web vitals. These tools do not use cookies and are designed for performance measurement rather than advertising. They may collect limited technical data (such as page URL, device/browser information, and performance metrics) to help us understand reliability and performance. They are active for all visitors regardless of cookie consent preferences.

2.5 Cookies and Local Storage

Our website uses the following cookies:

• Session cookie (next-auth.session-token): An essential, secure, HTTP-only cookie that keeps you signed in. Expires after 24 hours.
• Site access cookie (site_access): Used during pre-launch periods to manage access to the site. Secure, HTTP-only. Expires after 7 days.
• Consent preferences cookie: Stores your cookie consent choices. Managed by our consent library (c15t).
• PostHog cookie (ph_phc_*): Set only after you consent to measurement cookies. Used for analytics session tracking.

In addition to cookies, we store a visitor identifier (osl_visitor_id) in your browser's local storage. This is an anonymous, randomly generated ID used to link your consent preferences before you sign in. After consent, PostHog may also use local storage to maintain session data.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To create and manage your library account and membership.
• To process book loans, returns, renewals, holds, and related library transactions.
• To communicate with you about your account, loans, or changes to the service.
• To review and process membership applications.
• To improve the website and the service based on usage patterns (when you have consented to analytics).
• To monitor website performance and ensure the service is running properly.
• To maintain an administrative record of library activity for operational and dispute resolution purposes.
• To maintain the security and integrity of the service.

We do not sell your personal information. We do not use your information for advertising purposes. No advertising networks or ad-related services are integrated into our website or app.

4. How We Share Your Information

We share your information with the following third-party services, each of which is necessary to operate the service:

Google (authentication)

When you sign in, Google confirms your identity to us. Google's handling of your data is governed by Google's Privacy Policy.

Supabase (database hosting)

All application data, including your account information, membership details, and library activity, is stored in a PostgreSQL database hosted by Supabase on Amazon Web Services in the US-East-1 region.

Google Cloud Storage (image storage)

Book cover photos captured through our mobile app are stored in Google Cloud Storage. These images are intended to be photos of books. Please avoid including people or other personal information in photos. If personal information is captured incidentally, we handle it under this policy and will delete it upon request where feasible.

PostHog (analytics, consent-gated)

When you consent to measurement cookies, we send PostHog an internal user ID and usage data. We do not send PostHog your email address or name. PostHog processes this data on servers in the United States. PostHog's data practices are governed by PostHog's Privacy Policy.

Vercel (hosting and performance monitoring)

Our website is hosted on Vercel, which collects anonymous performance metrics. Vercel's data practices are governed by Vercel's Privacy Policy.

National Library of Israel and Google Books (book metadata)

When we look up book information, we send search queries (such as ISBN numbers or book titles) to the National Library of Israel's catalog API and Google Books API. These queries contain book identifiers only, not your personal information.

We do not use any email marketing services, payment processors, or advertising networks. We may share information if required by law or to protect the rights and safety of our users and the project.

5. Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase on Amazon Web Services in the US-East-1 (Northern Virginia) region. Database connections are pooled through PgBouncer for security and performance.

Book cover images are stored in Google Cloud Storage.

Session credentials are stored on our servers (not in your browser) and are protected with access controls. We do not store Google refresh tokens.

We take reasonable measures to protect your personal information from unauthorized access, loss, or misuse. However, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

6. Data Retention and Deletion

We retain personal information only as long as needed to operate the library, keep records, and meet legal, security, or administrative needs. In general: (a) account/profile information is kept while your account is active; (b) loan and reservation records are kept while active and for up to 2 years after a book is returned or a reservation is closed; (c) activity logs are kept for up to 2 years; and (d) cookie-consent records are kept for up to 2 years. After these periods, we delete the records or de-identify them so they are no longer associated with you.

Account deletion: You can close your account through the app (or by contacting us at openshelflibrary@gmail.com). We offer two levels of deletion:

• Standard deletion: Your membership is disabled and you will no longer be able to use the service. You must return all outstanding books before we can complete deletion. We remove or de-identify direct identifiers (such as email, name, phone, address, profile photo, and Google account identifier) from your account. We may retain de-identified loan and activity records for library administration and dispute resolution. These retained records are de-identified and do not contain personal identifiers such as names, email addresses, or contact information. They may retain internal record references for data integrity.
• Full deletion: Upon request, we delete your membership record and remove personal identifiers from our systems. Where feasible, we also delete or de-identify associated loans, reservations, and activity logs so they are no longer linked to you.

Cookie consent records are retained for up to 2 years for compliance documentation purposes.

Backups and residual copies: Our database hosting provider (Supabase) maintains automated backups. Backup retention depends on our hosting plan (typically 7–30 days). Deleted data may persist in backups until the backup expires. Backups are isolated, access-restricted, and not used for active processing except for disaster recovery.

7. Your Rights

Depending on where you live, you may have certain rights regarding your personal information, including:

• The right to access the personal information we hold about you.
• The right to correct inaccurate information.
• The right to request deletion of your information (see Section 6).
• The right to withdraw consent for non-essential data processing, such as analytics cookies, at any time through the cookie settings on our website.
• The right to receive a copy of your personal data in a portable format.

To exercise any of these rights, please contact us at openshelflibrary@gmail.com. We will respond to your request within 30 days.

8. Children's Privacy

Our service requires users to be at least 13 years old (or the minimum age required to manage a Google Account in your country, whichever is higher) to create an account. We do not knowingly collect personal information from children below that age.

Children under 13 are welcome to borrow books through a parent or guardian's account. In that case, we do not collect or store any personal information about the child.

If we learn that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has created an account or provided us with personal information, please contact us at openshelflibrary@gmail.com.

9. International Users

The Open Shelf Library is operated from the United States. All data is stored and processed in the United States (primarily in the US-East-1 region). If you are accessing the service from outside the United States, please be aware that your information will be transferred to and stored in the United States, where data protection laws may differ from those in your country.

For users in the European Economic Area (EEA), United Kingdom, or other regions with comprehensive data protection laws: we process your data on the basis of your consent (for analytics and non-essential cookies), legitimate interest (for service improvement and security), and contractual necessity (for account management and library operations). You may withdraw your consent for non-essential processing at any time.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this document. For significant changes, we will notify you through the website or by email.

We encourage you to review this policy periodically to stay informed about how we protect your information.

11. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at openshelflibrary@gmail.com.