Publishing Privacy Policy
EBOKIO Effective Date: 12 July 2026 Last Updated: 12 July 2026 Version: 1.0
Company: EBOKIO LTD, a private limited company registered in England and Wales
Applies to: www.ebokio.com, publishing.ebokio.com, and related services operated by EBOKIO LTD
Applies to: publishing.ebokio.com and the public EBOKIO storefront at ebokio.com, together with all related seller dashboards, author tools, publisher accounts, upload interfaces, distribution systems, and self-publishing services operated by EBOKIO LTD.
1. Introduction
This Self-Publishing Privacy Policy (the "Policy") explains how EBOKIO LTD ("EBOKIO", "we", "us", or "our") collects, uses, stores, discloses, transfers, retains, and otherwise processes personal data relating to authors, publishers, rights holders, literary agents, distributors, account administrators, and other persons or entities who upload, submit, manage, distribute, market, or sell ebooks or related digital content through EBOKIO's self-publishing services (together, "Publishers").
EBOKIO LTD is a private limited company registered in England and Wales under company number 17308940, with its registered office at 128 City Road, London, EC1V 2NX, United Kingdom.
For the purposes of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (as amended), and other applicable data protection laws, EBOKIO LTD acts as the data controller of personal data processed under this Policy, except where this Policy expressly states otherwise or where another person or entity acts as an independent controller or joint controller under applicable law.
This Policy forms part of EBOKIO's wider legal framework and should be read together with the EBOKIO Terms of Service, Privacy Policy, Cookie Policy, Content Policy, Copyright Notice and Takedown Policy, Refund and Returns Policy, and any additional notices, product disclosures, or compliance statements made available through the Platform from time to time.
2. Scope of This Policy
This Policy applies to personal data processed in connection with the onboarding, verification, registration, management, moderation, operation, monetisation, support, enforcement, and closure of self-publishing and seller accounts on EBOKIO.
Without limitation, this Policy applies where a Publisher:
creates or administers a seller, author, or publisher account;
uploads manuscripts, EPUB files, DOCX files, covers, metadata, descriptions, sample chapters, or related submission materials;
configures pricing, territories, distribution settings, payout details, tax information, author profiles, or publication preferences;
receives royalties, earnings statements, payouts, refunds, reversals, or chargeback-related notices;
submits or responds to rights complaints, takedown notices, moderation actions, appeals, or verification requests; or
otherwise uses EBOKIO's self-publishing dashboard, author tools, listing interfaces, content review systems, or related business services.
This Policy does not govern personal data processed solely in connection with general browsing of third-party websites, third-party payment environments, third-party single sign-on providers, or other independent third-party services whose privacy practices are governed by their own notices and policies.
3. Contact Details
Questions, complaints, requests, or notices relating to this Policy or personal data processed under it should be directed to:
EBOKIO LTD
Privacy and Data Protection: privacy@ebokio.com
Legal Notices and Rights Complaints: legal@ebokio.com
General Support: support@ebokio.com
Registered Office: 128 City Road, London, EC1V 2NX, United Kingdom
Website: https://publishing.ebokio.com
Where EBOKIO is required by applicable law to appoint a representative, local contact, or data protection officer, the relevant contact details will be published or provided as required.
4. Categories of Personal Data We Process
Depending on the nature of the Publisher relationship and the services used, EBOKIO may collect and process the following categories of personal data.
4.1 Identity and Account Data
This may include:
full legal name;
display name;
pen name;
business or trading name;
email address;
telephone number;
country of residence or incorporation;
date of birth where reasonably required for age verification, security, or compliance;
account credentials, authentication data, and account identifiers;
user role, account status, profile information, and account preferences.
4.2 Publisher, Business, and Tax Data
This may include:
company registration details;
VAT number or tax identification number;
taxpayer status and tax residency information;
invoicing and business contact details;
certifications, declarations, or forms required for tax, sanctions, compliance, or marketplace administration;
documents or information reasonably required to verify authority to act on behalf of a business or publishing entity.
