Skip to content
Lesefluss

Legal

Privacy

Last updated: April 2026

TL;DR

Lesefluss is designed to collect as little as possible. The Android app works fully offline - no account needed. This website uses cookieless analytics and sets no tracking cookies. The only cookie you may receive is a login session cookie, and only if you sign in to use cloud sync.

What this site collects

Analytics (anonymous)

Pageviews are logged with a self-hosted Umami instance running on our own server. No cookies are set, no personal data is stored, and data never leaves our infrastructure. Recorded fields: page URL, referrer, browser, OS, device type, country (derived from IP - the IP itself is never saved).

Session cookies

If you sign in (cloud sync), a session cookie is set by Better Auth to keep you logged in. This cookie is strictly necessary to deliver the service you requested (authenticated access) and does not require consent under the ePrivacy Directive / GDPR. It contains no tracking identifiers and is not shared with third parties.

Server logs

Our host may keep short-lived request logs (IP, timestamp, path) for security and abuse prevention. These are not correlated with accounts and are rotated out quickly.

What we store when you sign in

Cloud sync is opt-in. When you create an account, we store:

  • -Account: your email, a hashed password (or OAuth provider ID), and a display name.
  • -Books: title, author, plain-text content, cover image, chapter list, word count, and your reading position - everything the app needs to restore your library on a new device.
  • -Settings: RSVP and reader preferences (speed, theme, font, margins, etc.).
  • -Highlights: the text ranges you highlight, their color, and optional notes.

Your data is stored on a server in the EU and is never sold, shared, or used to train models. Only you can read it.

The Android app

The app runs fully offline by default. Books, settings, and highlights live in a local SQLite database on your device. Nothing leaves the device unless you explicitly sign in to sync. Bluetooth is used only to talk to the optional ESP32 device and transmits nothing to us.

Third parties

  • -Google Sign-In - if you choose to sign in with Google, Google processes the request under its own privacy policy and shares your email address and name with us to create your account. We do not request any other scopes and never act on your behalf with Google services.
  • -Discord Sign-In - if you choose to sign in with Discord, Discord processes the request under its own privacy policy and shares your email address and username with us to create your account. We do not request any other scopes and never act on your behalf with Discord services.
  • -Resend - account emails (verification, password reset) are delivered via Resend, acting as a data processor on our behalf. Only your email address is shared, and only when we send you one of these messages.
  • -GitHub - if you download the APK or view the source, GitHub processes the request under its own privacy policy.
  • -Dictionary lookups - in-app word lookups query a public dictionary API directly from your device. No account or identifier is sent.

There are no advertising networks, no social-media pixels, no third-party analytics.

Your rights

Under GDPR you can request access to, correction of, or deletion of your personal data. For account data, you can delete your account from within the app to purge everything we have on you. For any other request, email privacy@lesefluss.app.

Changes

If we change what the site or app collects, we'll update this page and note it at the top. For significant changes affecting existing users, we'll notify you in-app.