Privacy Policy

Last updated: March 12, 2026

Bookworm ("we", "us", or "our") operates a social book gifting service accessible via Twitter/X (@bookwormx402). This Privacy Policy explains how we collect, use, store, and protect information when you use our service.

1. What Information We Collect

We collect only the minimum information necessary to fulfill book gifts:

Twitter/X handles of the sender and recipient, sourced from public mentions of our bot.
Amazon product URLs for the book being gifted, provided in the tweet command.
Recipient email address, collected via a Stripe-hosted checkout page for the purpose of delivering the Kindle or Audible gift to the correct Amazon account.
Order reference IDs (derived from Stripe session identifiers) used to track fulfillment status.

We do not collect payment card information. All payment processing is handled by Stripe, Inc. under their own privacy policy and PCI DSS compliance.

2. How We Use Your Information

Information collected is used solely for the following purposes:

Fulfilling the book gift order by purchasing and delivering it to the recipient's Amazon account.
Sending confirmation notifications to the sender and recipient via Twitter/X Direct Message.
Tracking order status and preventing duplicate transactions.

We do not use your information for marketing, analytics, profiling, or any purpose beyond order fulfillment.

3. How We Store Your Information

Recipient email addresses are collected and stored exclusively within Stripe's PCI DSS-compliant infrastructure. They are not stored on our internal systems beyond the immediate transaction window.

Internal operational data (order reference IDs, Twitter handles, Amazon URLs) is stored on encrypted infrastructure (AES-256 disk encryption) and is purged within 30 days of order completion.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties, except as required to fulfill your order:

Stripe, Inc. — payment processing and email collection. Stripe Privacy Policy →
Amazon.com, Inc. — book delivery to the recipient's Amazon account using the email address provided.

No other third parties receive your data.

5. Data Retention

Order reference data is retained for no more than 30 days following order fulfillment. Recipient email addresses are managed and retained by Stripe per their data retention policies. You may contact Stripe directly to request deletion of your data from their systems.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you.
Request correction or deletion of your data.
Object to or restrict processing of your data.
Lodge a complaint with a relevant data protection authority.

To exercise any of these rights, contact us at the address below.

7. Security

We take reasonable technical and organizational measures to protect your information. All data in transit is encrypted via TLS. Data at rest is encrypted using AES-256. Access to systems handling personal data is restricted to authorized personnel only, protected by multi-factor authentication and scoped API credentials.

8. Children's Privacy

Our service is not directed at individuals under the age of 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. Continued use of the service following any changes constitutes your acceptance of the updated policy.

10. Contact

If you have questions, concerns, or requests relating to this Privacy Policy, please contact us:

📧 support@bookworm402.com
🐦 @bookwormx402 on Twitter/X