Last updated: 5 July 2026
Privacy policy
We sell the product, not you. Humrah is built so that the private act of reading stays private: the app works without an account, telemetry is off unless you turn it on, and everything we do collect exists to serve a feature you can see.
Who we are
Abhaya Code Labs (registered in India) is the data controller for Humrah. Reach us any time at [email protected]. This policy covers the Humrah apps (macOS, iOS, Android, Windows, web) and the Humrah API. It is written to meet both the EU GDPR and India's DPDP Act.
What we collect, and why
| Data | Why it exists |
|---|---|
| Email address | Only if you sign in (sign-in is optional — the reader works anonymously). Used for magic-link sign-in codes and account notices. Never sold, never used for marketing without separate consent. |
| Your books | EPUBs you upload or download in-app are stored on our servers so we can serve them to your devices and answer your questions about them. They remain yours; delete a book and it's gone. |
| Reading data | Positions, highlights, notes, bookmarks, shelves, sessions — the substance of the product, synced across your devices when you're signed in. |
| AI questions | When you ask the companion something, your question plus the relevant passage (never past where you've read, for fiction) is processed to generate the answer. We keep your conversation history so you can revisit it; you can delete it. |
| Voice data | Only if you use voice cloning: an in-app recording of your own voice, made after an explicit, versioned consent ceremony. See "Voice" below. |
| Usage telemetry | Off by default. Strictly opt-in. If you opt in, we receive a small, fixed list of feature-usage events (counts, modes, platform). The allowlist structurally cannot carry reading content, queries, highlights, or any personal text. Revoking consent deletes what was collected. |
What we never collect
No advertising identifiers. No tracking pixels. No selling or renting data — to anyone, ever. No telemetry without opt-in, and never the content of what you read, ask, or highlight. Your reading position is never shared with other people except through features you explicitly join (see "Social"). Dictionary lookups, in-book search, and translation run on your device and never reach our servers.
The AI, honestly
Humrah's companion features send your question and short passages of the book to our AI provider (Google, Gemini API) to generate an answer. We use API terms under which your content is not used to train models. AI answers about fiction are constrained to what you've already read — that's the product's core promise, enforced on our servers, not by the model's goodwill.
Prefer no AI at all? The AI off-switch in Settings disables every AI feature. The reader, dictionary, search, bookmarks, highlights, and offline reading all keep working — they never depended on AI in the first place.
Voice
Voice cloning is self-only: the recording is made inside the app, after a consent ceremony that shows you exactly what you're agreeing to (we keep a hashed, versioned record of that consent). Audio is synthesized by our voice provider (Cartesia). Revoking consent deletes your voice profile from our systems and from the provider. The free read-aloud voice runs entirely on your device and involves no cloud processing.
Social features
Everything social is opt-in, per book. Presence is off by default — if you don't turn it on, other readers cannot see you at all. Where features share your progress (finding readers near your position), it's shared as a coarse 10% bucket, never your exact position. Book-club discussions are protected by the same spoiler ceiling: nothing is quotable past the least-far reader. Club messages are deleted after 30 days. Third-party integrations see nothing unless you explicitly enable sharing, and revoking it is instant.
Where your data lives, and who touches it
Your data is stored in the European Union (Hetzner, Germany), encrypted in transit everywhere. Access tokens are stored hashed. We use a short list of processors, each for one job:
- Hetzner (Germany) — hosting and storage.
- Google — AI answers (Gemini API; no training on your content).
- Postmark — sign-in and account emails.
- Cartesia — voice synthesis, only if you use voice cloning.
- A payment processor, once paid plans launch — payment card data never touches our servers.
Retention
- Your account and its data: kept until you delete them (see Your data rights).
- Account deletion: a 7-day grace period (cancel any time in-app), then a hard, irreversible delete of everything.
- Backups: encrypted, and expire within 30 days — deleted data ages out of backups within that window.
- Club chat messages: 30 days. Data-export downloads: 7 days. Anonymous accounts that never sign in are pruned after 30 days of inactivity.
Your rights
Export everything and delete everything — self-serve, from inside the app, no support ticket required. The full walkthrough is on the Your data rights page. Under GDPR you also have the right to lodge a complaint with your local supervisory authority; under the DPDP Act, with the Data Protection Board of India.
Changes
If this policy changes in a way that matters, we'll say so in the app and update the date at the top. We won't quietly widen what we collect.