We use industry-standard technical and organizational safeguards:

• • 256-bit SSL/TLS encryption for data in transit
• • AES-256 encryption for data at rest
• • SOC 2 and ISO 27001–compliant data centers
• • Regular security audits and penetration testing
• • Two-factor authentication for user accounts
• • Access controls and monitoring for data handling

Despite these measures, no system is 100% secure. You are encouraged to use strong passwords and enable 2FA. Learn more on our Security page.

We never sell or rent your personal information. We only share it under these limited circumstances:

• • Service Providers: Vendors that help operate our Service (e.g., hosting, analytics, email delivery, or payments). These providers are contractually required to protect your data.
• • Legal Requirements: When disclosure is required by law or necessary to protect our legal rights, property, or safety.
• • Business Transfers: In connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality.
• • With Your Consent: When you explicitly authorize sharing, such as connecting to a third-party integration.

Depending on your jurisdiction, you may have rights to:

• • Access: Request a copy of your personal data
• • Correction: Update or fix inaccurate information
• • Deletion: Request deletion (subject to legal retention requirements)
• • Export: Receive a portable copy of your data
• • Withdraw Consent: Opt out of specific data uses or communications

To exercise these rights, email privacy@indiebooks.io. We will verify your identity before fulfilling any requests.

We retain information only as long as necessary to provide the Service and comply with laws.

• • Active accounts: Retained while your account remains open
• • Financial records: Retained for at least 7 years to comply with CRA and IRS requirements
• • Transaction history: Retained for a minimum of 6 years for audit purposes
• • Support communications: Retained for 3 years after issue resolution

When data is no longer needed, it is securely deleted or anonymized.

We use cookies, pixels, and local storage technologies to:

• • Keep you signed in to your account
• • Remember your preferences and region settings
• • Measure website performance and analytics
• • Prevent fraud and secure access

You may disable cookies through your browser settings, but some features may not function properly.

Data may be processed and stored in Canada, the United States, or other jurisdictions where our service providers operate. By using the Service, you consent to such transfers, which are safeguarded through contractual and legal mechanisms (e.g., Standard Contractual Clauses, PIPEDA adequacy).

The Service is not directed toward individuals under 18. We do not knowingly collect personal data from minors. If you believe a child has provided data, contact privacy@indiebooks.io and we will delete it.

We may update this Privacy Policy from time to time. The "Last updated" date indicates when it was revised. Material changes will be communicated by email or in-app notice. Continued use of the Service after changes constitutes acceptance.

If you have questions or concerns about privacy or data protection, contact us: