Skip to content
Auris Reader
AurisReader
  • Features
  • Pricing
  • Download
  • About
  • Contact
  • Log in
  • Sign up
  • EN
  • ES
  • Features
  • Pricing
  • Download
  • About
  • Contact
  • Log in
  • Sign up

Privacy Policy

Summary: This Privacy Policy explains how we process your personal data when you browse aurisreader.com, contact us, create an account, purchase a license or use the Auris Reader applications (desktop and Android). Crucially, the content of the books and PDFs you open with Auris Reader never leaves your device — see section 12. The service is provided from the Canary Islands (Spain) and primarily uses infrastructure located in the European Union.

Last update: 22/06/2026

Contents

  • 1. Data controller
  • 2. Personal data we process
  • 3. Purposes and legal bases
  • 4. Recipients and data processors
  • 5. International transfers
  • 6. Retention periods
  • 7. Your rights
  • 8. Complaints
  • 9. Marketing and commercial communications
  • 10. Cookies
  • 11. Children
  • 12. Auris Reader apps — what stays on your device
  • 13. Changes to this Policy

1. Data controller

Trade name: Auris Reader
Controller: Jésica Carballo Yanes
Spanish Tax ID (NIF): 78633820-V
Registered address: Calle Santa Rosalía, 49, 1C, 38002, Santa Cruz de Tenerife, Spain
Email: info@aurisreader.com
Data Protection Officer (DPO): Not applicable

Information provided in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and, in Spain, Articles 11 and 12 of Organic Law 3/2018 (LOPDGDD).

2. Personal data we process

2.1. All visitors

When you browse the website, even without creating an account, we may process:

  • Contact form data: name, email address, subject area and message.
  • Anti-abuse data (reCAPTCHA): technical data collected by Google reCAPTCHA v3 in the registration, sign-in and contact forms.
  • Browsing and analytics data: if and when you accept the corresponding cookie category, we may collect data such as pages visited, time on page, device type and screen resolution. Such data is pseudonymised and used exclusively for the purposes described in section 3.7.
  • Security data: pseudonymised technical connection data used to prevent unauthorised access and abusive use.

2.2. Registered users

If you create an account or purchase a license, we additionally process:

  • Identification and contact data: name, email address and, optionally, country of residence.
  • Social sign-in data: if you choose to register or sign in with “Sign in with Google”, we receive from Google your email address, your name and a unique Google account identifier, solely to create or link your Auris Reader account. We never receive your Google password.
  • Account data: internal identifiers, hashed credentials and account status.
  • Subscription data: plan purchased, subscription status and transaction identifiers issued by the payment processor.
  • Payment data: handled directly by our external payment processor. We do not store full card numbers or bank account details on our servers.
  • License data: license keys, device tokens generated when you activate the app on a device, activation date and last validation timestamp.
  • Session logs: date and result of sign-in events and session tokens, for security purposes.
  • Support data: content of technical-support enquiries and replies.

2.3. Desktop and Android application usage data

When you use an Auris Reader application — the desktop app (Windows and Linux) or the Android app — it communicates with our servers only to sign in to and validate your account and subscription and, on desktop, to retrieve software updates (the Android app is updated through Google Play). The application never sends to our servers:

  • The content of the EPUB or PDF files you open.
  • The audio generated by the text-to-speech engine.
  • The translations produced while you read.
  • Bookmarks, reading positions or annotations.

All of the above remains exclusively on your device. See section 12 for the full technical detail.

3. Purposes and legal bases

We process your data for the following purposes, based on the legal grounds set out in Article 6 GDPR:

3.1. Account management and service delivery

  • Purpose: account creation, authentication (including the optional “Sign in with Google” social login), license activation, account management and associated technical support.
  • Legal basis: performance of a contract or implementation of pre-contractual measures (Art. 6.1.b GDPR).

3.2. Subscription, payment and invoicing management

  • Purpose: processing of one-off and recurring payments, invoicing, plan changes and handling of payment incidents.
  • Legal basis: performance of the contract (Art. 6.1.b GDPR) and, where applicable, compliance with legal obligations (Art. 6.1.c GDPR).

3.3. Customer enquiries and technical support

  • Purpose: to respond to enquiries and technical-support requests.
  • Legal basis: performance of the contract (Art. 6.1.b GDPR) for registered users; legitimate interest of the controller in responding to the enquiry (Art. 6.1.f GDPR) for unregistered visitors.

3.4. Compliance with legal obligations

  • Purpose: to retain accounting and invoicing records, respond to requirements from public authorities and comply with applicable tax and consumer-protection legislation.
  • Legal basis: compliance with a legal obligation (Art. 6.1.c GDPR).