4.3 Payout and Financial Data
This may include:
payout account name;
bank name;
sort code;
account number;
IBAN;
SWIFT/BIC;
payment processor account identifiers;
partial billing information;
transaction records;
royalty calculations;
earnings statements;
payout history;
refunds, reversals, deductions, set-offs, chargebacks, and related financial dispute records.
Full credit or debit card details are not stored by EBOKIO on its own servers where payment processing is handled directly by authorised payment service providers.
4.4 Content Submission and Listing Data
This may include:
manuscripts and uploaded ebook files;
cover images, thumbnails, illustrations, and related assets;
preview files, sample chapters, and promotional excerpts;
book titles, subtitles, descriptions, categories, keywords, ISBN data, publication dates, language selections, series information, and listing metadata;
technical file details such as file format, file size, timestamps, conversion status, version history, and device compatibility data;
pricing, territorial rights, distribution preferences, and publication settings.
4.5 Rights, Compliance, and Evidence Data
This may include:
copyright ownership information;
licence or assignment records;
permissions and rights-clearance materials;
authorship evidence;
AI-use disclosures and related supporting materials;
moderation history;
enforcement records;
notices and counter-notices;
correspondence with rights holders, complainants, regulators, service providers, or advisers;
materials preserved for legal claims, fraud prevention, rights enforcement, safety, or audit purposes.
4.6 Technical, Usage, and Security Data
This may include:
IP address;
browser type and version;
operating system and device information;
user agent string;
login history;
session data;
access timestamps;
approximate geolocation derived from IP address;
referral data;
platform usage logs;
upload logs;
failed authentication attempts;
device and risk signals;
suspected abuse indicators;
VPN or proxy indicators;
fraud and security event records.
4.7 Communications and Support Data
This may include:
emails;
support tickets;
live chat messages where available;
moderation communications;
compliance requests;
appeal submissions;
legal correspondence;
complaint records;
communications preferences;
records of notices sent to or received from the Publisher.
4.8 Public Profile and Marketplace Data
This may include information intentionally made public by the Publisher through the Platform, such as:
author name or pen name;
publisher name;
author biography;
profile image;
public-facing catalogue and listing information;
other profile or brand information the Publisher chooses to display to buyers or visitors.
5. How We Collect Personal Data
We collect personal data in the following ways.
5.1 Data Provided Directly by Publishers
We collect data provided directly when a Publisher:
registers or updates an account;
completes onboarding or verification processes;
uploads content or listing materials;
enters payout, tax, or business information;
submits support requests or legal responses;
communicates with EBOKIO;
appeals moderation or enforcement decisions;
participates in surveys, beta features, or service improvement initiatives.
5.2 Data Collected Automatically
We collect certain technical and behavioural data automatically through server logs, cookies, local storage, analytics tools, fraud-detection tools, security monitoring systems, and technical processing activities used to operate, secure, and improve the Platform.
Details concerning cookies and similar technologies are set out separately in the EBOKIO Cookie Policy.
5.3 Data Received from Third Parties
We may receive relevant personal data from third parties, including:
payment processors and payout providers;
identity verification and sanctions screening providers;
fraud prevention and cybersecurity vendors;
hosting, infrastructure, content-delivery, and analytics providers;
single sign-on providers where enabled;
rights holders, complainants, publishers, buyers, and other users involved in disputes or notices;
legal, regulatory, tax, or law enforcement authorities;
professional advisers, auditors, insurers, and compliance providers.
6. Purposes of Processing and Legal Bases
EBOKIO processes personal data only where there is a lawful basis to do so under applicable law.
