Privacy Policy

Last updated: February 2026

1. Who We Are

monthlyreads is a book subscription service operated from Dublin, Ireland. When we say "we", "us", or "our", we mean monthlyreads. For any privacy-related queries, contact us at hello@monthlyreads.com.

2. Data We Collect

  • Account information — name, email address, and password when you create an account.
  • Delivery address — the postal address you provide for book deliveries.
  • Payment data — processed securely by Stripe. We do not store your full card details.
  • Reading preferences — genre selections and any preferences you share with us.
  • Cookies & device data — IP address, browser type, and device information collected via cookies (see our Cookie Policy).
  • Communications — messages you send us via our contact form or email.

3. Why We Collect It (Lawful Bases)

  • Contract performance — to fulfil your subscription, process payments, and deliver books.
  • Legitimate interest — to improve our service, prevent fraud, and communicate service updates.
  • Consent — for marketing emails and non-essential cookies. You can withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, and regulatory requirements.

4. Who We Share Data With

  • Stripe — payment processing.
  • Mailgun — transactional and marketing emails.
  • Vercel — website hosting and analytics.

We do not sell your personal data to third parties. Our service providers process data only on our instructions and under appropriate data processing agreements.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. After account deletion, we may retain certain data for up to 7 years to comply with tax and legal obligations. Anonymised analytics data may be kept indefinitely.

6. Your Rights

Under GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct any inaccurate or incomplete data.
  • Erasure — request deletion of your personal data ("right to be forgotten").
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — request limited processing of your data.
  • Objection — object to processing based on legitimate interest or direct marketing.

To exercise any of these rights, email us at hello@monthlyreads.com. We will respond within 30 days.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (HTTPS), secure password hashing, and access controls. However, no method of transmission over the internet is 100% secure.

8. Supervisory Authority

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Data Protection Commission (DPC), Ireland's supervisory authority: www.dataprotection.ie.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice on our website.