Personal information handled with clarity, care, and accountability.

This Privacy Policy explains how LINDOCODE DIGITAL (PTY) LTD ('we', 'us', or 'our') collects, uses, stores, shares, and protects personal information when you visit our website, enquire about our services, or work with us.

We act as the responsible party for personal information processed through this website and in relation to our client and business operations, except where another party determines the purpose and means of processing.

Depending on how you interact with us, we may collect identification and contact details such as your name, email address, phone number, company name, billing details, communication history, project information, technical usage data, IP address, browser details, and any other information you voluntarily submit.

We may also collect limited cookie or analytics-related information to understand website performance, improve usability, and maintain security.

We may collect information directly from you when you complete a contact form, request a quote, send us an email, subscribe to updates, sign an agreement, make payment, or communicate with us in any other way.

We may also collect information automatically through website logs, cookies, analytics tools, security tools, and hosting or infrastructure providers used to operate the site.

We process personal information to respond to enquiries, provide proposals, deliver design and development services, manage projects, issue invoices, maintain records, improve our website and services, detect misuse, comply with legal obligations, and communicate with clients or prospective clients.

Where required, we will rely on consent, contractual necessity, legal obligations, legitimate business interests, or another lawful ground recognised under applicable law.

We do not sell personal information. We may share information with trusted service providers or operators who help us run our business, such as hosting providers, analytics providers, payment processors, cloud infrastructure services, email tools, and professional advisers, but only where reasonably necessary.

Where third parties process personal information on our behalf, we expect them to apply appropriate security and confidentiality protections.

We keep personal information only for as long as it is reasonably necessary for the purpose for which it was collected, for lawful business needs, or to comply with contractual, tax, accounting, dispute-resolution, or legal obligations.

When information is no longer required, we take reasonable steps to delete, destroy, de-identify, or securely archive it in accordance with applicable requirements.

We take reasonable technical and organisational measures to secure personal information. These may include access controls, authentication protections, software updates, secure hosting environments, limited access practices, and monitoring aimed at reducing the risk of unauthorised access or loss.

No online environment can be guaranteed completely secure, but we work to maintain safeguards appropriate to the nature of the information we process.

Subject to applicable law, you may ask to access the personal information we hold about you, request correction of inaccurate or incomplete information, object to certain forms of processing, withdraw consent where processing is based on consent, or request deletion where continued retention is not justified.

You may also ask us how your information has been used or shared and request support where you believe your privacy rights have been affected.

Our website may use cookies or similar technologies to support essential functionality, understand traffic patterns, improve performance, remember preferences, and help us maintain a reliable browsing experience.

You can usually control cookies through your browser settings, though disabling some cookies may affect how parts of the website function.

Some of our service providers or infrastructure may store or process personal information outside South Africa. Where this happens, we take reasonable steps to ensure that the transfer is done with appropriate protection and only where it is necessary for the service being provided.

Our services and website are not intentionally directed at children. We do not knowingly collect personal information from children without appropriate lawful basis or authorisation where required.

If we become aware of a security compromise affecting personal information and notification is required, we will take steps to investigate, contain, and respond to the incident, and notify affected parties and relevant authorities where applicable.

LazyReader is an EPUB reading application that allows users to connect supported third-party cloud storage providers in order to access and read EPUB files they already own.

Supported cloud providers may include services such as OneDrive, Dropbox, Nextcloud, Koofr and other authorised storage platforms integrated into the application from time to time.

When a user chooses to connect a cloud storage provider, LazyReader only requests permissions necessary to provide browsing, syncing, metadata extraction, offline access, and EPUB reading functionality within the application.

Users remain in control of connected cloud storage accounts at all times and may disconnect linked providers through the application settings.

14.1. OneDrive

14.1.1. Scope and read-only access

When a user chooses to connect OneDrive, LazyReader requests limited read-only access through the Microsoft Graph API using the Files.Read or Files.Read.All scope as appropriate. This scope is read-only at the API level, meaning the application is technically incapable of creating, modifying, deleting, or reorganising any files or folders within the connected OneDrive account. This is an API-enforced restriction, not solely a policy commitment.

14.1.2. Folder selection and access control

After linking OneDrive, the user is shown their own OneDrive folders and must explicitly choose which folder LazyReader is allowed to access. LazyReader does not read or sync files from any folder unless the user manually selects that folder.

14.1.3. What LazyReader accesses

Once a folder has been selected, LazyReader only accesses information necessary to provide the requested functionality, including limited file metadata, folder structure information, and EPUB content required for syncing and reading. Only EPUB files are processed for reading functionality.

