- Overview & Scope
- Who We Are
- Information We Collect
- How We Collect Information
- How We Use Your Information
- Legal Basis for Processing
- Data Sharing & Disclosure
- Third-Party Service Providers
- Author Access to Reader Data
- Cookies & Tracking Technologies
- Data Security
- Data Retention
- International Data Transfers
- Your Rights
- Australian Privacy Act
- GDPR (European Users)
- CCPA (California Users)
- Children's Privacy
- Changes to This Policy
- Contact & Complaints
1. Overview & Scope
This Privacy Policy explains how For Authors, Inc (operating as "Books.by") collects, uses, stores, shares, and protects personal information when you:
- Visit our website at books.by;
- Create an Author account and use the Books.by platform;
- Purchase a book as a Reader through an Author's storefront; or
- Contact us for support or other enquiries.
This policy applies to all users of the Service, including Authors (who publish and sell books) and Readers (who purchase books). Where specific sections apply to only Authors or only Readers, this is indicated.
By using Books.by, you consent to the collection and use of information as described in this policy. This policy should be read in conjunction with our Terms & Conditions.
2. Who We Are
Books.by is operated by:
For Authors, Inc
ABN: [number]
2/65 Dover Street, Cremorne
VIC 3121, Australia
For the purposes of applicable data protection legislation (including the Australian Privacy Act 1988, the EU General Data Protection Regulation, and the California Consumer Privacy Act), For Authors, Inc is the data controller responsible for your personal information.
3. Information We Collect
3.1 Author Account Information
When you create an Author account, we collect:
- Full legal name and pen name(s);
- Email address;
- Mailing address;
- Phone number (optional);
- Profile photo and author biography;
- Bank account details for royalty payouts (processed via Stripe Connect);
- Credit or debit card details for subscription payments (processed via Stripe);
- Tax identification information (ABN, TFN, EIN, SSN, W-8BEN, or equivalent as required by your jurisdiction).
3.2 Reader Purchase Information
When a Reader purchases a book, we collect:
- Name;
- Email address;
- Shipping address;
- Payment card details (processed via Stripe — we do not store full card numbers);
- Order details (book title, quantity, price paid, shipping method).
3.3 Book & Storefront Data
We collect and store data related to the books Authors publish, including:
- Book manuscripts (interior PDF files);
- Cover artwork;
- Book metadata (title, subtitle, description, genre, keywords, ISBN);
- Pricing information;
- Storefront customisation settings (colours, layout, custom domain).
3.4 Usage & Technical Data
We automatically collect technical information when you use Books.by, including:
- IP address and approximate geolocation;
- Browser type, version, and language;
- Operating system and device type;
- Pages visited, time spent on pages, and navigation paths;
- Referring URL (how you arrived at Books.by);
- Session identifiers and timestamps.
3.5 Communications Data
When you contact us via email, support chat, or any other channel, we collect the content of your communications and associated metadata (timestamps, email addresses) to provide support and maintain records.
4. How We Collect Information
We collect information through the following methods:
- Directly from you: When you create an account, publish a book, make a purchase, update your profile, or contact us.
- Automatically: Through cookies, server logs, and similar technologies when you use our website and platform (see Section 10).
- From third-party services: We may receive information from payment processors (Stripe), print-on-demand partners, and analytics providers in connection with the services they provide to us.
- From public sources: We may collect publicly available information (such as ISBN registration data) related to books published on our platform.
5. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide the platform — host storefronts, display books, enable purchases | Account info, book data, storefront settings |
| Process payments — subscription billing, royalty payouts, Reader purchases | Payment details, bank account info, tax IDs |
| Fulfil orders — print and ship books via our POD partners | Order details, Reader shipping address, book files |
| Transactional communications — order confirmations, shipping updates, payout notifications | Email address, order details, payout information |
| Customer support — respond to enquiries, resolve issues | Account info, communications, order history |
| Platform improvement — analyse usage patterns, improve features, fix bugs | Usage data, technical data (aggregated and anonymised where possible) |
| Marketing communications — publishing tips, platform updates, feature announcements (Authors only, with consent) | Email address, name, usage history |
| Security & fraud prevention — detect and prevent fraudulent activity, protect accounts | IP address, usage patterns, payment information |
| Legal compliance — meet tax reporting obligations, respond to legal requests | Identity information, tax IDs, earnings data, transaction records |
| Analytics & reporting — provide Authors with sales dashboards and performance insights | Sales data, Reader order information (aggregated) |
6. Legal Basis for Processing
We process your personal information based on the following legal grounds:
- Contract performance: Processing necessary to provide the Service you have signed up for (account management, order fulfilment, royalty payments).
- Legitimate interests: Processing necessary for our legitimate business interests, including platform improvement, fraud prevention, and security, where those interests are not overridden by your privacy rights.
- Legal obligations: Processing required to comply with applicable laws, including tax reporting requirements, anti-money laundering regulations, and responses to lawful requests from public authorities.
