Home Security

Security and Data Protection

Keeping your reading records safe

SSL/TLS Encryption | OAuth 2.0 Authentication

Your Data Protection is Our Top Priority

At Reading Forest, we employ industry-standard security technologies and strict data management practices to protect your valuable reading records and privacy. This page provides detailed information about our specific security measures and data protection initiatives.

Data Encryption

Reading Forest encrypts your data at multiple layers to protect it from unauthorized access.

Communication Encryption

All communications are encrypted with SSL/TLS (HTTPS) to prevent eavesdropping and tampering by third parties.

Local Data Protection

Data stored in your browser (localStorage) is protected by your browser's security features.

Cloud Storage

Data saved to Google Drive is protected by Google's encryption technology.

Communication Encryption (SSL/TLS)

Reading Forest uses SSL/TLS encryption for all communications. This ensures that data exchanged between you and our servers cannot be decrypted even if intercepted by third parties.

  • TLS 1.2 or higher: Communications protected with the latest encryption protocols
  • Strong cipher suites: Industry-standard encryption algorithms such as AES-256
  • Certificate verification: Legitimate SSL certificates prevent phishing attacks
  • HTTPS only: We do not accept unencrypted HTTP connections

What is SSL/TLS?

SSL (Secure Sockets Layer)/TLS (Transport Layer Security) are encryption protocols for securely exchanging information over the internet. When the URL starts with "https://", this encryption is active. Look for the lock icon in your browser's address bar to confirm.

Local Data Protection

Data stored in your browser (localStorage) is protected in the following ways:

  • Origin isolation: Reading Forest data cannot be accessed by other websites
  • Browser sandbox: Data is protected from malicious scripts
  • Secure context: Data is stored only in HTTPS environments
  • Auto-save feature: Changes are automatically saved to the browser to prevent data loss

Caution About Clearing Browser Cache

Clearing your browser's cache and cookies may also delete data stored in localStorage. We recommend backing up your data regularly.

Google Drive Encryption

Data saved to Google Drive is protected by Google's advanced encryption technology:

  • Encryption in transit: Data is encrypted with TLS during upload/download
  • Encryption at rest: Data is encrypted with AES-256 on Google Drive servers
  • Google authentication: Secure authentication process using OAuth 2.0
  • Access control: Only accessible with your Google account

What Reading Forest Can Access

When Reading Forest accesses Google Drive, we only request the following permissions:

  • Read and write files created by Reading Forest (we cannot access other files)
  • View file list (only files created by Reading Forest)

Rest assured that we cannot access any of your other Google Drive files.

Privacy Protection Practices

Reading Forest respects your privacy and handles personal information with the utmost care.

Information We Collect

Reading Forest only collects the following information:

Type of Information Collection Method Purpose of Use
Reading Record Data Entered by you Providing reading record service
Google Account Information During OAuth authentication Providing Google Drive integration
Access Logs During server access Service improvement, security measures

Information We Do NOT Collect

Reading Forest does NOT collect the following information:

  • Credit card information: Payments are processed through Stripe; card information is not stored on our servers
  • Browsing history: We do not track your browsing history on other websites
  • Location information: We do not obtain location data from GPS or IP addresses
  • Contacts: We do not access your address book or email list

Third-Party Disclosure

We do not disclose your personal information to third parties except in the following cases:

Third-Party Disclosure Principles

  • With your consent
  • When required by law (such as court orders)
  • To the extent necessary for service provision (Google Drive integration, payment processing, etc.)

Use of Browser Storage

Reading Forest uses browser storage (localStorage, IndexedDB) for the following purposes:

  • Maintaining login status: Eliminates the need to log in repeatedly
  • Saving settings: Remembers your display preferences
  • Security: Prevents CSRF attacks and other threats

About Analytics

Reading Forest uses Google Analytics 4 for service improvement. Google Analytics collects anonymized access information but does not collect personally identifiable information. We do not perform any tracking for advertising purposes. Your privacy is our top priority.

Data Retention Period

Your data is retained for the following periods:

  • Account information: Retained until you delete your account
  • Access logs: Automatically deleted after up to 90 days
  • Backup data: Automatically deleted after up to 30 days

Note: Reading notes data is not stored on our servers. It is saved to your local storage or Google Drive.

Your Rights

You have the following rights regarding your personal information:

  • Right of access: You can request to see what data is stored
  • Right to rectification: You can request correction of incorrect data
  • Right to erasure: You can request deletion of your data
  • Data portability: You can export your data

Security Certifications

Reading Forest employs industry-standard security protocols and certifications.

SSL/TLS Encryption
OAuth 2.0 Authentication
Stripe Payment Certification

SSL/TLS Certificate

  • Certificate type: SSL certificate issued by a trusted Certificate Authority (CA)
  • Auto-renewal: Certificates are automatically renewed to remain always valid
  • Browser compatibility: Trusted by all major browsers

OAuth 2.0 Authentication

We use OAuth 2.0, an industry-standard authentication protocol, for Google Drive integration.