14.1.4. Data use restrictions

OneDrive data is not used for advertising, profiling, resale, or unrelated analytics purposes.

14.1.5. User control and unlinking

Users remain in control of their connected OneDrive account at all times. LazyReader provides a clearly accessible unlink option within the application settings. When a user removes the OneDrive connection, associated sync data, cached EPUB content, linked folder references, and related locally stored connection data are deleted from the application. To use OneDrive integration again after unlinking, the user must reconnect and reselect folders from scratch.

14.1.6. OAuth token storage and security

When a user connects OneDrive, LazyReader receives and stores an OAuth refresh token solely to maintain the authenticated connection and refresh access on the user's behalf. This token is stored securely in our database infrastructure and is never exposed to third parties, used for any purpose beyond maintaining the authorised OneDrive connection, or transmitted outside the systems necessary to provide the service. Access tokens derived from the refresh token are short-lived and used only during active sync or reading sessions.

14.1.7. Revoking access

Users may revoke LazyReader's access to their OneDrive account at any time through the application settings disconnect option, or directly through their Microsoft Account permissions page at account.microsoft.com. Revoking access through either route will immediately terminate LazyReader's ability to access the connected OneDrive account.

14.1.8. Local storage and no server-side EPUB storage

LazyReader does not upload, store, or retain EPUB file content on its own servers. EPUB files are downloaded temporarily to the user's local device solely for metadata extraction, library display, and in-app reading. Where a user enables offline access for a specific book, that file is stored locally on the user's device only. No EPUB content is transmitted to Lindocode Digital servers or retained beyond what is necessary for local application functionality.

14.2. Dropbox

14.2.1. Scope and read-only access

When a user chooses to connect Dropbox, LazyReader requests limited read-only access through the Dropbox API using the files.content.read, files.metadata.read, and account_info.read scopes. These scopes are read-only at the API level, meaning the application is technically incapable of creating, modifying, deleting, or reorganising any files or folders within the connected Dropbox account. The account_info.read scope is used solely to identify the connected account for display and management purposes within the application. This is an API-enforced restriction, not solely a policy commitment.

14.2.2. Folder selection and access control

After linking Dropbox, the user is shown the Epub files in their Dropbox folder namely: './Apps/LazyReader/' - and LazyReader does not read or sync files from any other folder besides './Apps/LazyReader/' - which is created automatically once user links the provider.

14.2.3. What LazyReader accesses

LazyReader only accesses information necessary to provide the requested functionality, including limited file metadata, folder structure information, and EPUB content required for syncing and reading. Only EPUB files are processed for reading functionality.

14.2.4. Data use restrictions

Dropbox data is not used for advertising, profiling, resale, or unrelated analytics purposes.

14.2.5. User control and unlinking

Users remain in control of their connected Dropbox account at all times. LazyReader provides a clearly accessible unlink option within the application settings. When a user removes the Dropbox connection, associated sync data, cached EPUB content, linked folder references, and related locally stored connection data are deleted from the application. To use Dropbox integration again after unlinking, the user must reconnect and reselect folders from scratch.

14.2.6. OAuth token storage and security

When a user connects Dropbox, LazyReader receives and stores an OAuth refresh token solely to maintain the authenticated connection and refresh access on the user's behalf. This token is stored securely in our database infrastructure and is never exposed to third parties, used for any purpose beyond maintaining the authorised Dropbox connection, or transmitted outside the systems necessary to provide the service. Access tokens derived from the refresh token are short-lived and used only during active sync or reading sessions.

14.2.7. Revoking access

Users may revoke LazyReader's access to their Dropbox account at any time through the application settings disconnect option, or directly through their Dropbox account security page at dropbox.com/account/connected_apps. Revoking access through either route will immediately terminate LazyReader's ability to access the connected Dropbox account.

14.2.8. Local storage and no server-side EPUB storage

LazyReader does not upload, store, or retain EPUB file content on its own servers. EPUB files are downloaded temporarily to the user's local device solely for metadata extraction, library display, and in-app reading. Where a user enables offline access for a specific book, that file is stored locally on the user's device only. No EPUB content is transmitted to Lindocode Digital servers or retained beyond what is necessary for local application functionality.

14.3. Nextcloud

14.3.1. Scope and connection method

When a user chooses to connect a Nextcloud instance, LazyReader connects using the user's own self-hosted or third-party hosted Nextcloud server via the WebDAV protocol or Nextcloud's native API, depending on server configuration. LazyReader requests only the permissions required to browse and retrieve EPUB files from a user-selected folder. The application does not request administrative access or the ability to modify, delete, or reorganise any content on the connected server.

