Legal

Privacy Policy

Effective June 19, 2026

The short version

GemReader collects nothing. No accounts. No cloud. No analytics. No crash reports. No telemetry. Your books, highlights, notes, and reading habits stay on your device, encrypted, and are never transmitted anywhere.

Data collection

We collect no personal data. GemReader does not require account registration and has no backend server to send data to. The app contains no analytics SDKs, no crash reporting libraries, and no telemetry of any kind.

Book storage and encryption

Every EPUB you import is encrypted at rest using AES-256 GCM before being written to your device's storage. Decryption happens in memory only — plaintext never touches your file system. Encryption keys are derived locally and never transmitted.

PIN-locked folders

PIN-protected folder keys are derived from your PIN using PBKDF2. The derived key is not stored in recoverable form. After 3 failed PIN attempts, the folder's encrypted files are permanently deleted and the keys are destroyed. There is no recovery mechanism — this is by design.

Screenshot and clipboard protection

When a locked folder is open, GemReader programmatically blocks the OS screenshot API and suppresses your content from appearing in the recent apps switcher. If you background the app while in a secure folder, the clipboard is wiped automatically.

Third-party services

GemReader does not integrate with any third-party services, advertising networks, or data brokers. No SDK from any external company is included in the app.

Children's privacy

GemReader does not collect data from anyone, including children under 13. No personal information is gathered at any point.

Changes to this policy

If this policy changes materially, the updated version will be posted here with a new effective date. Since we collect no data, changes are unlikely to affect you in any practical way.

Permissions

The app requests two permissions. File storage: used solely to let you select EPUB files to import — no file content is transmitted outside your device. Camera: used only when you choose to scan a QR code to enter an encrypted archive password. The camera feed is processed locally in real time and is never recorded, saved, or transmitted.

Data deletion

All data stored by GemReader — encrypted books, annotations, reading progress, and encryption keys — resides exclusively on your device. Uninstalling the app permanently removes all of this data. There is no server-side data to delete.

Contact

Questions about this policy? Reach us at support@gemreader.com.