Privacy policy

Effective date: July 3, 2026 · Last updated: July 3, 2026

This Privacy Policy explains how Bookfox Inc. (“Bookfox”, “we”, “us”, or “our”) collects, uses, shares, and protects personal information when you use the Bookfox Partner mobile application (the “App”) and the connected backend services we operate, and when we list books for sale through online marketplaces including Amazon and eBay as part of the wider Bookfox book-reselling operation (together, the “Services”).

We have written this policy to be plain and honest about what actually happens with your data. Where the law requires specific disclosures (GDPR, the California Consumer Privacy Act as amended by the CPRA, and the privacy requirements of Apple, Google, Amazon, and eBay), those are included below.

1. Who we are

Bookfox Inc., trading as Bookfox, is the data controller (GDPR) and the business (CCPA/CPRA) responsible for the personal information described in this policy.

  • Postal address: Office 8, 12160 103A Avenue, Surrey, BC V3V 3G7, Canada
  • Privacy contact / email: [email protected]
  • Privacy officer: Privacy questions go to our privacy officer at [email protected].
  • Governing jurisdiction: British Columbia, Canada

2. Scope and what this policy covers

This policy covers the Bookfox Partner app (iOS and Android) used by book-sale organizers, scouts, and volunteers, our websites, and the backend systems that power them. Some of these systems are shared with our BookProwl service, so information may be used across both services as described in this policy.

It does not cover third-party websites, services, or marketplaces that have their own privacy notices (for example, Amazon’s and eBay’s own privacy notices govern how those marketplaces treat their buyers and members).

3. The personal information we collect

We only collect what the App and our selling operation actually need. The subsections below map each category to what it is, why we collect it, and where it is stored. We do not currently collect device location/GPS, contacts, microphone audio, your photo library, or health data, and the App contains no advertising, analytics, attribution, or tracking SDKs (see Section 11; Section 3.9 covers a possible future, opt-in location feature).

3.1 Account and login data

  • Organizers and scouts sign in with an email address and password. We use these to authenticate you and to read or create a basic profile record (an internal ID, a display name, and a role).
  • Volunteers do not provide an email or password. Volunteers sign in with an 8-character join code (typed or scanned as a QR code), and we store a small amount of session metadata (the volunteer link ID, the sale-event ID, a display label such as “Volunteer”, and the time you joined).
  • Sign-in credentials. To register scans and submit wholesale batches, the App signs in to our backend systems on your behalf. The App never holds your organization’s plain-text password. Standalone scouts may sign in with a username and password.

3.2 Scanned book and inventory data

When you scan a book, we record the scan and link it to your account: the book’s identifying details (such as the barcode, title, and author), the shelf or category chosen, and the action you took (for example accept or set aside). Organizers can see scan activity for their own sale, and we use scan records to improve our book sorting.

These records are attributed to the scanning user, based on your verified sign-in (your volunteer link, sale event, and organization), so that organizers can run per-staff (“books by staff”) reporting and the correct scout is credited.

3.3 Camera-derived data

The camera permission is used for three purposes. The privacy-critical distinction is described fully in Section 4. In short: barcode and QR scanning happen entirely on your device and no image is ever stored or transmitted, and the only time an image leaves your device is the optional “Identify Book” cover-photo feature you choose to use.

3.4 Device identifiers and diagnostics

To diagnose errors and keep the App reliable, we collect limited diagnostic data: an app-generated random device ID (a random string we create, not a hardware ID, advertising ID, IDFA, or GAID), the platform and OS version, the App version and update channel, your user ID, recent error logs, and app performance timings. Lower-severity logs stay only in the device’s local system log and are never uploaded.

3.5 Data stored on your device

The App may temporarily store your own scans on your device while you are offline. Local data on your device is cleared when you sign out.

3.6 Pricing and financial values

We process pricing and transaction records tied to scanned items, such as our book payout amounts, marketplace offer/payout figures (in US dollars and converted), and sticker prices. These relate to the books and to what we pay for them, and are sent with scan and batch records.