14.3.2. Folder selection and access control

After linking their Nextcloud instance, the user is shown their own folder structure and must explicitly choose which folder LazyReader is allowed to access. LazyReader does not read or sync files from any folder unless the user manually selects that folder.

14.3.3. What LazyReader accesses

Once a folder has been selected, LazyReader only accesses information necessary to provide the requested functionality, including limited file metadata, folder structure information, and EPUB content required for syncing and reading. Only EPUB files are processed for reading functionality.

14.3.4. Data use restrictions

Nextcloud data is not used for advertising, profiling, resale, or unrelated analytics purposes.

14.3.5. Credential storage and security

To maintain the authenticated connection to a user's Nextcloud instance, LazyReader may store connection credentials or access tokens securely. These are stored in our secure database infrastructure, are never exposed to third parties, and are used solely to maintain the authorised Nextcloud connection. Users connecting to a self-hosted Nextcloud instance are responsible for the security configuration of their own server.

14.3.6. User control and unlinking

Users remain in control of their connected Nextcloud account at all times. LazyReader provides a clearly accessible unlink option within the application settings. When a user removes the Nextcloud connection, associated sync data, cached EPUB content, linked folder references, and related locally stored connection data are deleted from the application.

14.3.7. Local storage and no server-side EPUB storage

LazyReader does not upload, store, or retain EPUB file content on its own servers. EPUB files are downloaded temporarily to the user's local device solely for metadata extraction, library display, and in-app reading. No EPUB content is transmitted to Lindocode Digital servers or retained beyond what is necessary for local application functionality.

14.4. Koofr

14.4.1. Scope and connection method

When a user chooses to connect Koofr, LazyReader connects via the Koofr API or WebDAV interface using credentials or tokens scoped to read-only file access. The application is not granted the ability to create, modify, delete, or reorganise any files or folders within the connected Koofr account.

14.4.2. Folder selection and access control

After linking Koofr, the user is shown their own Koofr folders and must explicitly choose which folder LazyReader is allowed to access. LazyReader does not read or sync files from any folder unless the user manually selects that folder.

14.4.3. What LazyReader accesses

Once a folder has been selected, LazyReader only accesses information necessary to provide the requested functionality, including limited file metadata, folder structure information, and EPUB content required for syncing and reading. Only EPUB files are processed for reading functionality.

14.4.4. Data use restrictions

Koofr data is not used for advertising, profiling, resale, or unrelated analytics purposes.

14.4.5. Credential storage and security

To maintain the authenticated connection, LazyReader stores access credentials or tokens securely in our database infrastructure. These are never exposed to third parties and are used solely to maintain the authorised Koofr connection.

14.4.6. User control and unlinking

Users remain in control of their connected Koofr account at all times. LazyReader provides a clearly accessible unlink option within the application settings. When a user removes the Koofr connection, associated sync data, cached EPUB content, linked folder references, and related locally stored connection data are deleted from the application. Users may also revoke access directly through their Koofr account settings at app.koofr.net.

14.4.7. Local storage and no server-side EPUB storage

LazyReader does not upload, store, or retain EPUB file content on its own servers. EPUB files are downloaded temporarily to the user's local device solely for metadata extraction, library display, and in-app reading. No EPUB content is transmitted to Lindocode Digital servers or retained beyond what is necessary for local application functionality.

14.5. General principles across all cloud storage integrations

Regardless of which cloud storage provider a user connects, the following principles apply uniformly across all integrations:

- LazyReader requests the minimum permissions necessary to provide reading and library functionality.

- Only EPUB files are processed; other file types are ignored.

- No file content is stored on Lindocode Digital servers.

- Users may unlink any connected storage provider at any time from within the application settings.

- Connection credentials and tokens are stored securely and never shared with third parties.

- Cloud storage data is never used for advertising, profiling, or resale.

14.5.1. Third-party API compliance

LazyReader's access to and use of information received from third-party cloud storage APIs - including but not limited to Google APIs, Microsoft Graph, the Dropbox API, the Koofr API, and Nextcloud or WebDAV interfaces - complies with each respective provider's developer policies and user data requirements, including any applicable Limited Use restrictions. Information obtained through these APIs is used only to provide and improve the in-app reading and library features described in this policy. It is not used for advertising, user profiling, resale, or any purpose unrelated to the core functionality of the application.

We may update this Privacy Policy from time to time to reflect operational, legal, or service changes. The latest version published on this page will apply from the effective date stated under the overview section at the top of this page.