Legal
Privacy & Cookie Policy
Last updated: March 2026
This policy covers all personal data collected by Litloop — including the website at www.litloop.co, our mailing list, and the Litloop reading app (when launched). We are committed to being transparent about what we collect, why, and how you can control it.
1. Who we are
Litloop is operated by Ben Luxon, based in the United Kingdom. For the purposes of UK GDPR and the Data Protection Act 2018, Ben Luxon is the data controller for personal data collected through this website and the Litloop app.
If you have questions about this policy or how we handle your data, contact us at the address in the Contact section below.
2. What data we collect
We collect different data depending on how you interact with us. Here is a summary before we go into detail:
| Where | Data collected | Legal basis |
|---|---|---|
| Website (all visitors) | Anonymised analytics (pages visited, browser type, approximate location) | Legitimate interest / consent for analytics cookies |
| Mailing list sign-up | Email address, sign-up source | Consent |
| Free downloads | Email address | Consent |
| Litloop app — account | Email address, username, profile information you choose to add | Contract (account creation) |
| Litloop app — reading data | Books you log, reading goals, reviews, ratings, reading progress | Contract (core app functionality) |
| Litloop app — social features | Messages sent to friends, recommendations sent, comments on reviews | Contract (core app functionality) |
3. Website & blog
When you visit www.litloop.co we collect anonymised analytics data through Google Analytics. This tells us which pages were visited, roughly where visitors are located (country/region level), what device and browser were used, and how long was spent on the site. This data does not identify you personally.
Analytics cookies are only set with your consent via our cookie banner. If you decline analytics cookies, no tracking data is collected. You can change your preference at any time by clearing your cookies and revisiting the site.
The site is hosted on GitHub Pages. GitHub may collect limited server log data (IP addresses, request timestamps) as part of normal hosting operations. See GitHub's privacy statement for details.
4. Mailing list & free downloads
When you sign up for the Litloop waitlist, our newsletter, or a free download, you provide your email address. This is processed by MailerLite, our email service provider. By signing up you consent to:
- Receiving the content you signed up for (waitlist confirmation, newsletter, or download link)
- Occasional emails about Litloop — updates, new blog posts, and the app launch
We will never sell your email address or share it with third parties for marketing purposes. Every email includes an unsubscribe link. You can also request deletion of your data at any time by contacting us.
MailerLite processes email data on servers within the EU and is GDPR-compliant. See MailerLite's privacy policy for full details.
5. Litloop app
The Litloop app is currently in development. This section describes how we intend to handle your data when the app launches. We will update this policy before launch with any changes.
5.1 Account data
To use the Litloop app you will create an account. We collect your email address and chosen username. You may optionally add a profile photo and short bio — this information is visible to your friends within the app. We do not require your real name.
5.2 Reading data
The core function of the app is to track your reading. This includes books you mark as currently reading, finished, or want to read; your reading goals and progress; ratings and written reviews; and any private reading notes you choose to add.
Your reading data is private by default. You control what is visible to friends. Private notes are only ever visible to you.
5.3 Social features
Litloop is built around sharing books with friends. Social features include sending book recommendations to specific friends (with an optional personal note), receiving recommendations from friends, direct messages between friends about a specific book, comments on friends' reviews, and seeing which friends have read the same book.
Content you share through social features (recommendations, messages, comments) is visible to the intended recipient(s) only. We do not have public profiles or public feeds — Litloop is a private social network, not a public one.
5.4 How we use app data
We use your reading data to provide the core app functionality — tracking, recommendations, and social features. We also use aggregate, anonymised reading data to generate personalised book recommendations. We do not sell your reading data. We do not use your reading history for advertising purposes. We do not share individual reading data with publishers, retailers, or other third parties.
5.5 App data storage
App data is stored securely using Supabase, a GDPR-compliant database provider. Data is stored on servers within the EU. Supabase implements encryption at rest and in transit. See Supabase's privacy policy for details.
6. How we use your data
We process personal data only for the purposes described above and only where we have a lawful basis to do so. In summary:
- To provide the service — operating the app, delivering emails you've asked for, enabling the features you use
- To improve the service — understanding how the site and app are used so we can make them better (always aggregated and anonymised)
- To communicate with you — sending app updates, launch announcements, or responding to queries you send us
- To comply with the law — where we are required to process or retain data by applicable legislation
We do not use your data for automated decision-making or profiling in ways that have a legal or similarly significant effect on you.
7. Who we share data with
We share personal data only with the following categories of third-party processors, and only to the extent necessary to provide the service:
| Provider | Purpose | Location |
|---|---|---|
| MailerLite | Email delivery — newsletter, waitlist, downloads | EU |
| Supabase | App database — accounts, reading data, messages | EU |
| Google Analytics | Anonymised website analytics (consent only) | US (SCCs in place) |
| GitHub Pages | Website hosting | US (SCCs in place) |
We do not sell personal data. We do not share personal data with advertisers. We do not share individual reading or social data with publishers, retailers, or any other commercial third parties.
8. Your rights
Under UK GDPR you have the following rights in relation to your personal data:
- Right of access — you can request a copy of the personal data we hold about you
- Right to rectification — you can ask us to correct inaccurate data
- Right to erasure — you can ask us to delete your data ("right to be forgotten"). For app users this will permanently delete your account and all associated reading data.
- Right to restrict processing — you can ask us to pause processing your data in certain circumstances
- Right to data portability — you can request your data in a machine-readable format. App users will be able to export their reading data directly from the app.
- Right to object — you can object to processing based on legitimate interest, including analytics
- Right to withdraw consent — where processing is based on consent (analytics cookies, mailing list), you can withdraw at any time without affecting prior processing
To exercise any of these rights, contact us at the address in the Contact section. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
9. Cookies
Cookies are small text files stored on your device. We use them as follows:
Essential cookies
| Cookie | Purpose | Duration |
|---|---|---|
cookie-consent |
Stores your cookie preference so we don't ask again | 1 year |
Analytics cookies (consent required)
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
_ga |
Google Analytics | Distinguishes users for traffic analysis | 2 years |
_ga_* |
Google Analytics | Maintains session state | 2 years |
Third-party cookies
Amazon affiliate links may cause Amazon to set cookies to track purchases for commission purposes. We have no control over these cookies. See Amazon's Cookie Notice.
Managing cookies
You can accept or decline non-essential cookies via our cookie banner when you first visit. You can change your preference by clearing cookies in your browser and revisiting. Most browsers also allow you to block or delete cookies in settings. You can opt out of Google Analytics specifically using the Google Analytics Opt-out Add-on.
10. Data retention
We retain personal data for as long as necessary to provide the service and comply with our legal obligations:
- Mailing list — until you unsubscribe or request deletion
- App accounts — until you delete your account, after which data is purged within 30 days
- Analytics data — up to 26 months (Google Analytics default), fully anonymised
- Server logs — typically 30–90 days as part of normal hosting operations
11. Changes to this policy
We may update this policy as the service develops — particularly when the Litloop app launches. We will notify mailing list subscribers of material changes. The date at the top of this page indicates when it was last updated. Continued use of the site or app after changes are posted constitutes acceptance of the updated policy.
12. Contact
For any questions about this policy, to exercise your data rights, or to report a data concern:
Litloop / Ben Luxon
Email: privacy@litloop.co
Website: www.litloop.co
You also have the right to complain to the Information Commissioner's Office if you are unhappy with how we have handled your data.