6.1 Performance of a Contract
We process personal data where necessary to enter into or perform a contract with the Publisher, including to:
create, administer, and maintain publisher accounts;
provide access to self-publishing tools and dashboard features;
host, process, convert, index, distribute, and make available digital content;
administer listings, pricing, territories, and catalogue settings;
calculate royalties, administer earnings, and process payouts;
provide support and account communications;
administer refunds, disputes, and chargeback-related matters;
manage account closure and post-termination obligations.
6.2 Compliance with Legal Obligations
We process personal data where necessary to comply with legal and regulatory obligations, including obligations relating to:
accounting and financial record-keeping;
taxation, VAT, and reporting obligations;
sanctions, anti-fraud, and compliance screening;
consumer protection and e-commerce obligations;
copyright and rights-enforcement issues;
lawful requests, court orders, regulatory enquiries, and law enforcement requests;
evidence preservation and legal hold requirements;
record retention obligations imposed by law.
6.3 Legitimate Interests
We may process personal data where such processing is necessary for EBOKIO's legitimate interests or those of a third party, provided those interests are not overridden by the Publisher's rights and freedoms. These interests include:
operating, securing, monitoring, and improving the Platform;
detecting, investigating, and preventing fraud, abuse, piracy, security incidents, unauthorised access, policy evasion, and commercially abusive behaviour;
verifying authenticity, authorship, and rights ownership;
enforcing the Terms of Service, Content Policy, Copyright Notice and Takedown Policy, and other platform rules;
preserving evidence and maintaining internal records;
defending or pursuing legal claims;
responding to complaints, notices, and disputes;
protecting buyers, publishers, service providers, and the public;
conducting business analytics, service development, and operational planning.
6.4 Consent
Where required by law, we rely on the Publisher's consent for specific processing activities, such as non-essential cookies, optional analytics, certain marketing communications, or optional product features. Consent may be withdrawn at any time, but withdrawal does not affect the lawfulness of processing carried out before withdrawal.
7. Verification, Screening, and Fraud Prevention
Where EBOKIO has reasonable grounds to doubt a Publisher's identity, or to address fraud, sanctions, money-laundering, or other legal-compliance risk, EBOKIO may process personal data to verify the Publisher's identity, authority, tax status, payout eligibility, sanctions status, and overall account legitimacy.
This may include reviewing account details, technical signals, device and access patterns, file submission behaviour, financial risk indicators, prior complaints, rights documentation, authorship evidence, and other information reasonably necessary to prevent fraud, piracy, abuse, duplication, payment risk, rights infringement, regulatory exposure, or misuse of the Platform.
Where reasonably necessary and proportionate, EBOKIO may request additional information or documents, delay publication, delay payout, impose account restrictions, preserve records, or suspend features pending completion of a verification, safety, or compliance review. Where EBOKIO collects identity documents or verification images (such as a copy of a passport or identity card) to verify a Publisher, EBOKIO deletes those documents and images immediately once the verification check is completed, and keeps only a minimal record confirming that verification took place (for example, the date, method, and result), not the document images themselves. EBOKIO does not retain identity document images for longer than is necessary for the verification and, where possible, relies on a regulated third-party identity-verification provider to carry out and hold such checks.
8. File Processing, Content Review, and Platform Operations
Where a Publisher uploads files or related materials, EBOKIO may process those files and associated data to:
store and host them securely;
scan them for malware or harmful code;
extract and process metadata;
generate previews, samples, and thumbnails;
create backup copies;
convert files into supported formats;
optimise compatibility and delivery;
apply DRM, watermarking, or comparable protection measures;
index content for search, discovery, and internal administration;
review content for quality, legality, authenticity, and compliance with platform rules;
investigate complaints, rights notices, and moderation issues;
facilitate distribution, access, support, and customer service.
Nothing in this Policy obliges EBOKIO to publish, continue to publish, or distribute any content, and content-related decisions remain subject to the Terms of Service, Content Policy, and other applicable EBOKIO policies.
