Privacy Policy

1. Who’s responsible

Penworth AI (A.C.N. 675 668 710 PTY LTD), Adelaide, South Australia, is the data controller for store.penworth.ai. Contact: privacy@penworth.ai.

2. What we collect

When you create an account: email, display name, country, preferred language.

When you buy or subscribe: payment method details (handled by Stripe, never stored by us — we keep the last 4 digits and the Stripe customer ID only), purchase history, refund history.

When you read or listen: which books you’ve opened, how far you’ve progressed, your bookmarks and highlights. This is used to sync progress across your devices and for your personal reading history. It is not used for advertising. It is never sold.

When you publish as an author: legal name, payout bank/wallet details (encrypted and used only for payouts), tax ID where required, book metadata and files.

Technical: IP address, browser user-agent, server logs. Kept 90 days for security and abuse investigation. Not linked to your account analytically.

3. What we share with authors

Authors receive aggregated, non-identifying information about their books: total purchases, country-level breakdowns, and ebook reading completion rates (not per-reader). They do not receive your email, your name, your location beyond country, or any identifier that connects a purchase to you as a person.

If you choose to leave a public review, your display name is associated with that review and visible to everyone including the author. That is the only path by which an author sees a name connected to a reader, and only if you opt in by writing a review.

4. What we never do

• We never sell or rent your personal data to anyone.
• We never share your email or name with authors or any third party for marketing.
• We never run behavioural advertising on reading or listening pages.
• We never share your reading history with third parties.
• We do not train AI models on your private reading data.

5. Third parties we use

• Stripe — reader purchase processing. Their privacy policy: stripe.com/privacy.
• Wise — author royalty payouts. We share author name, country, and payout amount; we do not share reader or sales data. Their privacy policy: wise.com/legal/privacy-policy.
• Supabase — our database and authentication backend. Data hosted in the region selected at account creation.
• Vercel — hosting. Global edge delivery for cached content only.
• Anthropic Claude API — AI features when you opt in (e.g. AI-assisted metadata generation for authors). No reader data is sent.
• AI voice providers you supply (ElevenLabs, OpenAI, Azure, etc.) — used only when authors bring their own API key to generate audiobook narration.

6. Your rights

Regardless of where you live, you have these rights on Penworth Store:

• Access — download everything we have about you at /account/settings.
• Correction — edit your profile any time.
• Deletion — permanently delete your account at /account/delete. Your reader account, reviews, and reading history are erased. Purchase records are anonymised but retained for 7 years for Australian financial record-keeping law.
• Portability — export your data in JSON via the settings page.
• Objection — email privacy@penworth.ai.

GDPR (EU/UK), PIPEDA (Canada), CCPA (California), PDPA (Singapore), APP (Australia), and LGPD (Brazil) are all honoured. If you are in a jurisdiction with additional rights, we apply them.

7. Cookies

We use cookies only for what we need: authentication (keeping you signed in), CSRF protection, and a rotating anti-fraud token. No advertising cookies. No cross-site tracking. No analytics cookies we didn’t build ourselves.

8. Children

Penworth Store is not for under-16s. If we discover a younger account we delete it and notify a parent/guardian if contact details are available.

9. Breach disclosure

If we discover a data breach affecting you, we notify you within 72 hours of confirmation along with what happened, what data was affected, and what we’re doing about it. We notify the relevant regulator inside the same window.

10. Contact

Privacy matters: privacy@penworth.ai. We respond inside 10 business days. If we cannot resolve your complaint, you may escalate to the Office of the Australian Information Commissioner (oaic.gov.au).