Last Updated: April 22, 2026
sagabox values your privacy. This document explains what information we collect as you use our reading platform, how we use it, how we keep it safe, and what rights you have over your data. If you have questions, reach out to us anytime.
About Us and Our Service
sagabox Inc (we, our, us) is a Delaware-based company that operates a subscription reading platform. Our service includes everything from the books in our library to your reading experience across devices. When we say "you" or "your," we mean anyone using sagabox.
What We Mean by Data and Privacy Concepts
When this policy mentions "personal data," we're talking about any information that could identify you—your email, reading habits, payment details, and more. "Processing" means any action we take with that data. We act as the controller—the organization deciding why and how we use your information. We also work with processors—third parties who handle data on our behalf. We use cookies (small files on your device) to understand how you interact with sagabox.
Security-Related Terms
We protect your account through authentication (proving you're you), encryption (scrambling data so only authorized people can read it), tokens (unique codes for secure access), and protocols like SSL/TLS (industry-standard encryption for data traveling between your device and our servers).
The Scope of This Document
This policy applies to everyone who uses sagabox—globally, across all devices, through all features. It covers everything we collect, how we use it, and your rights regarding your information.
When We Update This Policy
We may update these terms as our service, technology, or legal requirements change. If we make significant changes, we'll email you. If you keep using sagabox after we post updates, you're agreeing to the new version.
Your Account and Authentication
To create an account, we need your email (so we can send you updates and verify it's really you) and your name (for payment processing). We also record when you last signed in, create a unique ID for your account, and log your IP address for security.
You can optionally share your phone number (usually through payment), set reading preferences, and tell us how you'd like us to contact you.
How You Read and What You Engage With
We track which books you read, where you left off (your bookmarks and progress), which chapters you've accessed, how long you spend reading, and what kinds of stories you prefer. We also see which features you use, how much time you spend on sagabox, how you navigate the app, and what device you're using.
Payment Information
We never store your complete card details or security codes. We only keep tokenized identifiers (secure references to your payment method), the last four digits of your card, the first six digits, and the expiration date. PCI DSS-compliant payment processors handle the rest.
Technical and Device Details
We collect information about your device: its operating system, your browser, screen resolution, device type, and language settings. We also track your IP address, what type of internet connection you have, and your general location (derived from IP) and time zone. To optimize our service, we monitor load times, errors, performance metrics, and how quickly the app responds to you.
What We Need Your Data For
Your information helps us deliver sagabox to you. We use it to set up and manage your account, verify your identity, unlock features, support you when you need help, and keep the platform running smoothly.
Payment data is used to process your subscription, authorize charges, catch fraud, keep transaction records, and handle billing questions.
We use your contact information to send you updates about the service, alert you to security issues, tell you about products and features, respond when you ask for support, and deliver important legal notices.
Making sagabox Better
We analyze how people read to spot patterns, optimize features, track performance, improve your experience, and fix bugs. We also look at aggregated data (information combined across many users) to spot trends, understand what's working, plan new features, and benchmark our performance.
Legal Permission to Process Your Data
We have several reasons we're allowed to use your data:
Where Your Data Lives
Your information is stored in secure data centers with enterprise-grade protections. Data traveling between your device and our servers is encrypted. We use appropriate safeguards when data moves internationally. We continuously monitor and maintain security.
How We Keep Your Data Safe
Account Protection:
Data Encryption:
System and Payment Security:
Backups and Recovery:
Our Organization:
Continuous Monitoring:
If There's a Data Breach
A breach means unauthorized access to your data, accidental loss or deletion, unauthorized sharing, or any incident that compromises confidentiality, integrity, or availability.
If we discover a potential breach, we'll immediately activate our incident response plan, assess what happened, contain the problem, document everything, and evaluate the risk to you.
We'll notify you within 72 hours of confirming a breach. Our notification will explain what happened, what data was affected, potential impact, what we've done to fix it, what you should do, how to contact us, and where to find support.
If legally required, we'll notify authorities, comply with jurisdiction-specific requirements, provide documentation, cooperate with investigations, and implement remedial measures.
After any breach, we'll investigate thoroughly, implement additional security measures, update our procedures, keep you informed, and review and enhance our security.
Tools We Use to Understand Our Platform
Google Tag Manager helps us organize our analytics and marketing tags. Google Analytics shows us how people use sagabox. MixPanel tracks user interactions and feature usage. Google BigQuery supports large-scale analysis. Sentry monitors errors and performance. Cloudflare provides analytics and security insights.
Through Sentry, we record sessions with automatic masking of your inputs, no PII collection, exclusion of data entry fields, anonymized interactions, and limited use for bug investigation and optimization only.
