Privacy Policy

1. Introduction

This Privacy Policy ("Policy") explains how FicNook ("FicNook," "we," "us," or "our"), the operator of the FicNook website, applications, and related services (collectively, the "Platform"), collects, uses, stores, shares, protects, and otherwise processes your personal information.

FicNook is a platform that allows users to create accounts, read and publish original written fiction and related user-generated content, and interact with other users. We are committed to processing personal information fairly, lawfully, and securely in accordance with the DPA and applicable law.

By accessing or using the Platform, registering an account, or otherwise providing us with personal information, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please do not use the Platform.

This Policy forms part of, and should be read together with, our Terms & Conditions.

2. Who is responsible for your data (Personal Information Controller)

For purposes of the DPA, the Personal Information Controller ("PIC") responsible for your personal information is:

• Entity: FicNook
• Registered address: Bulacan, Philippines
• Email: support@ficnook.com
• NPC registration: Not required at this time based on current processing volume. We will register with the National Privacy Commission if and when registration becomes mandatory.

Data Protection Officer (DPO)

You may contact our Data Protection Officer for any privacy-related concern, request, or complaint:

• Name / Title: Data Protection Officer
• Email: support@ficnook.com
• Postal address: Bulacan, Philippines

3. Scope of this Policy

This Policy applies to personal information we process through the Platform, including our website, mobile or web applications, customer support channels, marketing communications, and any other service that links to this Policy.

This Policy does not apply to third-party websites, services, applications, or platforms that may be linked from or integrated with the Platform but are operated by others (for example, social networks or external sites referenced in user content). Those third parties have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third parties.

4. Information we collect

We collect the following categories of personal information. The specific data collected depends on how you use the Platform.

4.1 Information you provide directly

• Account registration data: username, display name, email address, password (stored in hashed form), and date of birth or age confirmation.
• Profile data: profile picture/avatar, biography, pronouns, links, and other optional details you choose to add.
• User-generated content: stories, chapters, comments, reviews, ratings, messages, tags, collections, forum or community posts, and any other content you create, upload, or submit ("User Content").
• Communications: information you provide when you contact support, report content, respond to surveys, or otherwise communicate with us.
• Marketing preferences: your subscription status for newsletters and promotional emails.

4.2 Information collected automatically

• Device and technical data: IP address, browser type and version, operating system, device identifiers, language settings, and time zone.
• Usage data: pages and stories viewed, reading activity, search queries, clicks, session duration, referring URLs, and interaction patterns.
• Cookies and similar technologies: as described in Section 9.

4.3 Information from third parties

• Authentication providers: if you register or log in using a third-party service (for example, Google, Apple, or Facebook), we receive basic profile information permitted by that service and your settings.
• Analytics partners: aggregated or pseudonymized insights about Platform usage.

4.4 Sensitive personal information

We do not require you to provide "sensitive personal information" as defined under the DPA (such as data about race, ethnicity, health, religion, political affiliation, or government-issued identifiers). Please do not submit such information unless strictly necessary. If you voluntarily include sensitive personal information in your profile or User Content, you do so at your own initiative and consent to its processing as part of that content.

4.5 Children and minors

The Platform is intended for users who are at least 14 years old. Users who are 14 to 17 (or otherwise below the age of majority in their jurisdiction) represent that they have the consent of a parent or guardian to use the Platform. We do not knowingly collect personal information from children below the applicable minimum age without verifiable parental or guardian consent. If you believe a minor has provided us personal information without proper consent, contact our DPO and we will take reasonable steps to delete it. Because FicNook may host mature or adult-themed fiction, content controls and age-gating may apply to certain material as described in our Terms & Conditions.

5. How we use your information

We process personal information for the following purposes and on the lawful bases indicated under the DPA (consent, contractual necessity, legal obligation, legitimate interests, or other criteria for lawful processing):

• To provide and operate the Platform — creating and managing your account, displaying and storing your User Content, and enabling core features. (Basis: performance of our contract with you.)
• To personalize your experience — recommending stories, remembering preferences, and curating content. (Basis: legitimate interests; consent where required.)
• To communicate with you — sending service and transactional messages, security alerts, and responses to your requests. (Basis: contractual necessity; legitimate interests.)
• To send marketing — newsletters, promotions, and feature announcements, where you have not opted out or where you have consented. You may unsubscribe at any time. (Basis: consent; legitimate interests.)
• To maintain safety, security, and integrity — detecting, preventing, and investigating fraud, abuse, spam, violations of our Terms, and security incidents. (Basis: legitimate interests; legal obligation.)
• To moderate content — reviewing reported or flagged content and enforcing our content policies. (Basis: legitimate interests; legal obligation.)
• To analyze and improve — understanding usage trends, debugging, and developing new features, typically using aggregated or pseudonymized data. (Basis: legitimate interests.)
• To comply with law — responding to lawful requests, court orders, regulatory obligations, tax and accounting requirements, and to establish, exercise, or defend legal claims. (Basis: legal obligation; legitimate interests.)

We may process personal information for a purpose compatible with those listed above. If we intend to process your information for a materially different and incompatible purpose, we will provide notice and obtain consent where required by law.

6. Legal bases and your consent

Where we rely on your consent (for example, certain marketing or optional cookies), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal. Withdrawing consent may limit your ability to use certain features.

Where we rely on legitimate interests, we balance our interests against your rights and freedoms, and we will not process your information where those interests are overridden by your interests or fundamental rights.

