makeEBook logo

Privacy Policy

Last updated: 04/06/2026

makeEbook is a product by Neil McArdle, operated under neilmcardle.com.

1. Controller Information

The data controller for makeEbook is Neil McArdle, operating as an individual under UK GDPR. For any privacy-related inquiries, please contact us through neilmcardle.com.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Email address, password (encrypted)
  • eBook Content: Text, titles, chapters, and any content you create
  • Optional Information: Username or display name if provided

2.2 Information Collected Automatically

  • Usage Data: How you interact with the service, features used
  • Technical Data: IP address, browser type, device information
  • Authentication Data: Login sessions and security tokens

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under UK GDPR:

  • Contract Performance: To provide the eBook creation service you've requested
  • Legitimate Interests: To improve our service, prevent fraud, and ensure security
  • Consent: For any additional features or communications (where explicitly given)

4. How We Use Your Information

  • To provide and maintain the eBook creation service
  • To manage your user account and authentication
  • To store and process your eBook content
  • To communicate with you about the service
  • To improve our service and fix technical issues
  • To comply with legal obligations

5. Data Sharing and Recipients

We share your personal data only in the following circumstances:

  • Service Providers: Supabase (database hosting), Vercel (application hosting and analytics)
  • Advertising and Measurement (consent only): Google LLC, for Google Ads conversion measurement. Only engaged when you grant consent through our cookie banner. See section 10 for details.
  • Legal Requirements: When required by law or to protect our rights
  • With Your Consent: Any other sharing only with your explicit permission

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

6. Data Retention

We retain your personal data for as long as necessary to provide the service and fulfill our legal obligations:

  • Account Data: Until you delete your account or request deletion
  • eBook Content: Until you delete it or close your account
  • Usage Logs: Maximum of 12 months for security and improvement purposes

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Where processing is based on consent

To exercise any of these rights, please contact us through our website. We will respond within one month.

8. International Transfers

Your data may be processed outside the UK through our service providers (Supabase, Vercel). We ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses approved by UK authorities
  • Service providers' compliance with international data protection standards
  • Regular review of transfer mechanisms and safeguards

9. Data Security

We implement appropriate technical and organisational measures to protect your data:

  • Encryption of data in transit and at rest
  • Secure authentication and access controls
  • Regular security updates and monitoring
  • Limited access to personal data on a need-to-know basis

10. Cookies and Tracking

We use a small number of cookies and similar technologies. They fall into two categories with different legal bases under PECR (the UK’s Privacy and Electronic Communications Regulations) and UK GDPR.

10.1 Strictly necessary cookies

These cookies are required for the service to work and are set without consent on the basis of contractual necessity. They cannot be turned off without breaking the service.

  • Authentication: Supabase session tokens that keep you signed in
  • Preferences: Theme choice (light/dark) for signed-in users
  • Security: CSRF protection and session integrity

10.2 Advertising and measurement cookies (consent required)

We use Google Ads conversion tracking to measure the effectiveness of our paid advertising campaigns. The cookies and data this involves are only set when you grant consent through the cookie banner. You can withdraw consent at any time and the cookies will be removed.

  • Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Cookies set on consent: _gcl_au, _gcl_aw, _gcl_dc (Google Click Identifier — used to attribute a sign-up to the ad you clicked). Typical lifetime: 90 days.
  • Data sent to Google: Your IP address, browser and device information, the page you visited, and a flag indicating you completed a sign-up. We do not send your email address, manuscript content, or any other identifying account data.
  • Purpose: Measuring ad campaign effectiveness. We do not use Google’s data for retargeting or building advertising profiles.
  • Lawful basis: Your consent under Regulation 6 of PECR and Article 6(1)(a) UK GDPR.
  • International transfer: Google processes this data in the United States. Transfers rely on the EU-US Data Privacy Framework and the UK Extension to that framework, in which Google is certified.
  • Google’s policy: See Google’s privacy policy for how they handle the data they receive.

We use Google Consent Mode v2, which means before you grant consent, no cookies are set and no personal identifiers are sent to Google. If you decline, this remains true for the duration of your visit. If you accept, the cookies above are set until they expire or you withdraw consent.

10.3 Site analytics

We use Vercel Analytics for aggregate page-view statistics. Vercel Analytics is cookie-less and does not track individuals or use cross-site identifiers. It is set on the basis of legitimate interest (Article 6(1)(f) UK GDPR) for service improvement.

10.4 Withdrawing consent

You can withdraw consent for advertising cookies at any time through the cookie banner’s settings. You can also clear all cookies for this site through your browser’s privacy settings, which will reset all preferences including consent.

11. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe we have collected such data, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through the service. Your continued use after such changes constitutes acceptance of the updated policy.

13. Complaints

If you have concerns about how we handle your personal data, you can:

  • Contact us directly through our website
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

14. Contact Information

For any questions about this Privacy Policy or to exercise your data protection rights, please contact us through neilmcardle.com.