These services may see usage patterns, feature interactions, performance metrics, errors, anonymized flows, and aggregate stats.
Who Advertises to You and How
We may work with Facebook, Google, Snapchat, TikTok, Taboola, Outbrain, AppLovin, and Pinterest to show you relevant ads.
These partners may receive anonymous identifiers, your email (for ad targeting), usage data, device information, and interaction metrics.
They use this to track interactions, measure ad performance, target ads better, create similar audiences, and report on campaign results.
You can opt out through platform settings, browser controls, industry tools, and your account privacy settings.
Other Service Providers
We work with partners for payments (Stripe, PayPal), email (SendGrid, Mailchimp), hosting (AWS, Google Cloud), delivery (Cloudflare), and support. We only share the minimum data they need, they're bound by confidentiality, we vet them thoroughly, and we audit regularly.
Rights Everyone Has
All sagabox users can:
Additional Rights by Region
EU and UK (GDPR): You have the right to know what we collect, access your data, correct inaccurate information, request deletion, restrict processing, get your data in a portable format, object to processing, and control automated decision-making.
California (CCPA/CPRA): California residents can know what we collect, know who we share it with, request deletion, request correction, opt out of sales, expect non-discrimination for exercising rights, and receive data in a usable format.
Australia (Privacy Act): Australian residents can know about collection, access data, request corrections, understand our purpose, expect limitations on use, and see disclosure details.
Canada (PIPEDA): Canadian residents can access information, request corrections, withdraw consent, understand how we use data, and expect protection.
How to Ask for Your Rights
Submit any privacy request through our contact channels (see Section 12).
We'll verify your identity through email verification, account authentication if applicable, and identity documentation for sensitive requests. For very sensitive requests or authorized agents, we may ask for government ID, proof of authority, or additional security checks.
We'll acknowledge your request within 72 hours. We'll provide a full response within 30 days, or 45 days if we need an extension (we'll notify you). California residents get acknowledgment within 10 days. Appeals take 30 days.
We'll deliver your data in CSV or JSON format, with a complete inventory, via encrypted transmission.
If you're unhappy with our response, appeal within 30 days. Tell us why and provide any additional info. You'll get a decision within 30 days.
While You're Reading with Us
While your account is active, we keep your data. After you close your account, we hold onto what we legally must for 90 days.
Specific types:
Accounts inactive for 365 days are automatically deleted. We'll notify you first, and you can prevent deletion by logging in.
Requesting We Delete Your Data
You can request deletion through your account settings, email to [email protected], or our help center. Include your account email, optional reason, and identity confirmation.
We'll verify who you are, process the request within 30 days, confirm when we're done, and only keep what law requires.
We may keep certain data to comply with law, resolve disputes, prevent fraud, complete transactions, or in backups (deleted within 90 days).
International Data Transfers
Your data may be processed in countries beyond your own. We ensure appropriate protections through standard contractual clauses, adequacy decisions, binding corporate rules, and your explicit consent where required.
Jurisdiction and Governance
sagabox Inc operates under Delaware law, United States. We comply with data protection laws wherever we operate. If there's a conflict, we use the most protective standard.
We implement appropriate technical and organizational safeguards for international transfers. We audit regularly. We work only with processors offering adequate protection.
Age Requirements
sagabox is for users 18 and older. We don't knowingly collect data from anyone under 18. If you're under 18, don't use our service.
If We Discover a Child
If we learn we've collected data from someone under 18, we'll delete it immediately. If you believe we have, contact [email protected] right away.
How We Change These Terms
We may update this policy as practices, technology, legal requirements, or circumstances change.
How We Tell You
For significant changes, we'll email you, post notice on our website, and show in-app notifications. The "Last Updated" date at the top always shows the most recent version.
Using sagabox after changes means you accept the new policy. If you don't agree, stop using the service and contact us to delete your account.
Who's Responsible for Your Data
sagabox Inc is the data controller for your information.
How to Reach Us
General Privacy Questions: Email: [email protected]
Data Subject Requests (Access, Deletion, Portability): Email: [email protected] Subject: "Data Subject Request"
Mailing Address: sagabox Inc 2093 Philadelphia Pike #3923 Claymont, DE 19703, USA
Complaints and Oversight
If you're in the European Economic Area, you can file a complaint with your local data protection authority if you believe we've violated data protection laws.
EU Users: Find your authority at https://edpb.europa.eu/about-edpb/board/members_en
UK Users: Information Commissioner's Office (ICO) https://ico.org.uk
Related Documents
By using sagabox, you acknowledge you've read and understood this Privacy Policy and agree to its terms.
Last Updated: April 22, 2026