Privacy Policy

Magic Audiobook Player

Introduction

Magic Audiobook Player ("we", "our", "the app") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, where it is sent, and how it is protected when you use our mobile application on iOS and Android.

Information We Collect

The app processes the following categories of information:

• Google Account profile — When you sign in with Google to access your audiobook library on Google Drive, we receive your account email, display name, and profile photo URL via Google Sign-In. These are used for authentication and to display your account in the app.
• Google Drive content (audiobook files) — The app reads audio files from a single folder you explicitly designate as your audiobook folder, and reads/writes a hidden app-specific data folder for cross-device sync. The app never accesses any other content in your Drive.
• Playback data — Your listening position, bookmarks, library list, and preferences are stored locally on your device. If you enable cross-device sync, this data is also stored in the hidden app-data folder of your own Google Drive.
• Audio content for AI features (Premium) — When you use Deep Scan or "Story so far" recap features, audio bytes from the audiobook segment you choose, or transcripts derived from those bytes, are sent to our backend service for AI processing. See the "Backend Service and AI Processing" section below.
• Book metadata for AI features (Premium) — Book title, author, chapter titles, current chapter index, and your position in the book are sent to our backend service so it can produce a position-accurate, spoiler-safe recap.
• Purchase receipts — When you subscribe to Premium, your App Store or Google Play receipt is sent to our backend service to verify your subscription. We forward the receipt to Apple's or Google's verification API and cache only a one-way SHA-256 hash of the receipt (not the receipt itself) for short-term server-side caching.
• Crash reports — When the app crashes or encounters an error, Firebase Crashlytics receives a stack trace, device model, OS version, and app version. Crash reports are associated with a non-reversible hashed identifier derived from your Google account so we can correlate multiple reports from the same device, without storing your email.

How We Use Your Information

• To authenticate you with Google Drive and read the audiobook files you have placed in your designated folder
• To save and sync your playback progress across your devices
• To verify your Premium subscription and enforce per-device daily quotas on AI features
• To deliver Premium AI features (audio transcription, recap generation, narrated recaps, character suggestions)
• To diagnose crashes and improve app stability

We do not use your information for advertising, profiling, training third-party machine-learning models, or any purpose unrelated to the features above.

Data Security

We protect your data using the following mechanisms:

• Encryption in transit — All network communication with Google Drive, Google Sign-In, our backend service, and the AI providers listed below uses HTTPS with TLS 1.2 or higher. The app does not accept plaintext HTTP for any data path that touches user content.
• Encryption at rest (cloud) — Audiobook files in your Google Drive, the hidden app-data folder used for sync, and any short-term server-side caches operated by us are encrypted at rest by the underlying provider (Google Drive infrastructure for your files; Cloudflare Workers KV for our caches).
• Encryption at rest (device) — Locally cached audiobook files and playback data are stored in the app's sandboxed storage, protected by the platform's file-based encryption (iOS Data Protection, Android File-Based Encryption) when the device passcode or screen lock is set.
• OAuth credential protection — Google OAuth tokens used to access your Drive are stored by the platform's secure credential store (iOS Keychain on iOS; AccountManager / Credential Manager on Android) via the Google Sign-In SDK. The app does not write tokens to logs, analytics, plain SharedPreferences, or any external server, and does not include them in crash reports.
• API key isolation — All third-party AI provider API keys are stored exclusively as Cloudflare Workers secrets on the server side and are never embedded in the mobile app binary.
• Least-privilege scopes — The app requests only the OAuth scopes required for its advertised functionality: https://www.googleapis.com/auth/drive.readonly (read-only access to the audiobook folder you designate), https://www.googleapis.com/auth/drive.appdata (a hidden app-specific data folder for sync), plus openid, https://www.googleapis.com/auth/userinfo.email, and https://www.googleapis.com/auth/userinfo.profile for sign-in. The app cannot create, modify, or delete any of your regular Drive files, and cannot read any Drive content outside the folder you designate.
• Premium gating and rate limiting — Backend AI endpoints reject requests without a valid App Store / Google Play receipt and rate-limit each device to a daily quota. This bounds the cost and the data footprint of AI processing.
• Access revocation — You can revoke the app's access to your Google account at any time at Google Account Permissions; revocation invalidates all OAuth tokens immediately.

Data Storage

Most of your data stays on your device. Specifically:

• On your device — Audiobook library list, playback positions, bookmarks, and preferences. Audiobook files cached for offline listening.
• In your own Google Drive — The audiobook files you placed there yourself, plus a small JSON document in the hidden app-data folder containing your sync state (last-read positions, bookmarks). The app-data folder is private to the app — other applications cannot read it.
• On our backend (Cloudflare Workers) — We do not store your audio content, transcripts, or playback data on our backend after a request completes. We do store: (a) a one-way SHA-256 hash of your purchase receipt with a 24-hour TTL, used to skip re-verification on repeat requests; (b) per-device daily request counters used for rate-limiting, with a 24-hour TTL; (c) anonymous recap content keyed by a hash of (book title, author, chapter, position-bucket) with a 7-day TTL. The recap cache contains no user identifiers — a cache hit only reveals that some previous user requested a recap of the same book at the same position, not who.

