Privacy Policy

Effective date: May 21, 2026

Literal Word ("us", "we", or "our") operates the Literal Word website at literalword.com (including its subdomains) and the Literal Word application (collectively, the "Service").

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data only to provide and improve the Service. Unless otherwise defined in this Privacy Policy, terms used here have the same meanings as in our Terms and Conditions.

Information We Collect

We collect the following categories of data, only as needed to operate the Service:

Information you provide when you create an account

The Service is usable without an account. If you choose to create one, we collect:

  • Your email address. Either provided directly when you sign up with email and password, or supplied by Google when you sign in with Google. When you sign in with Google we request only the email scope; we do not ask Google for your name or profile photo.
  • A password, if you sign up with email and password. Your password is never stored in plaintext; our authentication provider stores it only as a one-way hash.
  • An internal account identifier assigned by our authentication provider when your account is created.

Content you create in the Service

When you are signed in, the bookmarks, highlights, and free-text notes you create are stored in our backend so they are available across your devices. We do not analyze the substance of your notes; they are stored for synchronization only. Your email address is also recorded alongside this content so we can route account-related correspondence and answer support requests.

Usage Data

When you access the Service, we automatically collect limited diagnostic information, including the type of device you use, your device's operating system, the application version, and interaction events (which pages you viewed, how long the session lasted, search queries you ran, and error counts). These events are recorded against a per-install or per-browser identifier and are not tied back to your account. Your IP address is processed at the network layer by our hosting and analytics providers, primarily to operate the Service and to detect abuse.

Cookies and similar technologies

The Service uses a small number of cookies, browser storage (IndexedDB and local storage), and platform local storage to remember your preferences (such as text size, theme, and sidebar state) and, where you are signed in, to hold the credentials and synced data needed for the Service to operate across devices. Aggregate-usage analytics also rely on cookies on the website.

You can instruct your browser to refuse cookies or to alert you when one is set. If you refuse them, some features (preference persistence and sign-in) will not work.

How We Use Your Data

  • To provide and maintain the Service, including syncing your bookmarks, highlights, and notes across your devices.
  • To authenticate you and protect your account.
  • To detect, prevent, and address technical or security issues.
  • To understand how the Service is used so we can improve it.
  • To respond to your support requests.
  • To comply with legal obligations.

We do not sell or share your data for advertising. We do not use your notes, highlights, or bookmarks to train machine-learning models.

Third-Party Services

To operate the Service we rely on a small number of third-party providers, broadly in two categories:

  • Account, sync, and analytics (Google). Google's Firebase products handle authentication (email and Google Sign-In), cross-device sync of your bookmarks, highlights, and notes, and aggregate usage analytics. Google receives the data described in "Information We Collect" above and processes it on our behalf as a data processor under its standard terms. See Google's privacy policy at policies.google.com/privacy.
  • Website and app hosting. Our website is served by a third-party hosting provider, and the application is distributed through its platform store. These providers receive the network-layer information needed to serve a page or distribute an app (such as IP address and device type) and operate standard logs.

Independently of the above, your operating system or app store may collect crash and diagnostic data from the Service under its own terms (for example, your platform's built-in crash reporter). We do not separately integrate any third-party crash-reporting SDK.

The current named list of providers in each category is available on request by emailing contact@literalword.com.

Data Retention

We retain your account record and your synced content (bookmarks, highlights, notes) for as long as your account is active. When you delete your account, we delete that data. Short-lived copies may remain in our cloud providers' standard backup or log windows before they roll off, after which the data is no longer accessible. Aggregate analytics, which cannot be tied back to your account, are retained per the analytics provider's default retention.

Your Rights and Choices

Account Deletion

You can delete your account at any time from within the Service. On any platform, open the sidebar, choose Sync & Backup, and then Delete account. Account deletion removes your authentication record and your synced content as described in "Data Retention" above. You can also request deletion by emailing contact@literalword.com from the email address on file.

Access and Correction

You can view and edit the notes, highlights, and bookmarks tied to your account at any time from within the Service. To request a copy of the other data we hold about you, email contact@literalword.com.

Opting Out of Analytics

On the website you can disable Google Analytics by using Google's opt-out add-on (tools.google.com/dlpage/gaoptout) or by setting Do-Not-Track in your browser. The application does not track you across other apps or websites and does not request the system advertising identifier.

Your Rights Under GDPR (EU and UK Residents)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation grants you the following rights with respect to your personal data:

  • Right of access — you may request a copy of the data we hold about you.
  • Right to rectification — you may request correction of inaccurate data.
  • Right to erasure — you may request deletion (see "Account Deletion" above).
  • Right to restriction of processing.
  • Right to data portability — you may request a machine-readable copy of the content you have provided.
  • Right to object to processing based on legitimate interest.
  • Right to withdraw consent at any time, where processing is based on consent.
  • Right to lodge a complaint with your local data-protection authority.

The lawful bases on which we rely are: contract (to provide the Service to you), legitimate interest (to secure, debug, and improve the Service), and consent (where you have given it, for example to analytics where local law requires opt-in).

To exercise any of these rights, email contact@literalword.com. We will respond within one month.

California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) grants you the following rights with respect to the personal information we collect:

  • Right to know what personal information we have collected about you.
  • Right to delete personal information we hold about you.
  • Right to correct inaccurate personal information.
  • Right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under California law.
  • Right to non-discrimination for exercising any of the above rights.

We do not knowingly sell or share personal information of minors under the age of 16. To exercise these rights, email contact@literalword.com.

International Data Transfers

Our processors operate globally. If you are located outside the United States, your data may be transferred to, stored, and processed in the United States or other countries where our processors operate. Where required, transfers from the European Economic Area, the United Kingdom, or Switzerland rely on the European Commission's Standard Contractual Clauses (or equivalent UK and Swiss safeguards) maintained by those processors.

Disclosure of Data

We may disclose your data:

  • To comply with a legal obligation, subpoena, or court order.
  • To protect and defend the rights or property of Literal Word.
  • To prevent or investigate possible wrongdoing in connection with the Service.
  • To protect the personal safety of users of the Service or the public.
  • To protect against legal liability.

Security

The security of your data is important to us. We use commercially acceptable means to protect your personal data — including TLS for data in transit and at-rest encryption provided by our cloud processors — but no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Links to Other Sites

Our Service may contain links to other sites that are not operated by us. We are not responsible for the content or privacy practices of those sites and encourage you to read each one's privacy policy.

Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@literalword.com and we will take steps to remove that information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. For material changes we will, where we have your email on file, also notify you by email; in any case we will post a prominent notice on the Service. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy, please contact us by email at contact@literalword.com.