Privacy Policy

Your Privacy, Our Responsibility: WriteO is built on a simple principle: your creative work and personal information belong to you. This policy explains clearly and completely what data we collect, why we collect it, how we protect it, and the rights you hold over it. We have no fine-print surprises.

01.Who We Are

WriteO is a structured writing and novel management platform developed and operated by WriteO App ("WriteO", "we", "us", "our"). We are the data controller responsible for your personal information collected through our platform at writeo.app and associated services.

This Privacy Policy applies to all users of the WriteO platform, including visitors, registered users on the Free plan, paid subscribers, and Lifetime license holders. By creating an account or using the Service, you agree to the practices described in this policy. This policy should be read alongside our Terms and Conditions.

If you have any questions about this policy or our data practices, please contact us at [email protected].

02.Information We Collect

We collect the minimum information necessary to provide you with a secure, reliable, and functional writing platform. The categories of information we collect are:

Account Information:

• Your email address, used for account identification, login, and essential service communications.
• Your display name or username, used to identify you within the platform.
• A hashed and encrypted version of your password. We never store your password in plain text.
• The date and time your account was created and the date of your last login.

Creative Content:

• Your novels, chapters, scenes, notes, character profiles, world-building entries, and all other content you create on the platform.
• This content is stored solely to provide the Service to you. It is never read, analyzed, monetized, or used for any purpose other than displaying it back to you and enabling the platform's features. See Section 05 for our AI commitment.

Billing and Subscription Information:

• Your current subscription plan, billing status, and subscription history within our system.
• Transaction identifiers and event records received from Paddle, our payment processor. We do not store your credit card number, bank account details, or full payment credentials. All payment data is managed exclusively by Paddle. See Section 10 for more detail.

Technical and Diagnostic Data:

• Platform performance metrics, error logs, and feature usage statistics collected to monitor platform health and improve the Service. See Section 09 for full details.
• Session and navigation data, including page views and feature interactions, used in aggregate and anonymized form to understand how users move through the platform.

Communications:

• The content of any support requests, feedback, or correspondence you send to us, retained for the purpose of resolving your inquiry.
• Cancellation feedback or account preference information you voluntarily provide through in-platform forms.

03.How We Collect Information

We collect information through the following methods:

• Directly from you: When you register an account, complete your profile, create and save content on the platform, contact our support team, or submit feedback.
• Automatically: When you interact with the platform, our servers and monitoring tools automatically record technical data such as your IP address, browser information, and the actions you take within the application.
• From Paddle: When you complete a purchase, Paddle sends us webhook notifications containing transaction details (amount, plan, status) and a Paddle customer identifier. We use this to update your subscription status in our system.
• From cookies and similar technologies: We use session cookies and local storage to maintain your authenticated session and remember your preferences. We do not use third-party advertising cookies or cross-site tracking technologies.

04.How We Use Your Information

Every piece of information we collect has a specific, documented purpose. We do not collect information speculatively or for undefined future use.

• Providing the Service: To create and manage your account, store and sync your creative content across sessions and devices, and deliver the features and functionality of the WriteO platform.
• Billing and Subscription Management: To process subscription purchases via Paddle, manage plan upgrades and downgrades, handle grace periods for failed payments, and send billing-related notifications.
• Security and Fraud Prevention: To authenticate users, detect and prevent unauthorized access, investigate suspicious activity, and protect the integrity of our platform and the safety of all users.
• Service Communications: To send you account-related notifications such as password resets, billing alerts, subscription renewal reminders, and important policy updates. These communications are essential to operating the Service and cannot be opted out of while your account is active.
• Customer Support: To respond to your support requests, resolve billing inquiries, investigate bug reports, and communicate with you about your account.
• Platform Improvement: To analyze aggregated and anonymized usage patterns, identify bugs and performance issues, and prioritize new features and product improvements.
• Fair Use Monitoring: To detect and address usage patterns that may indicate automated abuse, scripted access, or activity that risks disrupting service quality for other users. See Section 11 for full details.
• Legal Compliance: To comply with applicable laws, respond to lawful government or legal requests, and enforce our Terms and Conditions.

We do not use your information for advertising profiling, behavioral marketing, or sale to third parties for any commercial purpose.

