Skip to main content
Sign In Sign Up

Privacy Policy

Last updated: May 2026

1. Introduction

VerseDB is operated by Reggio Digital LLC, a North Carolina limited liability company ("VerseDB," "we," "us," or "our"), and is the data controller for personal information processed through this site. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our comic cataloging and community features.

2. Information We Collect

Account Information

  • Basic profile information (name, email, password)
  • Profile picture and optional biography
  • PRO subscription status and payment information
  • Moderation privileges and XP level

Collection Data

  • Your comic collection inventory
  • Reading lists and pull lists
  • Wishlists and want lists
  • Grading and condition notes
  • Collection value estimates

Contribution Data

  • Database edits and contributions
  • Reviews and ratings
  • Comments and forum posts
  • Edit history and moderation actions

Usage Data

  • Device and browser information
  • IP address and location data
  • Feature usage patterns
  • API access patterns (for developers)

Information We Do Not Collect

We do not collect "sensitive personal information" as that term is defined under the California Consumer Privacy Act and similar state laws. Specifically, we do not knowingly collect or process: Social Security numbers, driver's license or government identification numbers, financial account numbers or login credentials (payment card information is collected and processed directly by Stripe and never reaches our servers), precise geolocation, racial or ethnic origin, religious or philosophical beliefs, union membership, genetic data, biometric identifiers used to uniquely identify a person, health information, sex life, or sexual orientation. We have no need for this information to provide our service and do not request it from users.

3. How We Use Your Information

Core Services

  • Maintain and improve the comic database
  • Process and display your collection data
  • Track contribution history and XP
  • Manage PRO subscriptions
  • Provide API access

Personalization

  • Customize your dashboard experience
  • Provide personalized recommendations
  • Generate collection insights
  • Deliver relevant notifications

Community Features

  • Display public profile information
  • Process moderation actions
  • Facilitate community interactions
  • Track contribution quality

Communications

We send several categories of email to users:

  • Transactional emails — password resets, email verification, account deletion notices, billing receipts, and similar messages required to operate your account. These are not subject to marketing opt-out because they are necessary to provide the service.
  • Service updates and digests — new-release alerts for series on your pull list, recaps of activity, and notifications tied to comics, creators, or lists you follow. You can manage these per-type from your account notification settings.
  • Product announcements — occasional emails about new features, milestones, and significant changes to VerseDB.
  • Promotional emails — discount codes for PRO, seasonal offers, and similar marketing communications.

You can opt out of product announcements and promotional emails at any time by clicking the unsubscribe link in any such email, or by updating your communication preferences in your account settings. We honor opt-out requests promptly.

4. Information Sharing

We do not sell your personal information for money, and we do not rent it. However, our use of analytics and advertising partners (such as Google Analytics, Meta Pixel, and Google AdSense) may qualify as a "sale" or "sharing" of personal information under the broad definitions in the California Consumer Privacy Act. See Section 8 for how to opt out. In addition:

  • Public contributions (edits, reviews) are visible to all users
  • Collection data is private by default but can be made public
  • Profile information visibility is controlled by your privacy settings
  • Aggregate data may be shared for research or statistical purposes
  • API access is governed by our API Terms of Service

5. Third-Party Services

We use trusted third-party services to operate our platform. These services may process your data as follows:

Payment Processing

Stripe processes all payments for PRO subscriptions. When you subscribe, Stripe collects and processes your payment card information directly. Your payment details are never stored on our servers. Stripe is PCI-DSS compliant and maintains industry-standard security practices.

Analytics and Conversion Tracking

Google Analytics 4 helps us understand how visitors use our website and measure the effectiveness of our services. This includes:

  • Page views and feature usage patterns
  • Subscription checkout and purchase events
  • User registration tracking
  • General site performance metrics

We use both client-side tracking (via gtag.js) and server-side tracking (via GA4 Measurement Protocol) to ensure accurate conversion measurement. For logged-in users, we may associate analytics data with your user ID to provide better service insights. You can opt out of Google Analytics by using browser extensions or adjusting your cookie preferences.