- Consent: Where we rely on your consent (e.g., marketing emails), you may withdraw consent at any time by clicking the unsubscribe link in any email or contacting us directly. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
7. Data Sharing & Disclosure
We share your personal information only in the following circumstances:
7.1 Service Providers
We share data with third-party service providers who assist us in operating the platform (see Section 8 for details). These providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures.
7.2 Authors (Reader Data)
When a Reader purchases a book, we share order information with the relevant Author, including the Reader's name, shipping address, and order details. Authors are bound by our Terms & Conditions regarding their use of Reader data (see Section 9).
7.3 Print-on-Demand Partners
We share Reader shipping addresses and book files with our print-on-demand partners to fulfil orders. Our print partners are contractually required to use this information solely for order fulfilment.
7.4 Payment Processors
Payment information is shared with Stripe to process subscription payments, Reader purchases, and Author royalty payouts. Stripe's handling of your data is subject to Stripe's Privacy Policy.
7.5 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government request). We may also disclose information to:
- Comply with a legal obligation;
- Protect and defend the rights or property of For Authors, Inc;
- Prevent or investigate possible wrongdoing in connection with the Service;
- Protect the personal safety of users or the public.
7.6 Business Transfers
In the event of a merger, acquisition, reorganisation, or sale of all or substantially all of our assets, your personal information may be transferred as part of the transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
7.7 What We Do Not Do
We do not sell your personal information. We do not rent, trade, or otherwise make your personal data available to third parties for their own marketing purposes. We do not use your book content (manuscripts, covers) for any purpose other than providing the Service.
8. Third-Party Service Providers
We use the following categories of third-party providers to operate Books.by:
| Category | Purpose | Data Shared |
|---|---|---|
| Payment processing (Stripe) | Subscription billing, Reader payments, Author payouts | Payment card details, bank account info, transaction amounts, identity verification |
| Print-on-demand | Book manufacturing and shipping | Book files, Reader shipping address, order details |
| Cloud hosting | Infrastructure, data storage, content delivery | All platform data (encrypted at rest and in transit) |
| Email delivery | Transactional and marketing emails | Email address, name, email content |
| Customer support | Help desk, live chat, support ticketing | Account info, support conversation content |
| Analytics | Platform usage analysis, performance monitoring | Anonymised/aggregated usage data, IP address (truncated) |
All third-party providers are selected based on their privacy and security practices and are bound by data processing agreements that require them to protect your information.
9. Author Access to Reader Data
This section applies to Readers whose data is shared with Authors.
When you purchase a book on Books.by, the Author of that book receives certain order information to manage their business. This includes:
- Your name;
- Shipping address;
- Email address (if you opt in to Author communications); and
- Order details (book purchased, date, price).
Authors are required under our Terms & Conditions to:
- Use Reader data solely for purposes related to their book sales and the author-reader relationship;
- Comply with all applicable privacy and data protection laws;
- Not sell, rent, or share Reader data with third parties; and
- Honour Reader opt-out requests for marketing communications.
Books.by is not responsible for an Author's use of Reader data beyond the platform. If you have concerns about how an Author is using your data, please contact us at support@books.by.
10. Cookies & Tracking Technologies
10.1 What Are Cookies
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work, improve functionality, and provide information to website operators.
10.2 Cookies We Use
| Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management, security, shopping cart functionality. These are required for the platform to function. | Session / up to 1 year |
| Functional | Remember your preferences (language, currency, theme settings). | Up to 1 year |
| Analytics | Understand how visitors use Books.by, which pages are most popular, and how users navigate the site. Data is aggregated and anonymised. | Up to 2 years |
10.3 We Do Not Use
- Third-party advertising or retargeting cookies;
- Cross-site tracking pixels; or
- Social media tracking cookies.
10.4 Managing Cookies
You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may affect the functionality of the platform. For more information on managing cookies, visit allaboutcookies.org.
11. Data Security
We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it, including:
- Encryption in transit: All data transmitted between your browser and Books.by is encrypted using TLS 1.2 or higher (HTTPS).
- Encryption at rest: Personal data and book files are encrypted at rest in our cloud infrastructure.
- Payment security: All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We do not store full credit card numbers on our servers.
- Access controls: Access to personal data is restricted to employees and contractors who need it to perform their duties, subject to confidentiality obligations.
- Infrastructure security: Our cloud infrastructure includes firewalls, intrusion detection, regular security patches, and monitoring.
- Regular audits: We periodically review and update our security practices.
While we implement commercially reasonable security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
If you become aware of a security vulnerability or suspect a data breach involving your account, please notify us immediately at support@books.by.