3.7 Marketplace order data (Amazon / eBay)

When we list and sell books on Amazon and eBay, those marketplaces may provide us with order-related information needed to fulfil and ship orders and to calculate and remit taxes (for example a buyer’s name and shipping address supplied by Amazon). The App itself does not collect this data and does not connect to Amazon or eBay to retrieve buyer information; it is handled downstream in our selling systems. We handle any such marketplace personal information strictly in line with the marketplaces’ own data-protection rules (see Sections 8, 11, and 19).

3.8 Scanner loan records (offline)

If you join our scout program, we take a copy of your government photo ID at your in-person onboarding, to verify your identity and as security while our equipment (such as a loaned barcode scanner) is in your hands, instead of taking a deposit. The copy is a physical one, kept securely offline only; it is never uploaded to or stored in the App or our databases, and our systems record only the fact and date of collection. It is retained while you are in the scout program and for up to six months after you leave it, or until any open dispute or claim involving you is resolved if that is longer, and is then destroyed.

3.9 Location (optional, coming later)

We do not collect your location today. If we add this feature, it will work like this: if you choose to turn it on, the app may use your device location and store check-ins to suggest nearby stores that tend to have good inventory and to show offers available in your area. It stays off unless you turn it on, and you can turn it off at any time in your device settings. It is a tool you can choose to use, not something that directs, assigns, or tracks where you go.

4. Camera and permissions disclosure

The App requests one privacy-sensitive runtime permission: Camera. It is used only for the following, and the purpose strings shown at the permission prompt describe these uses:

  1. On-device barcode scanning. When you scan a book, camera frames are decoded live on your device using an on-device scanner. Only the decoded text (for example an ISBN) is used. No image or video frame is saved or transmitted; frames are discarded immediately.
  2. QR sign-in for volunteers. The camera reads a join-code QR to sign you in. Again, only the decoded code text is used; no image is stored or sent.
  3. Optional “Identify Book” cover photo. This is the only case in which an image leaves your device, and only if you choose to use it. When a book has no usable barcode, you can take a photo of the front cover. The App sends the photo to our backend, which uses Anthropic (Claude) to read the title and author from the cover. The temporary photo file is not saved to your photo library and is not uploaded to durable storage; only the image leaves the device for that single lookup.

We do not currently request location, contacts, microphone, photo-library/media, notifications, Bluetooth, or broad storage permissions (Section 3.9 covers a possible future, opt-in location feature).

5. How and why we use your information

We use personal information to:

  • Provide and operate the App (authenticate you, keep you signed in, sync your work).
  • Identify and price scanned books and route them to the correct shelf or table.
  • Build wholesale batches and inventory and, where applicable, list and sell books on marketplaces.
  • Attribute scans and produce reporting for organizers (for example per-staff “books by staff” reporting and book payout calculations).
  • Maintain security and prevent fraud and abuse.
  • Diagnose errors and improve reliability through limited diagnostic logging.
  • Operate our book-buying network and market-data products using scan and inventory data (data about books, quantities, prices, and locations, not personal information).
  • Communicate with you about your account, the Services, and important changes.
  • Comply with legal obligations, including tax and record-keeping duties tied to our selling operations.

We do not use your information for third-party advertising, and we do not sell or share it for cross-context behavioral advertising (see Section 9).

Where the GDPR applies, we rely on the following lawful bases under Article 6:

PurposeLawful basis
Creating your account, signing you in, and delivering the core App functionality (scanning, classifying, pricing, syncing your work)Contract (Art. 6(1)(b))
Listing and selling inventory and fulfilling marketplace ordersContract and legitimate interests (Art. 6(1)(b) and (f))
Attribution, organizer reporting, and improving classification/pricing qualityLegitimate interests (Art. 6(1)(f)) in running an accurate, accountable book-sale operation
Security, fraud prevention, and diagnostic error loggingLegitimate interests (Art. 6(1)(f)) in keeping the Services safe and working
Using the camera, and using the optional cover-photo “Identify Book” featureConsent (Art. 6(1)(a)), given through the OS permission prompt and your choice to use the feature; you can withdraw it at any time in your device settings or by not using the feature
Tax, accounting, and other legal record-keeping for marketplace salesLegal obligation (Art. 6(1)(c))

Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. You may object to this processing (see Section 13). Where we rely on consent, you may withdraw it at any time without affecting processing already carried out.

