Your privacy is a commitment,
not a checkbox.
What this policy covers
This Privacy Policy explains how ManaRox ("we", "our", or "us") collects, uses, stores, and shares information about you when you use our website, mobile applications, and related services (collectively, the "Services").
We believe privacy is a right — not a feature you should have to opt into. This document is written in plain language so you actually understand what we do with your information.
The short version: We collect only what we need to run ManaRox. We don't sell your data. We don't share it with advertisers. You are always in control.
What information we collect
We collect information in three ways: information you give us directly, information collected automatically, and information from third parties.
Information You Provide
When you create an account, subscribe, or contact us, you may provide your name, email address, username, payment details (processed by Stripe — we never store card numbers), and any messages or feedback you submit.
Information Collected Automatically
When you use our Services, we automatically collect your IP address, browser type and version, device identifiers, operating system, pages visited, reading history, time spent on chapters, and referring URLs. This data helps us improve performance and personalise your reading experience.
Information from Third Parties
If you choose to sign in using Google or a social login provider, we receive your name, email address, and profile photo from that provider. We never receive your passwords.
| Data Type | Purpose | Sensitivity |
|---|---|---|
| Email address | Account authentication, service notifications | Medium |
| Reading history | Progress sync, recommendations | Low |
| IP address | Security, fraud prevention, geo-routing | Medium |
| Payment info | Subscription billing (via Stripe) | High |
| Usage analytics | Product improvement, performance | Low |
| Device identifiers | Cross-device sync, security | Low |
Why we use your data
We use the information we collect solely to operate, maintain, and improve ManaRox. Specifically:
- To provide and personalise your reading experience, including saving your bookmarks and reading progress.
- To send service-related notifications such as new chapter alerts, account security emails, and subscription receipts.
- To process payments and manage subscriptions securely through our payment provider.
- To detect and prevent fraud, abuse, and security incidents on our platform.
- To analyse aggregate usage patterns and improve our interface, content catalogue, and recommendations.
- To comply with legal obligations applicable to our business.
We will never use your data to build advertising profiles, sell to data brokers, or make automated decisions that significantly affect you without human oversight.
Who we share data with
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:
- Service Providers: Trusted third-party vendors who help us operate the platform (e.g., Stripe for payments, AWS for hosting, Postmark for email). These parties are bound by contractual data processing agreements.
- Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental authority, or where we believe disclosure is necessary to protect our legal rights or prevent harm.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email and prominent notice before your data becomes subject to a different privacy policy.
- With Your Consent: In any other circumstances, we will ask for your explicit consent before sharing your information.
We do not share data with advertisers, data brokers, or social media platforms for targeting purposes — ever.
How we use cookies
We use cookies and similar tracking technologies to keep you signed in, remember your preferences, and understand how people use ManaRox so we can improve it.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Session management, authentication, security tokens | Session / 30 days |
| Functional | Reading preferences, theme, language settings | 1 year |
| Analytics | Aggregate usage statistics (no cross-site tracking) | 90 days |
We do not use third-party advertising cookies. You can manage or disable non-essential cookies at any time through your browser settings or our cookie preference centre in your account dashboard.
How long we keep your data
We retain your personal data only for as long as necessary to provide the Services or as required by applicable law. Specifically:
- Account data is retained for the duration of your account and deleted within 30 days of account closure.
- Reading history and bookmarks are retained until you delete them or close your account.
- Payment records are retained for 7 years as required by financial regulations.
- Server logs are retained for 90 days for security and performance monitoring.
- Support correspondence is retained for 3 years unless you request earlier deletion.
Rights you always have
Depending on your jurisdiction, you have a range of rights over your personal data. We honour all of the following for every user, regardless of location:
Right to Access
Request a full copy of all personal data we hold about you, delivered within 30 days.
Right to Rectification
Correct any inaccurate or incomplete personal data we hold about you at any time.
Right to Erasure
Request deletion of your personal data. We will erase it within 30 days, subject to legal obligations.
Right to Portability
Download your data in a structured, machine-readable format (JSON or CSV) at any time.
Right to Object
Object to processing of your data for analytics or profiling purposes at any time.
Right to Restriction
Request that we restrict processing of your data while a dispute or review is in progress.
To exercise any of these rights, contact us at privacy@manarox.com or submit a request through our Contact page. We will respond within 30 days.
Our policy on children
ManaRox is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it promptly.
Users between the ages of 13 and 16 in the European Union require parental consent before creating an account. If you believe a child has provided us with information without consent, please contact us immediately at privacy@manarox.com.
How we protect your data
We implement industry-standard security measures to protect your personal information from unauthorised access, disclosure, alteration, or destruction:
- All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
- Passwords are hashed using bcrypt with a minimum cost factor of 12 — we can never see your password.
- Access to production systems is restricted to authorised personnel only, using multi-factor authentication.
- We undergo regular third-party security audits and penetration testing.
- In the event of a data breach, we will notify affected users within 72 hours as required by GDPR.
No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. We encourage you to use a strong, unique password and enable two-factor authentication on your account.
How we handle updates
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Send an email notification to all registered users at least 14 days before changes take effect.
- Display a prominent notice on our platform when you next sign in.
Your continued use of ManaRox after changes become effective constitutes acceptance of the updated policy. If you do not agree with any changes, you may close your account before they take effect.
Get in touch
If you have any questions, concerns, or requests related to this Privacy Policy or the way we handle your data, please reach out. We take all privacy-related enquiries seriously and respond within 48 hours.