Privacy Policy

Last updated: 10 December 2025

1. Controller and Contact

The controller responsible for processing your personal data in connection with this Service is:

Invisible Hours UG (haftungsbeschränkt)
Belziger Straße 69-71
10823 Berlin, Germany
Email: mymeals@invisiblehours.net

In this Privacy Policy, "we", "us", or "our" refers to Invisible Hours UG (haftungsbeschränkt).

2. Scope of this Policy

This Privacy Policy explains how we process personal data when you use our mobile reading application "Seriatim Reader" and visit any website or landing page that specifically relates to this App and links to this Privacy Policy (together, the "Service").

This Policy does not cover our other products (e.g. the "My Meals" app), which have or will have their own privacy documentation.

3. Core Privacy Principles

The Service has been designed as a local-first, privacy-friendly app: books, reading progress and highlights are processed locally on your device and are not automatically transmitted to our servers.

We intend to follow these principles:

  • We process only the minimum personal data necessary to provide and improve the Service.
  • We do not sell your personal data.
  • We do not use in-app behavioural tracking or advertising SDKs.
  • We aim to be transparent and give you control where possible.

4. Data We Process

4.1 Data stored locally on your device

When you use the App, the following data is stored locally on your device's storage/database:

  • imported ebooks / documents (e.g. EPUB, PDF, TXT);
  • sentence-level text extracted from those files;
  • your reading position and progress;
  • highlights, notes, bookmarks and collections;
  • app settings (e.g. theme, animations, spacing, haptics).

This data is generally not transmitted to us. We technically cannot access it unless you actively share it with us (for example, by sending a screenshot or file in a support email).

Legal basis (GDPR): Art. 6(1)(b) (performance of a contract: providing the App's core functionality).

4.2 Technical and usage data from our website

If you visit a landing page or website related to the App, our web server may automatically record log data such as:

  • IP address and approximate location (based on IP);
  • date and time of the request;
  • URL and HTTP status code;
  • browser type and operating system;
  • referring URL.

This is standard for operating a website.

Legal basis: Art. 6(1)(f) GDPR – our legitimate interest in providing a secure and stable website and defending against attacks.

4.3 Data from support requests

If you contact us (e.g. via email), we process:

  • your email address and any other contact details you provide;
  • the content of your message and any attachments;
  • our replies and internal notes regarding the support request.

We use this information solely to handle your request and maintain a record of our communication.

Legal basis: Art. 6(1)(b) GDPR – performance of a contract or steps prior to entering into a contract (answering your questions about the Service); and/or Art. 6(1)(f) GDPR – our legitimate interest in providing customer support and improving the Service.

4.4 Content discovery via third-party APIs

If you choose to use the App's discovery features (for example, searching free ebooks from Project Gutenberg or academic papers from arXiv), the App will send requests to the relevant third-party APIs. These third-party services may process:

  • your device's IP address;
  • query parameters (e.g. book title, author, search terms);
  • limited technical metadata (e.g. date/time, user agent).

We do not use this data to track you personally. However, those third-party providers process the data under their own responsibility and privacy policies.

Legal basis: Art. 6(1)(b) GDPR – the processing is necessary to provide the discovery feature you request; Art. 6(1)(f) GDPR – our legitimate interest in offering integrated discovery of public content.

4.5 Crash reports and diagnostics (if enabled)

If you enable crash reporting (e.g. via your operating system or app-store settings), anonymised or pseudonymised diagnostics may be sent by the platform (Apple/Google) and made available to us in aggregated form. We do not integrate any additional analytics SDKs in the App itself.

Legal basis: Art. 6(1)(f) GDPR – our legitimate interest in maintaining and improving the stability and security of the Service.

5. No in-app tracking or advertising SDKs

We design the App to work without embedded advertising or behaviour-tracking SDKs. We do not build in personalised ad networks or user-profiling within the App. If this changes in the future, we will update this Privacy Policy and, where required, ask for your consent.

6. Recipients and Categories of Recipients

We may share your personal data with the following categories of recipients, where necessary:

  • Hosting and infrastructure providers for our websites and backend services (server hosting, email hosting).
  • Third-party content providers you explicitly interact with via the App (e.g. Project Gutenberg, arXiv).
  • Professional advisers (such as lawyers or tax advisers), where necessary for compliance and defence of legal claims.
  • Authorities and courts, where we are legally obliged to do so or for the defence, exercise or establishment of legal claims.

We do not sell your personal data to third parties.

7. International Data Transfers

Our servers or service providers may be located outside the EU/EEA. Where this involves transferring personal data to a country without an EU adequacy decision, we will rely on appropriate safeguards, such as the Standard Contractual Clauses (SCCs) or comparable instruments, unless a different legal basis is available.

8. Retention Periods

We retain personal data only for as long as necessary for the purposes described in this Policy:

  • Locally stored reading data: remains on your device until you uninstall the App or delete the data.
  • Server logs (website): typically retained for a short period (e.g. a few weeks), unless longer retention is necessary for security or legal reasons.
  • Support communications: retained for the duration of our relationship plus any applicable statutory limitation periods.
  • Diagnostic/crash data: kept only as long as needed to analyse and fix issues, usually in anonymised or aggregated form.

Where we are legally required to retain data for longer (e.g. under commercial or tax law), we will comply with those obligations.

9. Your Rights under the GDPR

If you are in the EU/EEA, you have the following rights in relation to your personal data, subject to legal conditions:

  • Right of access (Art. 15 GDPR) – to obtain confirmation as to whether we process personal data about you and to receive a copy.
  • Right to rectification (Art. 16 GDPR) – to have inaccurate or incomplete data corrected.
  • Right to erasure (Art. 17 GDPR) – to request deletion of your data, e.g. if it is no longer necessary or you withdraw consent (where applicable), subject to legal retention duties.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR) – to receive certain data in a structured, commonly used and machine-readable format, and to transmit it to another controller.
  • Right to object (Art. 21 GDPR) – to object, on grounds relating to your particular situation, to processing based on our legitimate interests; and to object at any time to processing for direct marketing.
  • Right to withdraw consent (Art. 7(3) GDPR) – where we rely on consent, you can withdraw it at any time with effect for the future.

To exercise your rights, you can contact us at mymeals@invisiblehours.net.

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or the alleged infringement. In Berlin, this is the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

10. Security

We apply appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure or access. However, no method of transmission or storage is completely secure; residual risks can never be entirely excluded.

11. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16 without appropriate consent. If you believe a child has provided us with personal data in violation of this Policy, please contact us so we can take appropriate action.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in the Service, legal requirements or supervisory authority guidance. We will indicate the date of the latest update at the top of this document. For material changes, we will provide a more prominent notice (e.g. in the App or on the website). Where required by law, we will ask for your consent to changes.

13. Contact

If you have questions about this Privacy Policy or wish to exercise your data-protection rights, please contact:

Invisible Hours UG (haftungsbeschränkt)
Belziger Straße 69-71
10823 Berlin, Germany
Email: mymeals@invisiblehours.net