We do not process special-category data (Article 9) in the ordinary course of the Services.

7. Sources of personal information

We obtain personal information from:

  • You directly, when you sign in, scan books, make sorting/pricing decisions, or use the optional cover-photo feature.
  • Your device, for diagnostic data (the random device ID, platform/version, error breadcrumbs).
  • Our own backend services and reference data providers, which return book metadata and pricing for the items you scan.
  • Marketplaces (Amazon and eBay), which provide order/fulfilment information when we sell books.

8. Who we share information with

We share personal information only with the providers and recipients needed to run the Services. We do not sell it, and we do not share it for advertising. Our key recipients are:

  • Our backend and hosting providers, including the backend we share with our BookProwl service. These host authentication, profiles, diagnostic logs, and scan, batch, and inventory records, and power login, volunteer join, the cover-photo identify feature, and book lookups. They act as our processors and service providers.
  • Book metadata and pricing providers. Receive scanned ISBNs to return titles, authors, cover images, and market pricing used to identify and price the books you scan.
  • Anthropic (Claude). Receives a cover photo only when you use the optional “Identify Book” feature, and only through our backend, to read the title and author.
  • Amazon. The App directly contacts Amazon only to load book cover thumbnail images. Downstream, books we accept into wholesale batches may be listed and sold by us on Amazon, and Amazon may then provide order/buyer information for fulfilment.
  • eBay. The App never contacts eBay directly. Downstream, inventory may be listed and sold by us on eBay.
  • App update service. Receives an update-channel header when the App checks for updates at launch. No personal data is collected beyond the update check itself.

We require the providers that process personal information on our behalf to protect it, to use it only to provide services to us, and to apply protections consistent with this policy. We do not authorize them to use it for their own purposes.

A note on the wider Bookfox system. Inventory you scan may flow within our own systems before being listed for sale on Amazon and eBay. This is an internal data flow within the same company that operates the App and the selling operation; it is not a sale of your personal information.

9. Sale and sharing of personal information (CCPA/CPRA)

We do not sell your personal information, and we have not sold it in the prior 12 months. We do not share your personal information for cross-context behavioral advertising, and we have not done so in the prior 12 months. Because we do not sell or share personal information in this sense, and we do not use sensitive personal information for any purpose beyond providing the Services, we are not required to provide “Do Not Sell or Share My Personal Information” or “Limit the Use of My Sensitive Personal Information” links. If this ever changes, we will update this policy and provide those links and controls.

For California disclosure, in the prior 12 months we have collected the following CCPA/CPRA categories and disclosed them for business purposes to the service providers, contractors, and third parties listed in Section 8:

CCPA/CPRA categoryCollected?Examples
IdentifiersYesEmail, internal user ID, app-generated random device ID, volunteer join code
Personal records (Cal. Civ. Code 1798.80(e))YesAccount login credentials
Commercial informationYesScanned book records, inventory, book payout amounts, pricing, sticker prices
Internet/network activityYesDiagnostic logs, error breadcrumbs, API timings
Audio/visual informationLimitedCamera used for on-device barcode/QR decode (not stored/transmitted); optional cover photo sent only if you use that feature
Professional/employment-related informationLimitedYour role (organizer, scout, volunteer) within a sale
GeolocationNoWe do not collect device location
Biometric, health, racial/ethnic, religious, sexual, or other special dataNoNot collected
Sensitive personal information (CPRA)Yes (limited)Account log-in credentials (used only to provide the Services; not used to infer characteristics)

Sources of this information are listed in Section 7, and the business/commercial purposes are listed in Section 5.