  • No password required: You don't need to enter your Google account password in Reading Forest
  • Limited access permissions: We only request the minimum necessary permissions
  • Revocable anytime: You can revoke access from your Google account settings
  • Secure token management: Access tokens are stored encrypted

How OAuth 2.0 Works

OAuth 2.0 is a mechanism that allows limited access to third-party apps without sharing passwords. When Reading Forest accesses Google Drive, you authenticate directly on Google's login screen. Reading Forest never knows your Google password.

Payment Security

For paid plan payments, we use Stripe, a globally trusted payment processing service.

  • PCI DSS compliant: Meets credit card industry security standards
  • Card information not stored: Credit card information is not stored on our servers
  • 3D Secure support: Additional authentication to prevent fraudulent use
  • Encrypted communication: All payment information is transmitted encrypted

Security Audits

Reading Forest conducts regular security audits to detect and address vulnerabilities early.

  • Code review: Security expert code audits
  • Vulnerability scanning: Regular automated scanning
  • Security updates: Discovered vulnerabilities are promptly fixed
  • Incident response: Rapid response system for security incidents

Backup and Data Recovery

Regular backups and proper data management are important to prevent losing your valuable reading records.

Recommended Backup Strategy

We recommend following the "3-2-1 rule" for backups:

3-2-1 Backup Rule

  • 3 copies: Original data + 2 backups
  • 2 types of media: Local files + cloud storage
  • 1 offsite: Store in a different location like Google Drive

Backup Methods

Method 1: Save to Local File

  1. Open Settings
    Click the [Settings] button in the top right corner
  2. Select Data Management Tab
    Click the [Data Management] tab
  3. Save Locally
    Click [Save Locally] and save as a reading notes file (.rfnote)
  4. Store in a Safe Place
    Copy to an external HDD or USB drive for safekeeping

About Warning Messages When Saving

When saving locally in Chrome or Edge, you may see a warning like this:

"Warning: This site can see the edits you make"

There is no need to worry. This warning is a standard browser security notification that appears for all websites when using the browser's "File System Access API" to access local files.

Reading Forest only accesses the file or folder you select as the save destination. We cannot view or modify files in any location you haven't selected.

If this warning concerns you, please use Google Drive save instead. This warning does not appear when saving to cloud storage.

Method 2: Save to Google Drive

  1. Connect to Google Drive
    First time only: [Settings] → [Google Drive] tab → [Connect to Google Drive]
  2. Save Regularly
    [Data Management] tab → [Save to Google Drive]
  3. Include Date in Filename
    Example: "Reading_Records_2025-01-15.rfnote"
  4. Keep Old Backups
    Don't overwrite; keep multiple generations of backups

Recommended Backup Schedule

  • Daily: Auto-saved to browser's localStorage (automatic)
  • Weekly: Manual save to Google Drive
  • Monthly: Save to local file and copy to external media
  • After important updates: Backup immediately

Data Recovery Procedures

Here are the recovery steps if you accidentally deleted data or want to use data on a different device.

Case 1: Accidentally Deleted a Book

  1. Click the Undo Button
    If done immediately after deletion, you can restore using the [Undo] button at the bottom of the screen
  2. Restore from Backup
    If [Undo] is not available, load the most recent backup file

Case 2: Browser Data Was Deleted

  1. Restore from Google Drive
    [Settings] → [Data Management] → [Load from Google Drive]
  2. Restore from Local File
    [Settings] → [Data Management] → [Load from Local] → Select backup file

Case 3: Want to Use Data on a Different Device

  1. Save on Original Device
    Save to Google Drive or local file
  2. Load on New Device
    Load from Google Drive using the same Google account, or transfer the file and load it

Caution When Recovering Data

  • Loading a file will overwrite your current data
  • Back up your current data if needed before recovery
  • If you have multiple backups, try the most recent one first

Best Practices to Prevent Data Loss

  • Always save after changes: Click the [Save] button after editing to save to localStorage
  • Use browser in normal mode: Don't use incognito mode
  • Backup regularly: Save to Google Drive weekly
  • Be careful when clearing browser cache: Always backup before clearing
  • Use multiple save locations: Save to both local and cloud
  • Be careful with F5 key when unsaved: A confirmation dialog will appear if there are unsaved changes; choose cancel and save your data before reloading

Server-Side Backup

Reading Forest also performs server-side backups to protect your data:

  • Daily backup: Automatic backups created daily
  • 30-day retention: Backups kept for the past 30 days
  • Geographic redundancy: Backups distributed across multiple data centers
  • Encrypted storage: Backup data is also stored encrypted

Response to Server Failures

In the unlikely event of a server failure, we will quickly restore data from backups. In past incidents, service was restored within one hour of failure detection. Failure information is regularly updated on our News page.

Security Inquiries

If you have questions about security or have discovered a vulnerability,
please contact us at the email address below.

security@allisone.co.jp

When reporting vulnerabilities, please follow the principle of Responsible Disclosure
and refrain from public disclosure until the fix is complete.