Our privacy policy has been updated for EU users.
Full privacy evaluation | See all
Thumbnail
Updated June 5, 2019

Goodreads

  • Privacy polices do indicate a version or effective date.
  • Data are not sold or rented to third parties.
  • Data are shared for advertising or marketing.
  • Behavioral or contextual advertising is displayed.
  • Data are collected by third-party advertising or tracking services.
  • Unclear whether this product uses data to track and target advertisements on other third-party websites or services.
  • Unclear whether this product allows third parties to use data to create ad profiles, data enhancement, and/or targeted advertisements.
The criteria for "Use with Caution" are narrowly focused around data uses related to creating profiles that aren't related to any educational purpose, and using data to target ads. We include both first party (ie, the vendor that builds the service) and third party (any company given access by the vendor) data use. It's worth highlighting that using data to profile students violates multiple state laws, and in some cases also violates federal law.

A service can be designated "Use with Caution" for either a lack of transparency around data use -- which creates the potential for profiling and behavioral targeting -- or for clearly stating that they use data to target advertisements and/or create profiles. As with any application being considered for use within schools, school and/or district staff should review the privacy policies and terms of service to ensure that they meet the legal and practical requirements of their state laws and school policies.

As with the "Not Recommended" criteria, a "Use with Caution" designation is NOT a sign that a vendor is necessarily doing anything unethical or illegal. It is a sign that, based on publicly available policies,  we do not have adequate guarantees that data will not be used by first or third parties to create non-educational profiles or to target behavioral ads.
Use with Caution
Full evaluation
33
Overall Scoreinfo-bubble

This overall score represents how the service addressed all our evaluation questions. A higher score (up to 100) means the service provides more transparent and comprehensive policies.

Overview

Goodreads lets users track and rate books and network with other readers. The terms of Goodreads state they provide users with robust profile privacy settings that allow them to limit the visibility of their profile information and sending/receiving of messages to only friends, only Goodreads members, or the general public. Goodreads' terms state they do not require visitors to register in order to access some features of its Service. If a user wants to use core features - including creating "bookshelves", posting book reviews, or commenting on other members' reviews - they need to create accounts. Goodreads' terms state that they use commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of users personal information. Lastly, Goodreads' terms state the Service is intended solely for users who are 13 years of age or older, and Goodreads does not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow children to select a profile birth date under 13 years of age.

Goodreads can be accessed through its website, and is available for download at the iOS App Store, and the Google Play Store. The Privacy Policy and Terms of Use accessed for this evaluation can be found on Goodreads' website, iOS App Store, and the Google Play Store. This evaluation only considers policies that have been made publicly available prior to an individual using the application or service.

Read the Common Sense standard privacy report (SPR)arrow
The standard privacy report (SPR) displays the most important privacy practices from a product’s polices in a single easy-to-read outline. The report displays an alert when a particular privacy practice is risky, unclear, or not evaluated. This alert indicates more time should be focused on these particular details prior to use.
SafetyPromoting responsible use
arrow
Evaluating safety takes into consideration best practices that protect a user's physical and emotional health. A higher score (up to 100) means the service provides more transparent and comprehensive responses related to safety.
30

The terms of Goodreads state they provide users with robust profile privacy settings that allow them to limit the visibility of their profile information and sending/receiving of messages to only friends, only Goodreads members, or the general public. In addition, Goodreads' terms state they allow users to post reviews, comments, questions, and other information in group discussions and through an open text box "About Me" section where users can post personal information that can be visible to only friends, Goodread members, or the general public. Lastly, Goodreads' terms state they may monitor any content posted to the service.

PrivacyProtecting collected information
arrow
Evaluating privacy takes into consideration best practices that protect the disclosure of a user's personal information. A higher score (up to 100) means the service provides more transparent and comprehensive responses related to privacy.
41

Goodreads' terms state they do not require visitors to register in order to access some features of its service. If a user wants to use core features - including creating "bookshelves", posting book reviews, or commenting on other members' reviews - they need to create accounts. Goodreads' terms state they collect personal information that a user provides about themselves such as their name and e-mail address when they register with the service. Goodreads's terms also specify they collect users’ non-personal usage information automatically for data analytics that may be shared with third parties. As noted in the "Safety" section of the terms, users can also create detailed profiles that can be set to be publicly visible, or private within the site. The terms state the site also supports social login with third party services, but the terms do not provide significant detail about what data is shared as part of a social login.

Goodreads' terms specify they allow users to control the collection, correction, or deletion of their information. However, Goodreads' terms state they allow third-parties to serve traditional advertisements to users on the Goodreads site and may measure the effectiveness of these advertisements to personalize advertising content to users with behavioral or contextual ads.

SecurityProtecting against unauthorized access
arrow
Evaluating security takes into consideration best practices that protect the integrity and confidentiality of a user's data. A higher score (up to 100) means the service provides more transparent and comprehensive responses related to security.
47

Goodreads' terms state that they use commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of users personal information. However, Goodreads' terms do not disclose whether data is encrypted while in transit or while at rest, or any other steps taken to protect sensitive information. The terms specify that, in the event that a user's personal information is compromised as a result of a breach of security, Goodreads will promptly notify those users whose personal information has been compromised.

ComplianceFollowing statutory laws and regulations
arrow
Evaluating compliance takes into consideration best practices of companies that collect personal information from children or students and the legal obligations for the privacy and security of that information. A higher score (up to 100) means the service provides more transparent and comprehensive responses related to compliance.
24

Goodreads' terms state the service is intended solely for users who are 13 years of age or older, and Goodreads does not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow children to select a profile birth date under 13 years of age. The terms state if a user is under 18 years of age they may use the service only if they either are an emancipated minor, or obtain parental or guardian consent. The terms state that in the event that Goodreads learns that they have collected personal information from a child under age 13 without verification of parental consent, they will delete that information as quickly as possible.

However, the Service may likely appeal to children under 13 years of age and students in K-12, because of several factors that include subject matter, visual content, age of models, and activities that include learning to read and reading challenges. As a result, it is unclear how a parent of a child under 13 years of age or student in K-12 who is using the service could provide parental consent to Goodreads.

About Privacy Evaluations

The privacy evaluations have been designed with the help and support of a consortium of schools and districts across the United States. These evaluations are designed to streamline making an informed decision about the potential privacy implications of educational technology used to support teaching and learning.

Our core evaluation criteria are freely available and will remain freely available. People are encouraged to read the questions we use and the information security primer we released. Vendors are encouraged to use our questions and the information security primer to self-evaluate. You can also learn more about our evaluation process.

Please be in touch with any questions or feedback.