10. International data transfers

We are based in British Columbia, Canada, and our providers may process data in the United States and other countries. Where we transfer personal information out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (and the UK Addendum where relevant), or another lawful transfer mechanism. You may contact us at [email protected] for more information about these safeguards.

11. Cookies, tracking, analytics, and SDKs

The App is not an advertising-supported product and contains no third-party analytics, crash-reporting, advertising, attribution, or tracking SDKs, and it uses no IDFA or GAID.

The only diagnostic logging is our own, written to our own backend database (see Section 3.4). The only device identifier is a random string we generate to correlate those diagnostic logs; it is not a hardware or advertising identifier. The on-device barcode scanner runs entirely on your device and has no network of its own. The App does not use web cookies. We do not engage in cross-site or cross-app tracking, and we honor recognized opt-out preference signals such as Global Privacy Control (GPC) where they apply.

12. Data retention

We keep personal information only as long as needed for the purposes described, then delete or anonymize it. Indicative periods and criteria:

DataRetention
Account profile (organizer/scout)For the life of the account; deleted on request or within a reasonable period after account closure
Session tokens on the deviceShort-lived (about one hour) and refreshed; wiped on sign-out
Volunteer session metadata on the deviceUntil you sign out or leave the sale
Scan, sorting, inventory, and pricing recordsRetained for organizer reporting and our business and accounting needs for as long as the relevant sale/inventory is active, then deleted or anonymized in line with our retention schedule and legal obligations
Diagnostic logsShort-term operational use only, then routinely purged
On-device reference databases and offline queueCached on the device only; wiped when you sign out
Cover photo (Identify Book)Transient; the image is used for a single lookup and is not stored in a durable image store by us
Government ID copy (scout onboarding / equipment security)Physical copy held securely offline, never in our apps or databases (which record only the fact and date of collection); kept while you are in the scout program and for up to six months after you leave it (longer only while a dispute or claim is open), then destroyed
Amazon marketplace customer PII (e.g. buyer name/shipping address)Used only to fulfil and ship orders and to calculate/remit taxes, and deleted within 30 days of shipment, except where we are legally required to retain records, in which case they are held as encrypted, access-controlled archival backups as permitted by the Amazon Data Protection Policy
eBay member personal informationDeleted promptly when required by our retention policy, when requested by the member or by eBay, when no longer needed for the purpose collected, or when our participation in the eBay program ends

13. Your privacy rights

GDPR (EEA / UK / Switzerland)

You have the right to: access your data; rectify inaccurate data; erase data (“right to be forgotten”); restrict processing; data portability; object to processing based on legitimate interests; and withdraw consent at any time where we rely on consent (for example camera use). You also have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you (see Section 14).

CCPA / CPRA (California)

You have the right to: know/access the personal information we collect, use, and disclose; delete your personal information; correct inaccurate personal information; opt out of the sale or sharing of your personal information; and limit the use of sensitive personal information. As stated in Section 9, we do not sell or share your personal information and do not use sensitive personal information beyond providing the Services, so there is nothing to opt out of or limit, but you may still exercise your know, access, delete, and correct rights. We will not discriminate against you for exercising any of these rights.

14. Automated decision-making and profiling

The App uses automated logic to identify, classify, and price books (for example matching a barcode to catalog data, suggesting a shelf, and computing book payout amounts and book pricing). This profiling is about books and inventory, not about you as a person, and it does not produce legal effects or similarly significant effects concerning you. A human (you, the organizer, scout, or volunteer) remains in control of accepting, overriding, or rejecting each suggestion. We do not use automated decision-making to make significant decisions about individuals.

15. How to exercise your rights

To make a request, contact us at [email protected] or write to Office 8, 12160 103A Avenue, Surrey, BC V3V 3G7, Canada.

