Our Privacy Promise to You
Aetheria Publishing is committed to protecting the privacy of every author, reader, and visitor who interacts with our platform. We collect only what is necessary, store it securely, never sell it to third parties, and give you full control to access, edit, or delete your information at any time.
This policy applies to all services operated by Aetheria Publishing — including our website (aetheria.pub), our publishing platform, and any communications we send.
Overview & Scope
Who we are and what this policy coversAetheria Publishing ("we", "us", "our") operates the literary publishing platform at aetheria.pub. Our registered office is at 4th Floor, Literary House, Beach Road, Visakhapatnam, Andhra Pradesh – 530001, India.
This Privacy Policy governs all personal data processed through our website, mobile applications, and services. By using Aetheria's platform, you agree to the collection and use of information in accordance with this policy.
This policy was written in plain language — not legalese — so that every author and reader can understand exactly how their data is handled. If anything is unclear, please reach out to us.
Who Is the Data Controller?
For the purposes of the General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act 2023 (DPDP Act), and other applicable privacy laws, Aetheria Publishing is the data controller. Our Data Protection Officer can be contacted at privacy@aetheria.pub.
Data We Collect
What information we gather and howInformation You Provide Directly
- Account registration: Name, email address, username, and password (stored hashed).
- Author profile: Biography, photo, social links, preferred genres, and publishing history.
- Manuscript submissions: Book files, titles, descriptions, cover images, and ISBNs.
- Contact forms: Messages, enquiry type, phone number, and country you voluntarily submit.
- Newsletter: Email address and reading preferences if you subscribe.
- Payment information: For authors opting into royalty programmes — we use Razorpay and Stripe; we do not store raw card numbers.
Information Collected Automatically
| Data Type | Examples | Legal Basis |
|---|---|---|
| Usage data | Pages visited, time on site, clicks, scrolls | Legitimate interest |
| Device & browser | IP address, browser type, OS, screen resolution | Legitimate interest |
| Reading data | Books opened, reading progress, bookmarks | Consent |
| Search queries | Terms entered in our catalog search | Legitimate interest |
| Error logs | Crash reports, failed requests | Legitimate interest |
| Cookies | Session ID, preferences, analytics | Consent |
Information from Third Parties
If you register or sign in using Google, Apple, or Facebook OAuth, we receive your name, email, and profile picture from that provider. We do not receive your passwords from these services.
Minimum collection principle: We collect only the data necessary for each specific purpose. We do not build profiles beyond what is needed to provide and improve our service.
How We Use Your Data
Purposes and legal bases for processingWe use your information for the following purposes, each supported by a specific legal basis under GDPR and the DPDP Act 2023:
| Purpose | Legal Basis |
|---|---|
| Creating and managing your account | Contract performance |
| Publishing your book on our platform | Contract performance |
| Personalising book recommendations | Consent |
| Sending transactional emails (receipts, alerts) | Contract performance |
| Sending newsletters & author updates | Consent |
| Platform security & fraud prevention | Legitimate interest |
| Analytics & service improvement | Legitimate interest |
| Legal compliance & dispute resolution | Legal obligation |
| Processing royalty payments | Contract performance |
We never use your data for: Selling to third-party advertisers, profiling for non-service purposes, automated decision-making that produces legal effects, or political targeting.
Cookies & Tracking
What cookies we set and how to control themCookies are small text files stored on your device. We use them to keep you logged in, remember preferences, and understand how our platform is used.
| Cookie Type | Purpose | Duration | Opt-out? |
|---|---|---|---|
| Essential | Session management, security tokens, CSRF protection | Session / 30 days | No — required |
| Functional | Theme preference, reading font size, language | 1 year | Yes |
| Analytics | Page views, session duration (Plausible — privacy-first) | 1 year | Yes |
| Performance | Detecting errors, load times | 30 days | Yes |
We use Plausible Analytics — a privacy-first analytics tool that does not use cookies by default, does not collect personal data, and does not track users across sites. We do not use Google Analytics.
Managing Cookies
You can manage cookie preferences via our cookie consent banner, your browser settings, or by emailing privacy@aetheria.pub. Disabling essential cookies will affect platform functionality.
Data Sharing & Disclosure
Who can see your data and whenCore promise: We do not sell, rent, or trade your personal data to any third party for marketing, advertising, or commercial purposes. Ever.
Service Providers (Data Processors)
We share data with trusted vendors who process it strictly on our behalf under Data Processing Agreements:
- Cloud hosting: AWS (Mumbai region) — servers, storage, CDN
- Email delivery: Mailgun — transactional emails only
- Payment processing: Razorpay & Stripe — royalty disbursements
- Error monitoring: Sentry — anonymised crash reports
- Analytics: Plausible — aggregate, cookie-free analytics
Legal Disclosure
We may disclose your data if required by law, court order, or government authority — for example under India's IT Act 2000 or DPDP Act 2023. We will notify you of such requests where legally permitted to do so.
