Version: v1.0
Effective date: 2026-05-26
Last updated: 2026-06-06
Operator: Cognitex Cultural Technology Co., Limited
Service name: ThePeopleBook
Legal notices: [email protected]
Privacy contact: [email protected]
Support: [email protected]
Language control: The English version is the legally binding version unless ThePeopleBook expressly publishes a tri-language equal-effect clause.

1. Who We Are

1.1 ThePeopleBook is operated by Cognitex Cultural Technology Co., Limited. In this Privacy Policy, “ThePeopleBook”, “we”, “us”, and “our” mean that operator when we collect, hold, process, or use personal data in connection with ThePeopleBook.

1.2 This Privacy Policy is based on the Hong Kong Personal Data (Privacy) Ordinance, Cap. 486 (PDPO). If GDPR, UK GDPR, or other mandatory privacy laws apply to a user or processing activity, the jurisdiction-specific provisions below apply in addition to the Hong Kong baseline.

2. Information We Collect

2.1 Account information: name, email address, username, password hash, profile details, language preferences, account status, login records, and security settings.

2.2 Payment information: payment-provider tokens, payment status, transaction IDs, amounts, currency, refunds, chargebacks, tax-related transaction records, and limited card information returned by payment providers such as card brand, last four digits, and expiry. Stripe or another payment provider processes card details. We do not intend to store full card numbers.

2.3 Payout, KYC, and tax-related information: We currently expect Airwallex or similar payout providers to handle creator payouts, identity verification, payout-account verification, sanctions screening, and tax-related workflows. Those providers may directly collect identity documents, passport / identity card information, tax forms, and payout account data. Unless we separately notify you or legal requirements apply, ThePeopleBook usually receives and stores only verification status, provider record IDs, payout status, necessary compliance / risk results, transaction records, and accounting records rather than complete identity documents or complete payout account details.

2.4 Usage and device data: reading progress, trial-reading progress, page visits, clicks, search and recommendation interactions, device identifiers, IP address, browser type, operating system, logs, diagnostics, referral information, and fraud / security signals.

2.5 Cookies and similar technologies: necessary, functional, analytics, and marketing cookies or similar technologies, subject to applicable consent requirements.

2.6 User Content and collaboration records: book ideas, outlines, drafts, manuscripts, edits, comments, reviews, proofreading notes, forum posts, metadata, publication configuration, book-team records, governance workflow records, and moderation records.

2.7 Signing and legal acceptance records: user ID, legal document type, version number, accepted timestamp in UTC, IP address, User-Agent, SHA-256 hash of accepted text, locale, source page or workflow, book ID where applicable, Documenso envelope ID, signature ID, signature status, and related audit records.

2.8 Support communications: emails, tickets, chat messages, attachments, call notes, complaint records, and responses.

3. Purposes Of Use

We use personal data for:

1. providing accounts, collaboration tools, book-team workflow, online reading, listings, payments, ledger records, payouts, signing records, and support;
2. account security, authentication, abuse prevention, fraud prevention, sanctions and payment-risk checks;
3. content moderation, copyright complaint handling, dispute handling, evidence preservation, and legal compliance;
4. payment processing, refunds, chargebacks, tax, accounting, audit, and payout administration;
5. product analytics, service improvement, debugging, feature development, search, recommendations, and quality assurance;
6. communications about service updates, legal changes, support responses, and where lawful, marketing communications;
7. enforcing Terms, book governance agreements, and platform policies;
8. complying with law, court orders, regulatory requests, and protecting rights, safety, and security.

4. Hong Kong PDPO Basis And Notice

4.1 Under the Hong Kong PDPO, we collect personal data for lawful purposes directly related to our functions and activities. Data collected should be necessary, adequate, and not excessive for those purposes.

4.2 Where we collect personal data directly from you, we aim to inform you on or before collection of the purposes of collection, whether provision is obligatory or voluntary where relevant, the consequences of not providing required data, classes of transferees, and your access and correction rights.

4.3 We use personal data for the purposes for which it was collected or directly related purposes, unless we obtain prescribed consent or another legal basis applies.

4.4 We take reasonably practicable steps to protect personal data, maintain transparency about our policies and practices, allow access and correction requests, and avoid retaining personal data longer than necessary for the purposes of use, subject to legal, evidence, accounting, and operational exceptions.

5. GDPR / UK GDPR Legal Bases If Applicable

Where GDPR or UK GDPR applies, our legal bases may include:

1. contract: to provide accounts, collaboration, reading, payment, payout, signing, and support services;
2. legitimate interests: platform security, fraud prevention, moderation, service improvement, analytics, legal claims, and evidence preservation, balanced against user rights;
3. consent: non-essential cookies, certain marketing, optional data sharing, or any optional processing requiring consent;
4. legal obligation: tax, accounting, payment, sanctions, KYC, regulatory, or court-order compliance;
5. legal claims: establishing, exercising, or defending legal claims.