  • Verification. To protect your data, we will take reasonable steps to verify your identity before acting on a request, usually by confirming control of the account email or sign-in.
  • Authorized agents. You may use an authorized agent to submit a request on your behalf; we may ask for proof of authorization and to verify your identity.
  • Timing. We respond within the timeframes required by law (generally one month under GDPR, extendable for complex requests, and 45 days under CCPA/CPRA, extendable to 90 days where permitted).
  • Cost. Requests are free in most cases. We may charge a reasonable fee or decline a request that is manifestly unfounded or excessive, as the law allows.
  • Opt-out signals. We honor recognized browser/device opt-out preference signals such as Global Privacy Control where applicable.

16. Account and data deletion

You can request deletion of your account and associated personal information at any time:

We will delete or anonymize your personal information except where we are legally required or permitted to retain it (for example tax and accounting records, or fraud-prevention and legal-defense needs), in which case we retain only the minimum necessary and protect it appropriately.

17. Security

We protect personal information with technical and organizational measures, including encryption in transit (HTTPS/TLS) for all App and sync traffic, encryption at rest on our managed backend platforms, least-privilege access controls, and logging and monitoring. Sensitive credentials on the device are held in the operating system’s secure storage, and session tokens are short-lived. Where we handle Amazon marketplace customer PII, it is encrypted at rest using AES-128 or RSA-2048 (or stronger) and encrypted in transit, consistent with the Amazon Data Protection Policy. No system can be guaranteed perfectly secure, but we work to protect your information and will notify you and the relevant authorities of a personal-data breach where the law requires.

18. Children and young volunteers

Organizer and scout accounts are for adults, and the App is a business tool that is not directed at children. Children never need an account: volunteers sign in with an organizer-issued join code (typed or scanned as a QR code), with no name, email, phone, or password.

Volunteer mode is deliberately designed so that young volunteers at a book sale can scan books while giving us only minimal information. For a volunteer session we store only the join-code link, an optional display label the organizer chooses (often a first name or nickname, used to track who scanned what; it carries no age or contact information), the sale event, join and leave times, and the scan events themselves. Where a display label identifies a person, we treat it as personal information under this policy. Volunteer arrangements, supervision, and any parental permissions are the responsibility of the organizer running the sale, not Bookfox.

If a display label or anything else identifies a child and you would like it removed, contact us at [email protected] and we will delete it.

19. Third-party platform and marketplace notes

  • Apple App Store and Google Play. Your use of the App is also subject to Apple’s and Google’s own terms and privacy practices. The privacy disclosures we provide to Apple (the App Privacy “nutrition label”) and to Google (the Data Safety form) are consistent with this policy and with the App’s actual behavior.
  • Amazon. Where we sell on Amazon, we comply with the Amazon Acceptable Use Policy and Data Protection Policy, including using Amazon customer PII only to fulfil orders and calculate/remit taxes, deleting it within 30 days of shipment (except legally required encrypted archives), applying least-privilege access, and meeting Amazon’s encryption requirements. We do not process Amazon data in ways its policies do not permit.
  • eBay. Where we sell on eBay, our practices are consistent with the eBay Privacy Notice and eBay’s API License Agreement. We never collect, store, or share any eBay user’s user ID or password, we delete eBay member personal information on request or when no longer needed, and we do not process personal information in a way eBay itself could not.

20. Complaints

If you have a concern about how we handle your personal information, please contact us first at [email protected] so we can try to resolve it. You also have the right to lodge a complaint:

  • Canada: with the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia.
  • EEA/UK: with your local data protection supervisory authority.
  • California: with the California Privacy Protection Agency or the California Attorney General.

21. Changes to this policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date above and, where changes are significant, provide a more prominent notice. Your continued use of the Services after an update means you accept the revised policy.

22. Contact us

Bookfox Inc. (trading as Bookfox)
Office 8, 12160 103A Avenue, Surrey, BC V3V 3G7, Canada
Email: [email protected]