This Privacy Policy explains how Publica.la Plus (“Publica.la Plus”, “we”, “us”) collects, uses, shares and protects personal data when you use our publishing service platform at plus.publica.la (the “Service”). Publica.la Plus is operated by publica.la. We act as the data controller for account and billing data, and as a data processor for the files and content you upload to run the tools.
Who we are
Publica.la Plus is the service platform for the publishing industry, operated by publica.la. It offers publishing tools — EPUB validation, accessibility checking, metadata extraction, format conversions and AI-assisted creative tools — under subscription plans.
For any question about this policy or your personal data, contact us at [email protected].
Scope of this policy
This policy applies to the Publica.la Plus storefront, the customer dashboard and the tools you run through them. It does not cover third-party websites or the core publica.la platform, which is governed by its own privacy policy.
Data we collect
We collect the following categories of data:
- Account data — your name, email address and authentication credentials (including passkeys) when you register or sign in.
- Workspace data — your organization, plan, team members and configuration.
- Content you upload — the EPUB, PDF, audio and other files you submit to run a tool, together with the reports and outputs generated from them.
- Usage and technical data — log data, IP address, browser type, device information and the actions you take in the Service, used to operate and secure the platform.
- Billing data — your subscription tier, transaction history and the payment details you provide to our payment processor (we never store full card numbers ourselves).
- Communications — the messages you send us for support or enquiries.
How we use your data
We use your data to:
- Provide, operate and maintain the Service and the tools you run.
- Process the files you upload and return the corresponding reports and outputs.
- Manage your account, subscription, AI credits and billing.
- Secure the platform, prevent abuse and diagnose problems.
- Communicate with you about your account, service changes and support requests.
- Comply with our legal obligations.
Legal bases (GDPR)
Where the GDPR applies, we process personal data on the following legal bases:
- Performance of a contract — to provide the Service you sign up for.
- Legitimate interests — to secure, improve and operate the platform, balanced against your rights.
- Legal obligation — to meet accounting, tax and other legal requirements.
- Consent — where we ask for it, such as optional product communications, which you can withdraw at any time.
AI processing
AI features run only when you explicitly start them. When you do, only the minimal text content, metadata (such as language and title) and your prompts needed to run the tool are transmitted to our AI providers over encrypted TLS 1.2+ connections.
No account identifiers or personally identifiable information are sent to AI providers, your content is not used to train, fine-tune or improve any AI model, and AI outputs are returned to you and are not stored or redistributed by Publica.la Plus. For full detail, see our AI transparency & policy page.
Service providers and subprocessors
We rely on a small set of trusted providers to operate the Service. They process data only on our instructions and under data processing agreements. The table below lists the providers we use today and those we may introduce as the platform grows; we keep it current as our toolchain expands.
| Provider | Purpose | Region |
|---|---|---|
| Laravel Cloud | Application hosting and database | United States / EU |
| Amazon Web Services (AWS) | Cloud infrastructure, object storage and AI inference | Global |
| Hetzner | Dedicated processing tier for validation, accessibility, conversions and audio | European Union |
| Anthropic | AI text generation (default provider) | United States |
| OpenAI | AI text and image generation (selected tools) | United States |
| Stripe | Payment and subscription processing | United States / Global |
| Laravel Nightwatch | Application observability and error monitoring | EU / United States |
| publica.la | Account provisioning and entitlements for publica.la customers | Global |
International data transfers
Some of our providers are located outside your country, including in the United States. Where personal data is transferred internationally, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and our providers’ GDPR-compliant data processing agreements.
Data retention
We keep account and billing data for as long as your account is active and as required to meet our legal obligations.
The files you upload and the outputs generated from them are retained only as long as needed to deliver the result and let you download it, after which they are deleted from our processing tier according to our retention schedule. Our AI providers operate under zero-retention policies on API inputs.
Security
We protect your data with encryption in transit (TLS 1.2+), access controls, isolated processing environments and continuous monitoring. No system is perfectly secure, but we work to protect your data using industry-standard measures.
Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data (the right to be forgotten).
- Restrict or object to certain processing.
- Receive your data in a portable format.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law.
Children
The Service is intended for publishing professionals and is not directed at children. We do not knowingly collect personal data from children under 16.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the date above and, where appropriate, notify you. Continued use of the Service after changes take effect means you accept the updated policy.
Contact us
For any question about this policy or to exercise your data rights, write to [email protected].
Related documents