Advertising and Conversion Tracking

Meta (Facebook) Pixel and Conversions API help us measure the effectiveness of our advertising and understand how users interact with our site. This includes tracking actions such as page views, searches, registrations, and purchases. Data shared with Meta may include your IP address, browser information, and a hashed identifier. You can manage your Meta advertising preferences through your Facebook account settings or by using browser-based opt-out tools.

Social Sign-In

When you choose to sign in or sign up using a third-party identity provider, we receive a limited set of profile data from that provider to create or match your VerseDB account. The data we receive varies by provider:

  • Sign in with Apple — your name (only on the first sign-in if you choose to share it) and a verified email address. You may use Apple's "Hide My Email" relay, in which case we store the relay address rather than your real email.
  • Sign in with Google — your name, a verified email address, and your Google profile picture.
  • Sign in with Discord — your Discord username, email address, and avatar.

We use this information only to create or sign you into your VerseDB account. We do not share it back to the identity provider for advertising purposes, and we do not use it to track you across other apps or websites. If you delete your VerseDB account, we revoke the link with the identity provider where the provider's API supports it (Apple).

Display Advertising

Google AdSense is used to display advertisements to non-PRO users and guests. AdSense may collect and use data to show you personalized ads based on your interests, browsing history, and demographic information. This may include:

  • Cookies for ad personalization and frequency capping
  • Device identifiers and IP address
  • Browsing activity across sites that use Google advertising services

PRO subscribers do not see advertisements. The AdSense script is not loaded for PRO subscriber sessions, meaning no advertising-related data collection occurs for these users.

You can manage your Google advertising preferences through Google Ads Settings or opt out of personalized advertising. For more details, see How Google uses data when you use our partners' sites or apps.

Infrastructure, Storage, and Delivery

We rely on the following providers to host VerseDB and deliver the service. These providers process personal information on our behalf as data processors under our instructions, subject to written data processing agreements:

  • Hetzner Online GmbH — server hosting and database storage for the VerseDB application (Germany).
  • Cloudflare, Inc. — content delivery network, DNS, security, and R2 object storage used for cover images, user-uploaded media (profile photos, banners, gallery uploads, collection scans), and other static assets.
  • Mailgun (Sinch) — transactional and marketing email delivery, including account, billing, notification, and product emails.

AI-Assisted Features (VerseAI)

Our VerseAI features use Google's Gemini API to power AI-assisted summaries, recommendations, and search. When you interact with these features, the prompts and any context we send to the model (which may include text you submit and information from the VerseDB database) are processed by Google under the Gemini API terms. Google has stated that paid API content is not used to train its models. We do not send Gemini your account credentials, payment information, or content from other users.

We encourage you to review these services' privacy policies for more information about how they handle your data.

6. Data Security

We protect your data through:

  • Encryption of sensitive information
  • Secure server protocols and infrastructure
  • Regular security audits and updates
  • Access controls and authentication
  • Backup and recovery procedures

Security Incidents

No system can be guaranteed completely secure. In the event of a personal data breach that is likely to result in a risk to your rights or interests, we will notify affected users without undue delay, and notify regulatory authorities where required by applicable law (including within 72 hours of becoming aware of the breach where required under the GDPR). Our notice will describe the nature of the breach, the categories of data involved, the likely consequences, and the measures we have taken or propose to take in response.

7. Legal Basis for Processing (EU/UK Users)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data on the following legal bases under the GDPR / UK GDPR:

  • Performance of a contract — to create and maintain your account, process your PRO subscription, and provide the cataloging and community features you have signed up for.
  • Legitimate interests — to operate, secure, and improve the platform; to prevent fraud and abuse; to maintain the community database; and to communicate with you about service changes. We balance these interests against your rights and you may object at any time (see Section 8).
  • Consent — for non-essential analytics and advertising cookies, and for any optional marketing communications. You may withdraw consent at any time through our Cookie Policy preferences or by updating your settings.
  • Legal obligation — to comply with applicable tax, accounting, and law-enforcement requirements.

