Privacy notice

We keep the bare minimum needed to run a rare-book catalogue and a per-account wants list, we don’t use ad networks or third-party analytics, and the “you recently visited” rail lives entirely in your browser’s local storage.

• The catalogue itself— book metadata, author records, seller information, and listings scraped from public marketplaces. None of this is personal data about you.
• Your email address, if you sign in. We use it to send the magic-link sign-in code and your wants-list digests, and nothing else.
• Your wants-list subscriptions— the authors and books you’ve asked to be alerted about, plus the optional maximum price per entry.
• Session cookies, set when you sign in, so the site knows you on subsequent page loads. These are first-party, HttpOnly, and expire when your session does.
• Coarse server logs— page paths and timestamps, used for diagnostics and capacity planning. We do not correlate these to your account.

The You recently visitedrail on book pages writes a short list of recently-viewed book titles to your browser’slocalStorage. This list:

• Never leaves your device.
• Is never read by, or transmitted to, our server.
• Is capped at the most recent twelve titles, so it can’t grow unbounded.
• Can be wiped at any moment with the “Clear this list” link in the rail itself, or by clearing your browser’s site data.

• No third-party analytics (no Google Analytics, no Plausible, no Mixpanel).
• No ad networks, ad cookies, or remarketing pixels.
• No social-media tracking widgets.
• No selling, renting, or sharing personal data to third parties.
• No fingerprinting, cross-site tracking, or device profiling.

To run the service we hand limited information to a small number of processors. Each only sees what it needs:

• Resend— receives your email address and the content of any sign-in code or wants-list digest we send you.
• Our database host— stores the catalogue, accounts, and subscriptions. Encrypted at rest.

Book metadata sources (Wikipedia, Open Library, Google Books) are one-way reads: we fetch information from them, no information about you flows the other way.

• Export: a copy of the personal data we hold about you (your email, wants-list entries, alert history).
• Deletion: full removal of your account and associated wants-list. Catalogue records aren’t affected because they aren’t about you.
• Correction: if anything we hold about you is wrong.

Email [email protected] and we’ll respond within a reasonable window — usually a few days.

raretomes is a marketplace-adjacent service for collectors and is not directed to children under 16. We don’t knowingly collect information from anyone under that age.

Material changes will be noted by updating the date at the top of this page and, where they affect existing users, by a one-line note in your next wants-list digest.