Back to home

Trust & Security

Last updated: May 2026

Honor Library is built on a simple idea: you share books with people you actually know and trust. That trust extends to how we handle your data. This page explains, in plain terms, exactly how we protect your privacy and keep the community safe.

Your circle is private

Books you list are shared only with people you have explicitly added to your circle. There is no public feed, no friends-of-friends browsing, and no stranger discovery. Honor Library uses a strict 1-hop trust model: a book is visible to a circle member or to no one at all.

What the Discover tab shows

The Discover tab only ever surfaces books from circle members who have accepted your connection. It never reaches beyond your own circle, and it never exposes you to people you have not chosen to connect with.

Contact matching is privacy-first

When the app helps you find which of your contacts already use Honor Library, phone numbers are hashed with HMAC-SHA-256 using a server-side secret before any matching happens. We never store plaintext phone numbers for matching. The matching works on irreversible hashes, not on your actual contact list.

No passwords to leak

Phone one-time passcode (OTP) is the only way to sign in. There are no passwords to choose, reuse, or have stolen in a breach somewhere else.

Row-level security on everything

Honor Library runs on a Supabase (Postgres) backend, and every database table has row-level security enabled. The database itself enforces that you can only read and write your own data and the data explicitly shared with your circle. Access controls live at the data layer, not just in the app, so a bug in one screen cannot expose another member's records.

Abuse prevention

Rate limits and quotas

Expensive actions are protected by per-user rate limits, applied both hourly and daily, alongside per-user resource quotas and content-length limits. This keeps the service stable and keeps any single account from overwhelming it.

Reporting and moderation

You can report a user, a book, or a handoff that does not belong here. Reports feed a moderation path that includes soft-ban enforcement, so the community stays safe and accountable.

Book handoffs are consent-based

Giving a book is never one-sided. Transferring a book requires the receiver to confirm they actually received it, and an owner can quietly decline a request without any awkward notification to the requester.

Built-in safeguards

Every handoff has a 48-hour undo window, and any request that goes unconfirmed automatically expires after 14 days. Nothing is locked in by mistake, and stale requests clean themselves up.

Your data, your control

Delete your account, completely

You can delete your account from inside the app at any time. The deletion removes all of your personal data, and we have audited it to leave zero residue across every table keyed to a user. When you leave, your data leaves with you.

You decide what your circle sees

Wishlist visibility is controlled per item, so you choose exactly what your circle can and cannot see. Sharing is always something you opt into, item by item.

Built by a nonprofit

Honor Library is a project of V2C Inc, a US 501(c)(3) nonprofit (EIN 33-3915449, dba v2c.org). There are no shareholders. Our accountability is to the community we serve.

Questions about trust, privacy, or security? Reach us at [email protected].

Privacy PolicyTerms of Service