Privacy Policy
Last updated: [TO FILL IN: date]
Draft document. Bracketed items must be filled in and the text reviewed by legal counsel before publication.
1. Data controller
[TO FILL IN: company name and address]. Contact: [TO FILL IN: controller / DPO email].
2. Data we collect
Account (email, name, encrypted password), project content (manuscripts, entries, analyses), billing data (via Stripe), anonymised audience measurement (masked and hashed IP, browser, country) subject to your consent.
3. Your manuscripts
Your texts are analysed by our own servers to provide the consistency features (Cortex). They are never sold, shared, nor used to train AI models. On the Plus plan, no text is sent to any third-party AI service.
4. Purposes and legal bases
Contract performance (providing the service), legitimate interest (security, abuse prevention), consent (audience measurement, optional communications), legal obligation (invoicing).
5. Retention periods
Account data: lifetime of the account. Billing data: 10 years (legal obligation). Audience measurement: [TO FILL IN: duration, 13 months maximum recommended].
6. Processors
Hosting: [TO FILL IN: host and location]. Payments: Stripe. Transactional emails: Resend. Each is bound by a data processing agreement.
7. Your rights
You have the rights of access, rectification, erasure, portability, restriction and objection. Account deletion and data export are available directly in your settings. You can also write to [TO FILL IN: email] or lodge a complaint with your supervisory authority.