9. Public and Non-Public Information
Certain information submitted by a Publisher may be displayed publicly through the Platform, including author name, pen name, publisher name, biography, listing details, cover images, descriptions, catalogue metadata, and other information intentionally made public through the listing or profile settings.
Publishers are solely responsible for ensuring that public-facing materials do not include unnecessary personal data, confidential information, or data they are not entitled to disclose.
Non-public information, such as legal identity records, tax documents, bank details, internal risk assessments, private moderation notes, account verification materials, internal enforcement records, and preserved evidence, will not be made public by EBOKIO except where disclosure is required or permitted by law, reasonably necessary for the protection of rights, or necessary in connection with a dispute, investigation, regulatory obligation, or contractual enforcement.
10. Data Sharing and Disclosure
EBOKIO does not sell or rent Publisher personal data to third parties for unrelated commercial marketing purposes.
We may share personal data where reasonably necessary with:
payment processors and payout providers (currently Stripe, Inc. and PayPal), banks, and financial institutions;
hosting, infrastructure, cloud storage, and email or communications providers (currently Hostinger and Hetzner, with servers located in the European Union);
analytics, security, fraud prevention, and compliance vendors;
identity verification, sanctions screening, and KYC/AML providers;
professional advisers, auditors, insurers, and tax advisers;
rights holders, complainants, buyers, publishers, users, or counterparties involved in a dispute, notice, complaint, or enforcement matter where disclosure is reasonably necessary and lawful;
regulators, courts, law enforcement bodies, and competent authorities;
acquirers, investors, administrators, or counterparties in connection with a merger, acquisition, restructuring, insolvency process, financing, or sale of business assets, subject to applicable safeguards.
Where a transaction requires limited information to be shared between marketplace participants, EBOKIO may disclose only the information reasonably necessary to administer the transaction, support, refund, dispute, chargeback, fraud review, or legal compliance process.
Publishers who receive buyer data through or from EBOKIO must process that data lawfully and only for purposes authorised by applicable law and the EBOKIO contractual framework. Buyer data must not be used for unrelated marketing, scraping, profiling, resale, or off-platform communications without an independent lawful basis.
11. International Transfers
Because EBOKIO may use international service providers and technical infrastructure, personal data may be processed outside the United Kingdom or outside the country in which the Publisher is located.
Where required by law, EBOKIO will implement appropriate safeguards for international transfers, which may include adequacy regulations, Standard Contractual Clauses, International Data Transfer Agreements, or other lawful transfer mechanisms together with supplementary technical and organisational measures where appropriate.
12. Retention of Personal Data
EBOKIO retains personal data only for as long as reasonably necessary for the purposes described in this Policy, including service provision, account administration, payout processing, tax compliance, fraud prevention, rights protection, dispute resolution, security, audit, and the establishment, exercise, or defence of legal claims.
Retention periods may vary depending on the category of data, the nature of the account, the type of transaction, and applicable legal requirements. In particular:
account, transaction, and financial records are retained for the duration of the business relationship and, thereafter, for at least six (6) years from the end of the relevant tax or accounting period, for tax, accounting, audit, fraud-prevention, and legal purposes;
tax and seller-compliance records are retained for at least six (6) years from the end of the relevant tax period, or longer where required by HMRC, applicable law, or regulatory guidance;
content, metadata, and related submission records may be retained after removal or account closure where reasonably necessary for refunds, buyer access, disputes, rights enforcement, fraud prevention, backup integrity, or legal obligations;
moderation, notice, appeal, fraud, and security records may be retained for longer where reasonably necessary to detect repeat abuse, respond to authorities, preserve evidence, or defend claims.
Where personal data is no longer required, EBOKIO will delete, anonymise, de-identify, securely archive, or securely destroy it in accordance with applicable law and internal retention practices.