6. Sharing And Subprocessors

6.1 We may share personal data with service providers and subprocessors that support ThePeopleBook, including:

• Stripe or other payment providers for reader payments;
• Airwallex or similar payout providers for creator payouts;
• OpenAI (OpenAI, L.L.C.) for automated content moderation. We send user-generated content — forum topics and replies, book reviews, discussion and chapter comments, display names and usernames, profile bios, book titles and descriptions, and uploaded images — to OpenAI's content-moderation API to detect policy-violating material. Data processed: the submitted text or image. Data residency: US. OpenAI does not use data submitted to this API to train its models and retains it only for a limited period under its API data-usage policy. We minimize directly identifying information where practical. Purpose: platform safety and content moderation.
• Documenso or other electronic-signing providers;
• Sentry (Functional Software Inc.) for error tracking and performance monitoring. Data processed may include request URL, stack trace, user ID if logged in, IP address, and User-Agent. Data residency: US (ingest.us.sentry.io). Purpose: bug detection and incident response;
• Cloudflare, Inc. for CDN, DNS, and DDoS protection. Data processed may include IP address, User-Agent, request URL, and response status, with logs retained for 24 hours or according to Cloudflare defaults. Data residency: global edge nodes. Purpose: site acceleration, DDoS protection, and bot protection;
• Resend (Resend, Inc.) for transactional email delivery. Data processed may include recipient email address, email content, and delivery status. Data residency: US. Purpose: account verification, notifications, and customer-support email;
• AWS S3, Aliyun OSS, Tencent COS, or other cloud storage / hosting providers;
• email, notification, analytics, support, security, logging, monitoring, and fraud-prevention providers;
• professional advisers, auditors, insurers, payment networks, banks, regulators, courts, or law-enforcement bodies where required or appropriate.

6.2 These providers may process personal data under their own terms and privacy policies. We use reasonable contractual, access-control, and security measures based on the providers actually used and applicable law.

6.3 We do not sell personal data. We do not provide personal data to third parties for their own direct marketing without required notice and consent.

7. International Data Transfers

7.1 ThePeopleBook operates globally. Personal data may be processed in Hong Kong and in other jurisdictions where AWS, Cloudflare, payment providers, payout providers, signing providers, AI providers, support providers, or other service providers operate.

7.2 If Hong Kong PDPO section 33 or cross-border transfer restrictions become applicable to a transfer, or if GDPR / UK GDPR applies, we will use appropriate transfer safeguards where required, such as contractual protections, standard contractual clauses, UK addendum, transfer-risk assessment, consent where appropriate, or other lawful mechanisms.

8. Retention

8.1 We retain account data for the account lifetime and a reasonable period after closure where needed for security, disputes, legal compliance, audit, backups, or legitimate business purposes.

8.2 Financial, payment, payout, tax, accounting, and audit records may be retained for legally required periods.

8.3 Signing records, publication consent records, copyright complaints, infringement evidence, moderation decisions, and dispute records may be retained for evidence, legal claims, audit, and platform integrity.

8.4 We may delete, anonymize, or aggregate data when it is no longer needed, subject to legal, evidence, accounting, backup, safety, and operational exceptions.

9. User Rights

9.1 Under Hong Kong PDPO, you may request access to and correction of your personal data, subject to legal limits. Requests should be sent to [email protected].

9.2 Depending on applicable law, you may also request deletion, export, restriction, objection, withdrawal of consent, or opt-out from marketing.

9.3 If GDPR / UK GDPR applies, you may have rights of access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority, subject to legal limits.

10. Cookies

10.1 We may use necessary cookies for login, security, load balancing, checkout, reader operation, and legal acceptance records. Necessary cookies cannot be disabled where required to provide the Services.

10.2 Functional cookies may remember language, display, reader, and workflow preferences.

10.3 Analytics cookies help us understand usage, improve reliability, and develop features.

10.4 Marketing cookies may support marketing, attribution, or promotional measurement.

10.5 Where law requires, non-essential analytics and marketing cookies will be disabled unless you consent. Users should be able to change cookie choices where required.

11. Children

ThePeopleBook is not directed to users under 18. Users must be at least 18 years old to create accounts or enter into ThePeopleBook agreements.

12. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal data against unauthorized or accidental access, processing, erasure, loss, or use. No system can be guaranteed completely secure.

13. Automated And AI-Assisted Processing

13.1 We may use AI-assisted moderation, risk flags, search, recommendations, fraud detection, and quality-assurance tools.

13.2 AI outputs may be inaccurate or incomplete. Where decisions materially affect content availability, account status, payout, or publication, we may provide human review or appeal where appropriate and legally required.

13.3 ThePeopleBook does not receive default AI training rights in User Content under the Terms or Creator Content License. Any use of User Content for AI model training would require separate opt-in or written authorization.

14. Contact

Privacy requests: [email protected]
Support: [email protected]
Legal notices: [email protected]

15. Changes To This Policy

We may update this Privacy Policy. Material updates may be notified by banner, email, in-app notice, or legal-version announcement. Where required, we may request re-acceptance or renewed consent.