8. Your Rights and Controls

Access and Control

  • View and edit your personal information from your account settings
  • Control collection and list privacy settings
  • Manage notification preferences and email communications
  • Configure API access tokens
  • Manage analytics and advertising cookie consent at any time

Marketing Communications

You can opt out of marketing emails (product announcements, promotional offers, and digests) at any time by:

  • Clicking the unsubscribe link at the bottom of any marketing email — opt-outs are processed promptly and within the time required by applicable law
  • Updating your communication preferences in your account settings
  • Emailing us at [email protected] with the subject "Unsubscribe"

Even after opting out of marketing email, we will continue to send you transactional messages required to operate your account, such as password resets, billing receipts, security notices, and changes to these policies. You may stop receiving all email from us by deleting your account.

Data Portability

  • Export your collection data — see Exporting Your Collection (PRO)
  • Download your contribution history

Account Closure

You can delete your account at any time from your account settings. Deletion begins a 7-day grace period during which the account is deactivated and can be restored. After the grace period elapses, your personal data is permanently deleted, any active PRO subscription is canceled with Stripe, and user-uploaded media (profile photo, banner, and collection scans) is removed from our storage. Public contributions to the comic database (such as edits to series, issues, characters, or other shared records) are retained in an anonymized form because they form part of the community database. For step-by-step instructions, see How to Delete Your VerseDB Account.

Rights of EU/UK Residents (GDPR / UK GDPR)

Subject to applicable conditions and exceptions, you have the right to:

  • Access the personal data we hold about you and receive a copy
  • Rectification of inaccurate or incomplete personal data
  • Erasure ("right to be forgotten") of your personal data
  • Restriction of processing in certain circumstances
  • Data portability — receive your data in a structured, commonly used, machine-readable format
  • Object to processing based on our legitimate interests, including profiling
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with your local supervisory authority

We do not engage in solely automated decision-making that produces legal or similarly significant effects on you within the meaning of GDPR Article 22. Personalized recommendations and feature suggestions are advisory only and do not determine access to the service.

Rights of California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we share it
  • Delete the personal information we have collected from you, subject to certain exceptions
  • Correct inaccurate personal information we maintain about you
  • Opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. We do not sell personal information for money, but our use of advertising and analytics partners (such as Meta Pixel and Google AdSense) may qualify as "sharing" under California law. You can opt out at any time by setting your cookie preferences to decline advertising cookies, by becoming a PRO subscriber (which disables third-party advertising entirely), or by submitting a request as described below.
  • Limit the use of sensitive personal information — we do not use or disclose sensitive personal information for purposes that require this right to be offered.
  • Non-discrimination — we will not deny service, charge different prices, or provide a lower quality of service because you exercised your privacy rights.

You may authorize an agent to make a request on your behalf; we will require the agent to provide proof of authorization and may require you to verify your identity directly.

Rights of Other U.S. State Residents

Residents of other U.S. states with comprehensive consumer privacy laws — including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Hampshire, New Jersey, Tennessee, and Indiana — have substantially similar rights, including the right to access, correct, and delete personal information we have collected from you, to obtain a portable copy, and to opt out of targeted advertising, the sale of personal information, and certain forms of profiling. To exercise these rights, follow the process described in "How to Exercise Your Rights" below. You also have the right to appeal a denial of your request by replying to our response.

How to Exercise Your Rights

To exercise any of the rights described above, email us at [email protected] with the subject line "Privacy Request" and describe what you are requesting. We may need to verify your identity using information associated with your VerseDB account before fulfilling the request. We will respond within 45 days for California requests (extendable by an additional 45 days where reasonably necessary, with notice) and within 30 days for EU/UK requests (extendable by up to 60 additional days for complex requests). There is no fee for exercising your rights unless requests are manifestly unfounded or excessive.

9. Children's Privacy

VerseDB is intended for users 13 and older. We do not knowingly collect information from children under 13. If we discover we have collected information from a child under 13, we will delete it.

10. International Data Transfers

VerseDB is operated from the United States, and personal information you provide is processed in the United States. If you are located in the European Economic Area, the United Kingdom, or Switzerland, please note that the United States may not provide the same level of data protection as your home country. When we transfer personal data from these regions to the United States or to other countries, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework and its UK and Swiss extensions. You may request a copy of the relevant safeguards by contacting us at the address in Section 12.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes through:

  • Site notifications
  • Email notifications (for registered users)
  • Updates to the "Last Updated" date

12. Contact Us

For privacy-related inquiries, contact us at: [email protected]

Reggio Digital LLC Durham County, North Carolina, USA