Privacy Policy & Security Standards
Last updated: June 7, 2026. Learn how Libraryly isolates library records and secures student database transactions.
1. Database Isolation (Row Level Security)
At Libraryly, we take data privacy and tenant separation seriously. Our cloud database runs on an enterprise PostgreSQL engine with strict **Row Level Security (RLS)** active on all tables.
Every request is automatically scoped to your unique library identifier using authenticated JSON Web Tokens (JWT). This makes it mathematically impossible for any other library owner, staff, or student to query, guess, or modify your student seat allocations, billing histories, or logs.
2. Information We Collect
To run the library SaaS system efficiently, we collect and store:
- Owner Details: Library name, owner email address, hashed passwords, city location, and contact phone numbers for invoicing and account setup.
- Student Portals: Student names, seat codes, active shift hours, checked-in/out timestamps, and payment receipt logs.
- Operational Logs: Seating grid configurations, layout arrangements, daily income totals, and expense logs.
3. WhatsApp Fee Reminders
Libraryly integrates with standard WhatsApp Web and mobile redirect links to send outstanding balance alerts.
We do **not** run automated backend scrapers or share student contact numbers with third-party advertisers. All WhatsApp messages are generated client-side from your dashboard and sent directly through your authenticated browser session to preserve student communication privacy.
4. Hashed Password Encryption & Backups
All user account credentials and passwords are encrypted in transit using SSL certificates and stored as secure cryptographically hashed strings.
Automated database snapshots are taken daily, encrypted, and backed up in isolated storage servers to ensure disaster recovery and prevent data loss.
5. AI Integration & Voice Data Privacy
Libraryly integrates with OpenRouter Whisper and LLM models to power the "Prince AI" virtual assistant, student chatbots, and business copilots.
When using voice search features, audio recordings are processed temporarily in memory as base64 encodings and sent securely to OpenRouter API endpoints for real-time speech-to-text transcription. We do **not** record, log, or permanently store raw audio files on our servers, nor do we share your data with model providers for training purposes.
6. Contact Support
If you have any questions regarding data storage, GDPR compliance, or RLS tenant configurations, please contact our security team: