Privacy Policy

Effective Date: April 4, 2026 Last Updated: April 4, 2026 Entity: Enid Ltd ("us", "we", or "our") Service: CastReader browser extension and CastReader website at castreader.ai (collectively, the "Service")

This Privacy Policy explains what data CastReader collects, how we use it, and the choices you have. We designed CastReader with privacy in mind — most processing happens locally in your browser, and we collect only what is necessary to make the Service work.

---

1. What CastReader Does

CastReader is a browser extension that reads web pages aloud using text-to-speech (TTS). When you click the extension icon:

1. Text extraction happens locally in your browser — the extension reads the page's DOM (Document Object Model) to find the article content. No page content is sent to our servers for extraction.
2. For Kindle Cloud Reader, the extension uses local OCR (tesseract-wasm running in an offscreen document inside your browser) to read rendered page images. OCR processing is entirely local — no images or book content are uploaded.
3. For WeRead (微信读书), the extension intercepts chapter data from the page's existing API responses within your browser. No additional network requests are made to WeRead's servers.
4. Text-to-speech conversion: Extracted text is sent to our TTS API server (api.castreader.ai) to generate audio. This is the only step where page content leaves your browser.

---

2. Data We Collect

2.1 Anonymous Usage Analytics

We collect anonymous, aggregated usage data to improve the Service. Each event contains:

• Device ID: A randomly generated UUID stored locally in your browser (chrome.storage.local). This is not linked to your identity, email, or any account.
• Event type: One of eight events — install, session_start, reading_start, reading_end, extraction_fail, feature_use, tts_error, rating_prompt.
• Event properties: Non-identifying context such as the website hostname (e.g., "en.wikipedia.org"), extraction method used, error codes, or feature name.
• Extension version and timestamp.

Analytics events are batched locally and sent to https://castreader.ai/api/events every 5 minutes or when 20 events accumulate.

We do NOT collect:

• Your name, email address, phone number, or any personally identifiable information
• The full text of any page you read
• Browsing history or URLs beyond the hostname in analytics events
• Passwords, form data, or authentication tokens
• IP addresses are not stored by our analytics system (they may appear in standard server access logs, which are automatically deleted after 30 days)

2.2 Text Sent to TTS API

When CastReader reads a page aloud, the extracted text is sent to our TTS API (api.castreader.ai) to generate audio. This text is:

• Used solely to generate the audio response
• Not stored after the audio is generated
• Not used for training, advertising, or any other purpose
• Not shared with any third party

2.3 Extension Settings

Your preferences (voice selection, reading speed, language) are stored locally in chrome.storage.local on your device. These settings are not sent to our servers.

2.4 Share and Live Session Features

If you use the Share or Send to Phone features, the text content you choose to share is sent to our server (castreader.ai) to create a shareable page or live audio session. This data is:

• Stored only for the duration needed to provide the feature
• Live sessions expire automatically
• Shared pages can be deleted by the creator

2.5 Website (castreader.ai)

When you visit castreader.ai, we use standard web analytics (Plausible Analytics, a privacy-focused, cookie-free analytics service) to understand traffic patterns. No cookies are set for analytics. No personally identifiable information is collected.

---

3. Browser Extension Permissions

CastReader requests the following Chrome permissions, each for a specific purpose:

Host permissions:

• api.castreader.ai — TTS audio generation API
• castreader.ai — Analytics events, Share/Live Session features
• weread.qq.com — WeRead chapter data interception (runs locally)
• read.amazon.com / read.amazon.cn — Kindle Cloud Reader OCR extraction (runs locally)

We do NOT request <all_urls> or broad host permissions on Chrome and Edge. The extension only activates on the page you're currently viewing when you click the icon.

---

4. Data We Do NOT Collect

To be explicit:

• No account system: CastReader has no user accounts, no login, no registration.
• No personal information: We never ask for or collect your name, email, phone number, address, or payment information.
• No browsing history: We do not track which pages you visit. The extension only activates when you click it.
• No cookies: The extension does not set or read browser cookies.
• No advertising: We do not serve ads or share data with advertising networks.
• No data sales: We never sell, rent, or trade any data to third parties.

---

5. Data Storage and Security

• Local storage: Settings and device ID are stored in chrome.storage.local, which is sandboxed to the extension and inaccessible to websites.
• Analytics transmission: Events are sent over HTTPS to castreader.ai.
• TTS API: Text is sent to api.castreader.ai for audio generation. The audio is returned as an encoded data URL. Text is processed in memory only and is not logged or stored server-side.

---

6. Third-Party Services

We do not use Google Analytics, Facebook Pixel, or any advertising-related tracking services.

---

7. Children's Privacy

CastReader does not knowingly collect any personal information from children under 13 (or the applicable age in your jurisdiction). Since we do not collect personal information from any user, there is no children's data to protect. If you believe a child has somehow provided personal information to us, please contact us and we will delete it.

---

8. Your Rights

Since CastReader does not collect personal information or maintain user accounts, most data protection rights (access, correction, deletion) are not applicable in the traditional sense. However:

• Device ID reset: You can reset your anonymous device ID at any time by clearing the extension's storage (right-click the extension icon → Manage Extensions → Clear Data). This effectively makes you a new, unlinked device.
• Opt out of analytics: You can block requests to castreader.ai/api/events using any ad blocker or network filter to prevent analytics events from being sent.
• Uninstall: Removing the extension deletes all locally stored data (settings, device ID, analytics queue).

If you are in the European Economic Area (EEA), United Kingdom, or California, and believe we hold any data about you, contact us at the email below and we will respond within 30 days.

---

9. Data Retention

• Analytics events: Aggregated analytics data is retained for up to 12 months, then deleted.
• TTS text: Not retained — text is processed in memory and discarded after audio generation.
• Share pages: Retained until manually deleted by the creator or automatically after 90 days of inactivity.
• Live sessions: Expire automatically after 24 hours.

---

10. International Data Transfers

Our servers are located in the United States and Hong Kong. If you use CastReader from outside these regions, the extracted text sent to our TTS API will be transferred to these locations for processing. By using the Service, you consent to this transfer. We ensure that data is handled securely regardless of where it is processed.

---

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. For significant changes, we will update the extension's changelog on the Chrome Web Store. We encourage you to review this page periodically.

---

12. Contact Us

If you have questions about this Privacy Policy or our data practices:

• Email: support@castreader.ai
• Website: https://castreader.ai