7. How we share and disclose information

We do not sell your personal information. We share personal information only as described below:

• Service providers and processors (Personal Information Processors): companies that perform services on our behalf, such as cloud hosting, analytics, customer support tools, and content moderation services. We use a third-party email provider (Resend) to deliver transactional and account emails, which is contractually bound to protect your information. These providers are contractually bound to process personal information only on our instructions and to protect it.
• Other users: information you choose to make public — such as your username, profile, published stories, comments, and public activity — is visible to other users and the general public. Use privacy settings carefully.
• Business transfers: in connection with a merger, acquisition, reorganization, financing, sale of assets, or insolvency, personal information may be transferred to a successor or acquirer, subject to this Policy or a successor policy.
• Legal and protective disclosures: we may disclose information when we believe in good faith that disclosure is necessary to comply with law, a subpoena, court order, or lawful request from a public authority; to enforce our Terms; to protect the rights, property, or safety of FicNook, our users, or the public; or to detect, prevent, or address fraud, security, or technical issues.
• With your direction or consent: where you instruct us to share, or otherwise consent.

When we engage Personal Information Processors, we remain accountable as the PIC and use contractual and organizational measures to ensure compliance with the DPA.

8. International and cross-border data transfers

Our service providers and infrastructure may be located outside the Philippines (for example, our hosting is located in Singapore, and certain service providers process data in various jurisdictions). Where personal information is transferred across borders, we take reasonable steps to ensure it receives a level of protection consistent with the DPA, including appropriate contractual safeguards. By using the Platform, you acknowledge that your information may be processed in countries other than your own.

9. Cookies and similar technologies

We use cookies, pixels, local storage, and similar technologies to operate the Platform, remember your preferences, keep you logged in, measure performance, and understand usage.

• Strictly necessary cookies are required for core functionality (such as authentication and security) and cannot be disabled.
• Functional cookies remember your settings and preferences.
• Analytics cookies help us understand how the Platform is used.
• Marketing cookies may be used to deliver or measure promotional content, where applicable.

You can manage cookies through your browser settings and, where provided, through our cookie-preference controls. Disabling certain cookies may affect functionality. Where required by law, we will request your consent before placing non-essential cookies.

10. Data retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, including to provide the Platform, comply with legal, tax, and accounting obligations, resolve disputes, and enforce our agreements.

• Account data is retained while your account is active and for a reasonable period afterward.
• User Content may remain on the Platform after account deletion where it has been shared publicly, interacted with by others, or where retention is necessary for legal or operational reasons; see our Terms & Conditions regarding content licensing and removal.
• Backups and logs may persist for a limited additional period as part of routine system operation.

When personal information is no longer needed, we will securely delete, anonymize, or de-identify it.

11. How we protect your information

We implement reasonable and appropriate organizational, physical, and technical security measures designed to protect personal information against accidental or unlawful destruction, alteration, disclosure, or access, consistent with the DPA and NPC issuances. These include access controls, encryption in transit, hashing of passwords, and internal policies governing data handling.

However, no method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security, and you provide your information at your own risk. You are responsible for keeping your account credentials confidential and for all activity under your account.

Data breach notification

In the event of a personal data breach that meets the notification thresholds under the DPA and NPC rules, we will notify the National Privacy Commission and affected data subjects within the timeframes and in the manner required by law.

12. Your rights as a data subject

Subject to the DPA and applicable limitations, you have the right to:

• Be informed whether your personal information is being processed, and to receive information about that processing.
• Access the personal information we hold about you.
• Object to processing, including processing for direct marketing, automated profiling, or where based on consent or legitimate interests.
• Rectify inaccurate or incomplete personal information.
• Erase or block the processing of your personal information where permitted by law.
• Data portability — to obtain and reuse certain personal information you provided, in a structured, commonly used, electronic format.
• Lodge a complaint with us and with the National Privacy Commission.
• Damages — to be indemnified for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal information, as provided by the DPA.

To exercise any of these rights, contact our DPO using the details in Section 2. We may need to verify your identity before acting on a request. We will respond within a reasonable period and within any timeframe required by law. Some rights are subject to legal exceptions — for example, we may retain information needed to comply with law, prevent fraud, or defend legal claims.

If you are unsatisfied with our response, you may escalate to the National Privacy Commission (https://privacy.gov.ph).

13. Marketing communications

If you opt in to or are otherwise subscribed to marketing communications, you may unsubscribe at any time using the link in our emails or by contacting us. We will continue to send you essential service and transactional messages (such as security and account notices) even if you opt out of marketing.

14. Third-party links and content

The Platform may contain links to third-party sites, embedded media, or references within User Content. We are not responsible for the privacy practices or content of those third parties. Your interactions with third-party services are governed by their own policies.

15. Automated decision-making and profiling

We may use automated systems to recommend content, personalize your experience, detect abuse, and filter spam. These processes do not produce legal effects on you of a similarly significant nature without appropriate safeguards. You may contact our DPO to object to or request human review of decisions where required by law.

16. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date and, where appropriate, provide additional notice (for example, by email or an in-Platform notice). Your continued use of the Platform after changes take effect constitutes acceptance of the updated Policy, to the extent permitted by law.

17. Contact us

For questions, requests, or complaints regarding this Policy or your personal information, contact:

• Data Protection Officer: Data Protection Officer
• Email: support@ficnook.com
• Address: Bulacan, Philippines

You may also contact the National Privacy Commission at https://privacy.gov.ph.