3.5. Security, fraud prevention and access logging

  • Purpose: to protect the website, the licensing API and the Auris Reader applications against unauthorised access, bots and abusive use, by means of technical security measures and, where applicable, verification through Google reCAPTCHA v3.
  • Legal basis: legitimate interest in ensuring the security of the service (Art. 6.1.f GDPR). The controller has assessed that this legitimate interest does not override the rights and freedoms of data subjects, given the technical and non-invasive nature of the data processed and the pseudonymisation measures applied.

3.6. Software-update delivery

  • Purpose: to inform the desktop application about the availability of new versions and to deliver patched releases.
  • Legal basis: performance of the contract (Art. 6.1.b GDPR), as an integral feature of the licensed service, and legitimate interest in the secure maintenance of the software (Art. 6.1.f GDPR).

3.7. Web analytics and campaign measurement

  • Purpose: to analyse the use of the website in order to improve the service, measure the effectiveness of marketing campaigns and, where applicable, to display targeted advertising or build remarketing audiences on third-party platforms.
  • Legal basis: express consent (Art. 6.1.a GDPR), granted through the cookie banner by category. No analytics, marketing or advertising cookies — whether first-party or third-party — are installed without prior, specific acceptance of the corresponding category.
  • Tool and safeguards: for website analytics we use Google Analytics 4 (GA4), loaded with Google Consent Mode v2 with all storage categories defaulting to “denied”. No analytics cookie or identifier is set until you accept the analytics category in the cookie banner.
  • Automated decisions: audience segmentation, where applied, is indicative and used internally to prioritise communications. It does not produce legal or significant effects on the data subject (Art. 22 GDPR): it does not condition access to the service or the contractual terms.

3.8. Marketing and commercial communications

  • Purpose: to send communications about product updates, new features and promotions of the service and to measure their effectiveness through delivery, open and click-through tracking.
  • Legal basis: express consent of the data subject (Art. 6.1.a GDPR), granted at the moment of subscription, with the right to withdraw it at any time without affecting the lawfulness of processing carried out before such withdrawal (Art. 7.3 GDPR).
  • Opt-out: every commercial email contains a free unsubscribe link with immediate effect.

4. Recipients and data processors

Your data may be processed by the following providers, which act as data processors (Art. 28 GDPR) or as independent controllers, as indicated in each case:

  • Stripe Payments Europe, Ltd. (Ireland, EU) — payment processing and subscription management.
  • OVH SAS (France, EU) — web hosting and licensing-API infrastructure.
  • Microsoft Ireland Operations, Ltd. (Ireland, EU) — Microsoft Edge online text-to-speech, used only when you select online voices in the desktop or Android app. Only the sentence being read is sent to Microsoft’s TTS endpoint to generate the audio. No book content, no metadata, no user identifier is sent in that request.
  • Google LLC (United States) — Google reCAPTCHA v3 in the registration, sign-in and contact forms; and “Sign in with Google” (OAuth) when you choose to register or sign in with your Google account, in which case Google, as the independent controller of your Google account, provides us with your email address, name and account identifier.
  • Google Ireland Limited (Ireland, EU, with possible technical sub-processors in Google LLC, USA) — Google Analytics 4 (GA4) for website analytics, loaded with Consent Mode v2 (storage denied by default) and active only after you accept the analytics cookie category. Data is collected in pseudonymised form.

Data may also be disclosed to public authorities or judicial bodies where there is a legal obligation to do so.

5. International transfers

Most of the providers used are established in the European Union and do not involve transfers outside the European Economic Area (EEA).

Processing by Google LLC (reCAPTCHA, “Sign in with Google” and Google Analytics) may involve incidental transmission of data to servers in the United States. Such transfers are carried out under the EU-US Data Privacy Framework (European Commission adequacy decision of 10 July 2023) and, subsidiarily, under the standard contractual clauses approved by the European Commission. Transfers will only be activated to providers offering appropriate guarantees under Chapter V of the GDPR.

6. Retention periods

We retain personal data for as long as is necessary for the purposes described and, after the contractual relationship ends, for the periods legally required:

  • Accounting and invoicing records: minimum 6 years, in accordance with Article 30 of the Spanish Commercial Code (Código de Comercio) and Article 29 of Law 58/2003 (General Tax Law).
  • Account operating data: for the duration of the account and up to 90 days after closure, during which the user may export their data. After that period the data is deleted or anonymised.
  • License records: for the duration of the license and up to 24 months after expiry, to allow re-activation in case of disputes, and to comply with statutory limitation periods for warranty claims.
  • Security and access logs: up to 12 months, except where a legal obligation or an ongoing investigation requires longer retention.
  • Contact-form data: as long as necessary to handle the enquiry and during applicable limitation periods.
  • Marketing data: until you withdraw consent or unsubscribe.
  • Analytics and advertising data: while the user keeps the relevant cookies active. Withdrawal of consent through the cookie banner stops the collection of new data; data already collected by analytics or advertising providers will be retained in accordance with their own retention policies.
  • Consent evidence: for the time necessary to demonstrate that consent was lawfully obtained (accountability principle, Art. 5.2 GDPR).
  • Suppression list: minimum identifier (typically a hash of the email address) necessary to ensure that a person who has exercised the right to object is not contacted again; retained indefinitely as a proactive accountability measure (Art. 5.2 GDPR).