Business Transfers
In the event of a merger, acquisition, or asset sale, your data may transfer to the successor entity. We will notify you via email and update this policy before any such transfer occurs.
Data Retention
How long we keep your informationWe retain personal data only for as long as necessary to fulfil the purposes described in this policy, comply with legal obligations, or resolve disputes.
| Data Category | Retention Period | Reason |
|---|---|---|
| Active account data | Duration of account + 30 days after deletion request | Service delivery |
| Published books & author profiles | Until author requests takedown | Platform integrity |
| Payment & financial records | 7 years | Tax & legal obligation |
| Contact form submissions | 2 years | Support history |
| Server logs & IP addresses | 90 days | Security monitoring |
| Analytics data (aggregate) | 3 years | Service improvement |
| Newsletter subscriber data | Until unsubscribe + 30 days | Consent-based |
| Deleted account backups | 30 days in backup only | Recovery window |
After retention periods expire, data is permanently deleted or irreversibly anonymised. We conduct quarterly data audits to ensure compliance.
Your Privacy Rights
What you can request and how to exercise your rightsYou have significant rights over your personal data. We honour all valid requests within 30 days at no charge.
Right of Access
Request a copy of all personal data we hold about you.
Right to Rectification
Correct inaccurate or incomplete personal data at any time.
Right to Erasure
Request deletion of your data ("right to be forgotten").
Right to Restriction
Limit how we process your data while a dispute is resolved.
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interest at any time.
Automated Decision Rights
We do not use automated decision-making with legal effect.
Right to Withdraw Consent
Withdraw consent at any time without affecting prior processing.
To exercise any of these rights, email privacy@aetheria.pub with "Privacy Request" in the subject line. We may verify your identity before processing. You also have the right to lodge a complaint with India's Data Protection Board.
Children's Privacy
Our approach to protecting younger readersAetheria Publishing's platform is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent.
Users between 13 and 18 years of age may use the platform with the knowledge and consent of a parent or guardian. We encourage parents to monitor their children's online activities and to contact us if they believe their child has provided personal data without consent.
If we become aware that we have collected personal data from a child under 13 without appropriate consent, we will delete it promptly. To report such a concern, contact us at privacy@aetheria.pub.
Security Measures
How we protect your data from unauthorised accessWe implement industry-standard technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration, and disclosure.
- Encryption in transit: All data transmitted between your browser and our servers is protected by TLS 1.3.
- Encryption at rest: All databases and storage buckets are encrypted using AES-256.
- Password security: Passwords are hashed using bcrypt with a minimum cost factor of 12. We never store plain-text passwords.
- Access controls: Staff access to production systems follows the principle of least privilege with mandatory MFA.
- Regular audits: We conduct annual penetration testing and quarterly security reviews.
- Incident response: We have a documented incident response plan. We will notify affected users and relevant authorities within 72 hours of discovering a reportable breach.
- Secure development: All code changes go through security review before deployment to production.
Despite our best efforts, no method of data transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to security@aetheria.pub.
International Data Transfers
How we handle cross-border data flowsOur primary infrastructure is hosted in AWS Mumbai (ap-south-1). However, some of our service providers (such as Mailgun and Stripe) may process data outside India.
When transferring data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all third-party processors
- Adequacy decisions where applicable
- Compliance with the DPDP Act 2023's cross-border transfer provisions
You may request details of any international transfers and the safeguards in place by contacting our Privacy Team.
Policy Changes & Notifications
How we inform you of updatesWe may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will always update the "Last Updated" date at the top of this page.
How We Notify You
- Material changes: We will email registered users at least 30 days before material changes take effect.
- Minor changes: We will post an update notice on our website for 30 days.
- Consent: Where changes require fresh consent, we will present a new consent request before you can continue using affected features.
Your continued use of Aetheria after the effective date of any changes constitutes acceptance of the updated policy. If you do not agree to the changes, you may delete your account before they take effect.
We maintain an archive of previous versions of this policy. You may request any previous version by emailing privacy@aetheria.pub.
Contact Our Privacy Team
Questions, requests, and complaintsIf you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please don't hesitate to get in touch.
Privacy Team
Security Issues
Postal Address
4th Floor, Literary House, Beach Road, Visakhapatnam – 530001, India
Contact Form
We aim to respond to all privacy-related enquiries within 5 business days and to complete formal data subject requests within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with India's Data Protection Board or your local supervisory authority.