Privacy Policy
MyLibra is built around a small footprint: the app needs to write stories with an AI service and remember them across your devices, and that's effectively all the personal data it touches. This document describes exactly what data MyLibra handles, where it goes, and what choices you have over it.
What we collect (and don't)
What stays on your device
- Every story, chapter, lore entry, bookmark, highlight, and per-story setting you create.
- Your reader preferences (theme, font, narration voice, etc.).
- Your setup-chat history with the AI.
- Cover art generated for your stories.
What syncs through Apple's CloudKit private database
All of the above, replicated across devices you've signed into the same Apple ID. Apple's documentation describes how CloudKit private data is handled — MyLibra reads and writes it but has no separate copy.
What MyLibra's servers receive
If you've opted into anonymous usage metrics, the app sends a small stream of event records to a server we operate. Each event contains only:
- An event name (e.g.,
chapter_completed,choice_picked). - Bounded-cardinality fields like genre buckets, length targets, durations, token counts, error codes.
- A 16-byte HMAC hash of the story ID it relates to (computed locally using a per-device salt; we cannot reverse it).
- An anonymous install ID (a UUID generated per device install, unrelated to your Apple ID or identity).
- The app version, platform, and timestamp.
What we never send
- Story prose, chapter text, summaries, setup-chat messages, choice labels, character names, place names, or any other free-text from your stories.
- Your Apple ID, name, email, or any account-level identifier.
- The contents of free-text responses you type into a story.
The privacy red line is enforced in code: every metrics payload is constructed from a typed schema that only accepts enums, counts, durations, hashed IDs, and short bounded error codes.
What the AI service receives
MyLibra generates prose by sending requests to Google's Gemini API. When you generate a chapter or accept a setup proposal:
- The story summary, configuration (genre, POV, reading level, etc.), prior chapter context, and any choice or response you provided are transmitted to Google's servers to produce the next segment.
- Google's Gemini API has its own data-use policies that govern what they do with that content. Refer to Google's policies before generating content you don't want sent to a third party.
- All requests are routed through a server we operate, which adds a Google API key on the way out. We do not log request bodies.
If this is unacceptable for your use case, MyLibra is not the right tool — generation is intrinsic to the product and cannot be disabled.
Your choices
- Metrics opt-out. Settings → Privacy → "Share anonymous usage data." Toggling this off stops further events being sent and wipes the install ID and salt used for story hashing, so a future opt-in starts a fresh identity space.
- Cancel iCloud sync. Sign out of iCloud or disable iCloud Drive for MyLibra in System Settings; the app falls back to a local-only database.
- Delete all data. Delete the app. Locally cached content is removed by the OS. Anything previously synced to CloudKit will be removed from Apple's servers per Apple's published retention policies; consult Apple's documentation for the current timeline.
- Export a backup. Settings → Backup → "Export library archive." Produces a JSON file of everything you own.
Children
MyLibra includes a "Middle grade" reading level. Use of MyLibra by minors should be supervised by a parent or guardian. We do not knowingly collect personally identifiable information from anyone, including children — see "What we collect" above.
Contact
Questions about this policy: support@mylibraapp.com.
If you opted into metrics, this policy describes the maximum scope of what we receive. We will update this document and reset the metrics consent prompt if the scope materially expands.