Account deletion and the 30-day recovery period. If a Publisher closes or deletes their Publisher Account, the account is deactivated immediately and is kept in a restorable state for thirty (30) days, during which the Publisher may restore it and have their account, author profiles, and Works reinstated and relisted. After that period, the account and its associated personal data are permanently deleted or anonymised, except where EBOKIO is required or permitted to retain them for legal, tax, accounting, rights-enforcement, fraud-prevention, or dispute-resolution purposes. A Publisher may instead ask EBOKIO to delete their account and personal data immediately, without waiting for the 30-day period, by contacting privacy@ebokio.com.
13. Security Measures
EBOKIO implements appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful access, loss, misuse, destruction, alteration, or disclosure.
Such measures may include encrypted communications, secure hosting arrangements, access controls, role-based permissions, logging and monitoring, malware scanning, vendor due diligence, authentication controls, backup procedures, incident management processes, and other reasonable security safeguards appropriate to the nature of the data and the risks involved.
No internet-based or electronically stored system can be guaranteed to be completely secure. Publishers are responsible for maintaining the confidentiality of their account credentials and for notifying EBOKIO promptly of any suspected unauthorised access, account misuse, or security incident affecting their account.
14. Publisher Obligations Regarding Third-Party Personal Data
If a Publisher uploads, submits, or otherwise provides personal data relating to another individual, the Publisher represents and warrants that it has a valid lawful basis to provide that data and that the disclosure does not violate privacy rights, confidentiality obligations, intellectual property rights, contractual duties, or applicable law.
Publishers must not upload unnecessary identity documents, confidential third-party records, unlawfully obtained data, or personal data included in breach of legal, contractual, or fiduciary obligations. EBOKIO may remove, redact, restrict, preserve, or report such material where reasonably necessary.
15. Data Subject Rights
Subject to applicable law, data subjects may have the right to:
be informed about the processing of their personal data;
request access to personal data;
request rectification of inaccurate or incomplete personal data;
request erasure of personal data;
request restriction of processing;
object to certain processing, including processing based on legitimate interests in appropriate circumstances;
request portability of personal data where applicable;
withdraw consent where processing is based on consent;
lodge a complaint with a competent supervisory authority.
These rights are not absolute and may be limited where an exemption applies or where continued processing is necessary for compliance with law, fraud prevention, rights protection, legal claims, security, evidence preservation, or the rights and freedoms of others.
To exercise privacy rights, contact privacy@ebokio.com. EBOKIO may request reasonable information to verify identity before acting on a request.
16. Complaints
If a Publisher has concerns about how EBOKIO handles personal data, the Publisher should first contact EBOKIO using the contact details above so that the matter may be reviewed and, where appropriate, resolved.
If the Publisher is in the United Kingdom, the Publisher may also have the right to lodge a complaint with the Information Commissioner's Office (ICO). If the Publisher is located elsewhere, the Publisher may have rights to complain to another competent supervisory authority under applicable law.
17. Changes to This Policy
EBOKIO may amend, update, replace, or supplement this Policy from time to time to reflect changes in law, regulatory guidance, platform functionality, fraud risks, operational practices, technical infrastructure, service providers, or self-publishing workflows.
Any revised version will be published on the Platform with an updated effective date or last-updated date. Where required by law, EBOKIO will provide additional notice or seek renewed consent before material changes take effect.
18. Governing Law
This Policy shall be governed by and construed in accordance with the laws of England and Wales, without prejudice to any mandatory data protection or consumer rights that apply under applicable law and cannot lawfully be excluded.
19. Short Website Notice
By registering for or using EBOKIO's self-publishing services, authors and publishers acknowledge that EBOKIO may process their personal data to verify accounts, administer publishing tools, review and host submissions, distribute digital content, calculate and pay earnings, prevent fraud, enforce platform rules, protect rights, respond to complaints, and comply with legal obligations. A fuller explanation is set out in this Self-Publishing Privacy Policy and the related EBOKIO legal policies referenced above.
Campagne information:
Registered Office: 128 City Road, London, EC1V 2NX, United Kingdom
Company Number: 17308940