Skip to content
Lesefluss

Legal

Privacy

Last updated: May 2026

TL;DR

Lesefluss is designed to collect as little as possible. The Android app works fully offline - no account needed. This website uses cookieless analytics and sets no tracking cookies. The only cookie you may receive is a login session cookie, and only if you sign in to use cloud sync.

What this site collects

Analytics (anonymous)

Pageviews are logged with a self-hosted Umami instance running on our own server. No cookies are set, no personal data is stored, and data never leaves our infrastructure. Recorded fields: page URL, referrer, browser, OS, device type, country (derived from IP - the IP itself is never saved).

Session cookies

If you sign in (cloud sync), a session cookie is set by Better Auth to keep you logged in. This cookie is strictly necessary to deliver the service you requested (authenticated access) and does not require consent under the ePrivacy Directive / GDPR. It contains no tracking identifiers and is not shared with third parties.

Server logs

Our host may keep short-lived request logs (IP, timestamp, path) for security and abuse prevention. These are not correlated with accounts and are rotated out quickly.

Error diagnostics

If error reporting is enabled, browser and server errors are sent to a self-hosted GlitchTip instance on our own infrastructure. Reports contain technical diagnostics such as the error message, stack trace, app version, browser, operating system, and affected page. We do not enable session replay, performance tracing, profiling, tracking cookies, or default collection of personal data.

What we store when you sign in

Cloud sync is opt-in. When you create an account, we store:

  • -Account: your email, a hashed password (or OAuth provider ID), and a display name.
  • -Books: title, author, plain-text content, cover image, chapter list, word count, and your reading position - everything the app needs to restore your library on a new device.
  • -Settings: RSVP and reader preferences (speed, theme, font, margins, etc.).
  • -Highlights: the text ranges you highlight, their color, and optional notes.

Your data is stored on a server in the EU and is never sold, shared, or used to train models. Only you can read it.

The Android app

The app runs fully offline by default. Books, settings, and highlights live in a local SQLite database on your device. Nothing leaves the device unless you explicitly sign in to sync. Bluetooth is used only to talk to the optional ESP32 device and transmits nothing to us.

Browser extension

The Chrome/Firefox extension is optional and only works after you sign in. It stores your Lesefluss session token and account email in browser extension storage so it can import articles into your cloud library without asking you to sign in every time.

When you click Save this page or use the selection context menu, the extension reads the current page URL, page title, and the readable article HTML or selected HTML. That content is sent to Lesefluss only for the page or selection you explicitly save, converted to plain text, and stored as a book in your synced library. The extension also checks the active tab URL against your library to show whether the page was already saved.

The extension does not run analytics, does not collect browsing history, does not capture pages automatically, and does not sell or share extension data. You can remove imported articles or delete your account from Lesefluss to delete synced extension imports.

Third parties

  • -Google Sign-In - see the dedicated Google user data section below for a full disclosure of what we receive from Google, how we use it, and how it is stored.
  • -Discord Sign-In - if you choose to sign in with Discord, Discord processes the request under its own privacy policy and shares your email address and username with us to create your account. We do not request any other scopes and never act on your behalf with Discord services.
  • -Resend - account emails (verification, password reset) are delivered via Resend, acting as a data processor on our behalf. Only your email address is shared, and only when we send you one of these messages.
  • -GitHub - if you download the APK or view the source, GitHub processes the request under its own privacy policy.
  • -Dictionary lookups - in-app word lookups query a public dictionary API directly from your device. No account or identifier is sent.

There are no advertising networks, no social-media pixels, no third-party analytics.

Google user data

This section describes how Lesefluss accesses, uses, stores, and shares Google user data, in accordance with the Google API Services User Data Policy, including the Limited Use requirements.

What we access

When you choose to sign in with Google, we use Google's standard OAuth 2.0 sign-in flow with only the following default scopes:

  • -openid - your Google account identifier (sub) so we can recognise returning users.
  • -email - your Google account email address and whether it is verified.
  • -profile - your display name and profile picture URL.

We do not request any other Google OAuth scopes. Lesefluss never accesses Gmail, Google Drive, Contacts, Calendar, Photos, YouTube, or any other Google service on your behalf, and never reads, writes, or modifies any data in your Google account.

How we use it

The data received from Google is used exclusively to:

  • -Create your Lesefluss account on first sign-in and link subsequent sign-ins to the same account.
  • -Authenticate you and maintain your signed-in session so cloud sync (books, settings, highlights) works across devices.
  • -Display your name or email in the app UI (e.g. on your profile page) and send you transactional account emails such as email verification and password reset.

Google user data is never used for advertising, never sold, never shared with third parties for their own purposes, and never used to train AI or machine-learning models.

How we store it

Your Google account identifier, email, name, and profile picture URL are stored in our authentication database (PostgreSQL, hosted in the EU) alongside your Lesefluss account. Access is restricted to the Lesefluss backend and the project maintainer. We do not store Google OAuth refresh tokens beyond what Better Auth needs to keep your session valid, and we do not request offline access.

How we share it

We do not share Google user data with any third party. The only processors involved are: our EU database host (storage), and Resend (transactional email delivery - only your email address, only when sending you an account email). Both act solely on our behalf under data processing terms.

Retention and deletion

Google user data is retained for as long as your Lesefluss account exists. You can delete your account at any time from within the app; doing so permanently erases your account record (including the Google-provided identifier, email, name, and picture URL) as well as any synced books, settings, and highlights. You can additionally revoke Lesefluss's access from your Google Account permissions page.

Your rights

Under GDPR you can request access to, correction of, or deletion of your personal data. For account data, you can delete your account from within the app to purge everything we have on you. For any other request, email privacy@lesefluss.app.

Changes

If we change what the site or app collects, we'll update this page and note it at the top. For significant changes affecting existing users, we'll notify you in-app.