findmanga.app

Back to home

Privacy policy

Last updated: April 12, 2026

1. Data controller

The controller of personal data collected through the Service is the legal entity or individual operating findmanga.app (the «Controller»). Before production launch, publish the Controller's identity, registered address, a dedicated privacy contact (email or equivalent), and, where appointed, the data protection officer's contact details.

2. Scope and legal framework

This notice is provided under Regulation (EU) 2016/679 («GDPR»), applicable national law implementing the GDPR, and - for cookies and similar technologies - Directive 2002/58/EC as updated («ePrivacy») and relevant guidance from your local supervisory authority. The Service is intended for users in the European Economic Area and the United Kingdom unless stated otherwise.

3. Categories of data

Depending on how you use the Service, we may process, for example: • Account data: email address, OAuth identifier if you use «Sign in with Google», display name. • Technical and security data: IP address, HTTP headers, access logs, browser and device type, session identifiers. • Usage data: search queries you run, library entries, in-app preferences (e.g. language, theme, catalog filters), and aggregated or pseudonymous records derived from that usage for service operation. • Internal statistics: where the Controller accesses password-protected operator tools, aggregated figures from the same database (e.g. popular queries, sign-up counts) processed without third-party marketing or advertising platforms.

4. Purposes and legal bases

We process personal data for the purposes below on the following legal bases: • Providing the Service, operating your account, authentication, and features you request - legal basis: performance of a contract or pre-contract steps (Art. 6(1)(b) GDPR). • IT security, abuse prevention, system integrity, and strictly necessary aggregated metrics - legal basis: legitimate interests (Art. 6(1)(f) GDPR), balanced against your rights and freedoms. • Compliance with legal obligations - legal basis: legal obligation (Art. 6(1)(c) GDPR). • Understanding how the Service is used and improving it through internal reporting available only to the Controller or expressly authorized staff - legal basis: legitimate interests (Art. 6(1)(f) GDPR); no third-party advertising or web analytics cookies are used for this purpose. Where optional tools are introduced in the future, any change to legal bases will be reflected in this notice.

5. Cookies, local storage, and your choices

The Service may use cookies, browser storage (e.g. localStorage), and similar technologies. • Strictly necessary: required for core operation and security (e.g. authentication session cookies). These are typically exempt from consent under applicable ePrivacy rules, subject to local interpretation. • Functional preferences: e.g. theme or language may be stored on your device for convenience; you can clear them in your browser at any time. We do not load third-party advertising or audience-measurement scripts as part of the current implementation. If that changes, this section will be updated before activation.

6. Retention

We keep personal data only as long as needed for the purposes described. Account and usage data are retained until you delete your account or longer if required by law or legitimate legal claims. Technical logs are kept for limited periods unless needed to investigate abuse. Search history and community feed records in the database are kept according to operational needs and may be pruned or anonymized as the Controller configures the infrastructure.

7. Recipients and processors

Data may be processed by: • Hosting, cloud infrastructure, and database providers, typically as processors under Art. 28 GDPR. • Your OAuth sign-in provider (e.g. Google) when you use social login, under its terms and privacy policy. An up-to-date list of processors may be requested from the Controller using the contact details in section 1.

8. Transfers outside the EU/EEA

Some vendors (including, where applicable, OAuth providers) may process data outside the European Economic Area. Such transfers rely on adequacy decisions by the European Commission where available, or appropriate safeguards under Art. 46 GDPR (e.g. standard contractual clauses), and - where relevant - the EU-US Data Privacy Framework and each vendor's disclosures.

9. Your rights

Under Arts. 15–22 GDPR, subject to limitations in law, you may exercise rights of access, rectification, erasure («right to be forgotten»), restriction of processing, data portability for data you provided, and objection to processing based on legitimate interests. You also have the right to lodge a complaint with a supervisory authority; in Italy, the Garante per la protezione dei dati personali (www.garanteprivacy.it). Submit requests using the contact details the Controller publishes on the Service.

10. Children

The Service is not directed at children below the age at which consent for processing may be given without parental authority in their Member State. If you believe we have collected data inappropriately, contact the Controller for deletion.