12. Data Retention
We retain your personal information for as long as necessary to provide the Service and fulfil the purposes described in this policy. Specific retention periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Active Author accounts | Duration of account + 90 days | Service provision + reactivation window |
| Book files (manuscripts, covers) | Duration of account + 90 days | Service provision + data portability |
| Financial & tax records (earnings, payouts, invoices) | 7 years from transaction date | Australian tax law requirements (ATO) |
| Reader order records | 7 years from order date | Tax, accounting, and dispute resolution |
| Reader payment card details | Not stored by Books.by | Handled entirely by Stripe |
| Support communications | 3 years from last interaction | Support quality and dispute resolution |
| Usage & analytics data | 26 months (aggregated/anonymised) | Platform improvement |
| Marketing consent records | Duration of consent + 3 years | Compliance documentation |
After the applicable retention period, personal data is permanently deleted or irreversibly anonymised. Anonymised data (which cannot be used to identify you) may be retained indefinitely for statistical and analytical purposes.
13. International Data Transfers
Books.by is operated from Australia. Your personal data may be processed in countries outside your country of residence, including:
- Australia — where our company is incorporated and our primary operations are based;
- United States — where certain cloud infrastructure and service providers (including Stripe) are located; and
- Other countries — where our print-on-demand partners have production facilities (to fulfil orders shipped to those regions).
Where we transfer data outside Australia or the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Data processing agreements with all service providers; and
- Reliance on the recipient country's adequacy determination where available.
14. Your Rights
Depending on your location, you may have some or all of the following rights regarding your personal information:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we correct inaccurate or incomplete personal data.
- Deletion: Request that we delete your personal data, subject to legal retention requirements.
- Data portability: Request a copy of your data in a structured, commonly used, machine-readable format.
- Restriction: Request that we restrict processing of your personal data in certain circumstances.
- Objection: Object to our processing of your personal data based on legitimate interests.
- Withdraw consent: Where processing is based on consent, withdraw that consent at any time.
- Opt out of marketing: Unsubscribe from marketing emails at any time via the unsubscribe link or by contacting us.
To exercise any of these rights, contact us at support@books.by. We will respond to your request within 30 days (or sooner where required by applicable law). We may ask you to verify your identity before processing your request.
If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority (see Section 20).
15. Australian Privacy Act
For Authors, Inc is bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). In accordance with the APPs:
- We only collect personal information that is reasonably necessary for our functions and activities;
- We collect personal information by lawful and fair means, directly from you where practicable;
- We take reasonable steps to ensure that personal information we collect, use, or disclose is accurate, complete, and up to date;
- We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure;
- We will not use or disclose personal information for direct marketing unless you have consented or would reasonably expect it, and we provide a simple opt-out mechanism; and
- You may access and correct your personal information by contacting us.
If you are not satisfied with our response to a privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by phone at 1300 363 992.
16. GDPR (European Users)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
- The right to data portability (receive your data in a structured, machine-readable format);
- The right to restrict processing;
- The right to object to processing based on legitimate interests;
- The right to not be subject to automated decision-making, including profiling; and
- The right to lodge a complaint with your local supervisory authority.
We process data of EEA residents based on the legal bases described in Section 6. For transfers of data outside the EEA, we rely on Standard Contractual Clauses as described in Section 13.
Our EU representative for GDPR purposes can be contacted at legal@books.by.
17. CCPA (California Users)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:
- Right to know: You may request information about the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share information.
- Right to delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to opt out of sale: We do not sell personal information. As such, there is no need to opt out, but we honour this right regardless.
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise your CCPA rights, contact us at support@books.by or by mail at our address listed in Section 20.
In the preceding 12 months, we have collected the categories of personal information described in Section 3. We have not sold personal information to any third party.
18. Children's Privacy
Books.by Author accounts are not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18 as part of the account registration process.
Readers of any age may purchase books through Author storefronts. Where a Reader is under 16, we encourage parents or guardians to supervise their online purchases. If we become aware that we have collected personal information from a child under 13 (or the applicable age in your jurisdiction) without parental consent, we will take steps to delete that information promptly.
If you believe we have inadvertently collected information from a child, please contact us at support@books.by.
19. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:
- Material changes will be communicated via email to the address associated with your account and/or by a prominent notice on our website at least 14 days before taking effect.
- Minor changes (e.g., formatting, clarifications that do not affect your rights) may be made without advance notice, but the "Last updated" date at the top of this policy will always reflect the most recent revision.
We encourage you to review this policy periodically. Your continued use of Books.by after any changes take effect constitutes your acceptance of the revised policy.
20. Contact & Complaints
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:
For Authors, Inc
2/65 Dover Street, Cremorne
VIC 3121, Australia
General enquiries & privacy requests: support@books.by
Legal & data protection: legal@books.by
We aim to respond to all privacy-related enquiries within 30 days.
Complaints
If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with the relevant data protection authority:
- Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au — 1300 363 992
- European Union: Your local supervisory authority — a list is available at edpb.europa.eu
- United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
- California: Office of the Attorney General — oag.ca.gov/privacy