7. Your rights

You may exercise the rights granted by the GDPR: access, rectification, erasure, objection, restriction of processing and portability, as well as withdrawing consent where applicable (Arts. 15 to 22 GDPR).

To exercise your rights, write to info@aurisreader.com stating which right you wish to exercise and attaching a copy of an identity document or any other means that allows us to verify your identity. We will reply within one month, which may be extended in the cases provided for by the GDPR.

Registered users can also delete their account and associated personal data directly from their account dashboard at aurisreader.com/account/, without writing to us.

8. Complaints

If you believe that the processing of your data does not comply with applicable law, you may file a complaint with the Spanish Data Protection Agency (AEPD) via its electronic site at aepd.es, or with the supervisory authority of your EU country of residence, without prejudice to any other administrative or judicial remedy.

9. Marketing and commercial communications

Auris Reader will only send you commercial communications if you have given express consent when creating your account or by subscribing to our newsletter (Art. 6.1.a GDPR and Art. 21.1 of Spanish Law 34/2002, LSSI-CE). Withdrawing consent does not affect the lawfulness of communications sent beforehand.

Every commercial email contains a free and easy-to-use unsubscribe link. You may also request unsubscription by writing to info@aurisreader.com with the subject line “Unsubscribe”. Objection takes effect immediately and the address is added to a suppression list to avoid future contact.

10. Cookies

The website uses strictly necessary technical cookies and, with your consent, analytics and marketing cookies where applicable. No non-essential cookie is installed without your prior acceptance through the cookie banner. You can accept, reject or configure each category independently and change your choice at any time through the cookie-management link in the footer.

For a detailed list of cookies, including provider, purpose, duration and how to manage them, see our Cookie Policy.

11. Children

The service is not directed at children under the age of 16 (or the equivalent age of consent under Article 8 GDPR in the user’s country of residence). We do not knowingly collect personal data from children without verifiable parental consent. If you believe that a child has provided us with personal data, please contact us at info@aurisreader.com and we will take appropriate action to delete that data.

12. Auris Reader apps — what stays on your device

Auris Reader runs as an application on your own device: the desktop app (Windows and Linux) and the Android app. Reading, text-to-speech and translation are computed on your device. The following data never leaves your device and is never sent to our servers:

  • The content of the EPUB or PDF files you open.
  • The audio generated locally by the device’s text-to-speech engine.
  • The translations generated on your device (offline models on desktop; Google ML Kit on-device translation on Android).
  • Your reading positions, bookmarks, highlights and personal annotations.
  • The metadata of files stored on your device (titles, authors, covers).

The only outbound communications the apps establish with our servers are:

  • Account sign-in and subscription validation: to sign in, the desktop app activates a license key and the Android app pairs the device — sending your account identifier and a device token generated locally — so we can authenticate you and confirm that your subscription is active. Periodic background validations confirm that it remains active.
  • Software-update checks (desktop only): the desktop app periodically queries our update server to determine whether a newer version is available; the query includes only the current version number and the operating system family, and no identifiers of the books you have opened. The Android app is updated through Google Play and does not query our update server.

The apps may additionally communicate with the following third parties, only when the corresponding feature is explicitly enabled by you:

  • Microsoft Edge online text-to-speech (Microsoft Ireland Operations, Ltd.), only when online voices are selected. Each request contains the sentence to be read and the voice ID. No user identifier and no metadata about the book is included. The default voices — the offline voice on desktop and your device’s built-in voices on Android — require no network access.
  • Online translation provider (only if you explicitly enable online translation in the settings; it is off by default). In that case, only the text to be translated and the language pair are sent. On Android, the default on-device translation uses Google ML Kit; the first time you use a language pair the app downloads the translation model files from Google (the model files only — the text you translate is not sent in that download), after which translation runs entirely on the device.

Each of these outbound communications is described in our public security architecture document, and the source code of the application is auditable on request for users on enterprise plans.

13. Changes to this Policy

We may update this Privacy Policy to adapt it to legal, technical or service changes. The current version will always be published on this page with its last-update date. Where changes are significant, we will inform you through the channels available in the service.

Auris Reader updates

Get new features, voices and offers. No spam; unsubscribe anytime.

Product

  • Features
  • Pricing
  • Download

Company

  • About
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  • Legal Notice
  • Cookie Policy
Auris Reader

EPUB & PDF read aloud, with contextual translation.

© 2026 Auris Reader. All rights reserved.

Cookies and analytics We use Google Analytics cookies to understand how the site is used and improve it. We do not use advertising cookies. You can accept, reject, or read more in our Privacy Policy.
More info