Backend Service and AI Processing

The app's Premium AI features (Deep Scan, "Story so far" recap, audio narration of recaps, character suggestions) are delivered through a Cloudflare Workers backend that we operate. The backend exists to keep AI provider API keys off the device, to enforce subscription verification and rate limits, and to coordinate retrieval. The backend is a transient processor — it does not persist your audio content, transcripts, or recap text after a request completes.

Depending on which feature you use, the backend may forward content to one or more of the following third-party AI processors. Each processor receives only what is needed for its specific task and is bound by its own terms of service.

• Groq, Inc. — receives audio bytes (the specific audiobook segment you asked the app to scan) and returns a timestamped transcript. Used by Deep Scan. Groq Privacy Policy.
• Anthropic, PBC (Claude) — receives book metadata and, for grounded recaps, a transcript derived from your audio; returns a synthesized recap and structured character data. Anthropic Privacy Policy.
• xAI — receives recap text and returns narrated MP3 audio. Used as the primary text-to-speech provider when you request an audio recap. xAI Privacy Policy.
• OpenAI, L.L.C. — receives recap text and returns narrated MP3 audio only if the primary text-to-speech provider is unavailable. OpenAI Privacy Policy.
• Google LLC (Gemini API) — receives book metadata and chapter/position context; uses Google Search grounding to retrieve recap source material. Used as the primary path for "Story so far" recaps. Gemini API Terms.
• Audnex (open audiobook metadata service) — receives an ASIN to look up chapter metadata. No user content is sent. Audnex.

Drive access token forwarding for streaming Deep Scan. When you run Deep Scan on an audiobook that is streamed from Google Drive (rather than downloaded to the device), the app briefly forwards your Drive OAuth access token to our backend so the backend can perform a single HTTPS Range-GET request for the specific audio segment you asked to scan. The token is used for that one request only; it is not stored, logged, or written to any cache. Google issues short-lived access tokens (typically valid for one hour) and they can be revoked at any time at Google Account Permissions.

Third-Party Services

In addition to the AI processors disclosed above, the app integrates with:

• Google Sign-In and Google Drive API — for authentication and audiobook file access. Google Privacy Policy.
• Apple App Store and Google Play Billing — for purchase processing. Receipts you generate when subscribing are sent to Apple's verification service or Google's Android Publisher API for verification. Apple Privacy, Google Privacy.
• Cloudflare, Inc. — provides the Workers compute and KV storage that host our backend. As with any HTTPS service, Cloudflare may receive standard request metadata (IP address, timestamp, URL path). Cloudflare Privacy.
• Firebase Crashlytics (Google) — for crash reporting. Reports include stack traces, device model, OS version, and app version. We attach a non-reversible hashed identifier (not your email) so we can correlate multiple reports from the same device. Firebase Privacy Policy.
• Google Cast (Chromecast) — used only on the local network when you cast to a Chromecast device. No data leaves the local network for this feature.

Google API Services User Data Policy

Magic Audiobook Player's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• The app uses Google Drive data only to provide and improve the audiobook playback and AI recap features described in this policy.
• The app does not transfer Google user data to third parties except as necessary to provide the app's user-facing functionality (the AI processors disclosed in "Backend Service and AI Processing"), to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
• The app does not use Google user data for serving advertisements.
• The app does not use Google user data to determine creditworthiness or for lending purposes.
• A human can review Google user data only where (a) you have given explicit consent, (b) it is necessary for security purposes (such as investigating abuse), (c) it is required to comply with applicable law, or (d) the data is aggregated and used for internal operations consistent with the User Data Policy.

Data Sharing

We do not sell, rent, or trade your personal information. Audiobook content, transcripts, and book metadata are shared with the third-party AI processors listed above only to the extent necessary to deliver the specific Premium feature you requested, and each processor's use of that data is governed by its own terms. We never share Google user data with advertising networks, data brokers, analytics providers, or any party not listed in this policy.

Data Retention & Deletion

Your data is stored on your device and/or your personal Google Drive. You can delete your data at any time using any of the following methods:

• In-app — Go to Settings → "Delete All My Data" to erase all locally stored data (audiobook library, playback positions, bookmarks, and preferences) and remove the app's sync data from your Google Drive.
• Uninstall — Uninstalling the app removes all locally stored data from your device.
• Google Drive — You can revoke the app's access and delete its data from your Google Account at Google Account Permissions.
• Email request — You may contact us at magicaudiobookplayer@gmail.com to request verification that all your data has been deleted.

Server-side caches expire automatically: receipt hashes and rate-limit counters within 24 hours, and anonymous recap cache entries within 7 days. None of these contain personally identifying information.

Children's Privacy

The app is not directed at children under 13. We do not knowingly collect personal information from children under 13.

Permissions

The app requests the following device permissions:

• Storage / Media access — To read audiobook files stored on your device
• Internet — To stream audiobooks from Google Drive, sync playback data, and contact our backend for Premium AI features
• Background audio — To continue playing audiobooks when the app is in the background
• Bluetooth — To detect and connect to Bluetooth audio devices
• Local network — To discover and cast to Chromecast devices on your local network

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected on this page with an updated effective date below. Continued use of the app after an update constitutes acceptance of the revised policy.

Contact Us

If you have any questions about this Privacy Policy, or wish to exercise any of the data rights described above, please contact us at: magicaudiobookplayer@gmail.com

Last updated: April 28, 2026