05.Our Pledge: No AI Training, Ever

This commitment is unconditional and applies to all users across all plan tiers:

• No AI training: Your content is never fed into, used to train, used to evaluate, or used to benchmark any AI or machine learning model, whether operated by WriteO or any third party.
• No automated content analysis for AI development: We do not perform automated analysis of your creative writing for any AI research or development purpose.
• No data partnerships: We do not enter into data-sharing arrangements with AI companies, research institutions, or any other entity that would grant access to your creative content.
• No exceptions by plan tier: This policy applies equally to Free users, monthly and annual subscribers, and Lifetime license holders. There are no circumstances under which any tier of user is subject to AI training use of their content.

06.Legal Basis for Processing

Where applicable data protection law (such as the GDPR) requires us to identify a legal basis for processing your personal data, we rely on the following:

• Performance of a Contract: Processing your account information, content, and subscription data is necessary to provide the WriteO Service you have registered for. Without this processing, we cannot deliver the platform.
• Legitimate Interests: We process technical diagnostic data and platform usage statistics on the basis of our legitimate interest in maintaining a secure, reliable, and continuously improving service. We conduct this processing in a way that is proportionate and does not override your fundamental rights.
• Legal Obligation: We may process or retain certain data where required to comply with applicable law, respond to lawful legal requests, or meet our tax and financial reporting obligations.
• Consent: Where we rely on consent as a legal basis (for example, optional marketing emails), we will make this clear at the point of collection and provide you with a straightforward mechanism to withdraw consent at any time.

07.Data Sharing and Third-Party Processors

We do not sell your personal information or creative content to any third party. We share data only with service providers that are essential to operating the WriteO platform, and only under strict contractual data processing agreements that limit their use of your data to the specific service they provide to us.

Our current third-party service providers are:

• Hosting and Infrastructure: Your account data, creative content, and platform records are stored on servers managed by our hosting provider. Our hosting provider acts as a data processor on our behalf and is contractually prohibited from using your data for any purpose other than providing the underlying infrastructure on which WriteO operates.
• Paddle (Payment Processing and Merchant of Record): All subscription payments are processed by Paddle.com, which acts as the Merchant of Record for all WriteO transactions. When you purchase a plan, your payment credentials are entered directly on Paddle's secure checkout. WriteO does not receive or store your credit card number or banking information. Paddle sends us webhooks containing transaction status updates so we can update your subscription in our system. For more information, see Paddle's Privacy Policy.
• Monitoring and Error Tracking: We use monitoring tools to collect performance metrics and error reports that help us identify and fix platform issues. These tools operate under data processing agreements that prohibit them from using your data for advertising, profiling, or any purpose beyond providing their monitoring service to us.
• Transactional Email Provider: We use a transactional email service to deliver account-related notifications including billing confirmations, password resets, and service alerts. This provider processes your email address solely for the purpose of delivering these messages on our behalf.

We may also disclose your information in the following limited circumstances:

• Legal requirements: If we are required by law, court order, or a legitimate government authority to disclose information, we will do so. Where legally permitted, we will attempt to notify affected users before disclosure.
• Protection of rights: We may disclose information where necessary to prevent fraud, enforce our Terms and Conditions, or protect the safety of our users, staff, or the public.
• Business transfers: In the event of a merger, acquisition, or sale of substantially all of our assets, your data may be transferred to the acquiring entity. We will notify you of any such change and will require the acquiring entity to honor the commitments in this Privacy Policy.

We do not use third-party advertising networks, ad exchanges, or behavioral marketing platforms. We do not share your data with data brokers or any entity for purposes of targeted advertising or commercial profiling.

08.Cookies and Tracking Technologies

WriteO uses a minimal set of cookies and browser storage technologies to operate the platform. We do not use advertising cookies or third-party tracking cookies.

Cookies and storage we use:

• Session and authentication cookies: These are essential cookies that keep you securely logged in during your session. Without these, the platform cannot function. They expire when you log out or at the end of a session.
• Preference storage: We may store your UI preferences (such as editor settings or sidebar state) in your browser's local storage. This data stays on your device and is not transmitted to our servers.
• Security tokens: Short-lived tokens used to protect against cross-site request forgery and to validate authenticated API requests.

What we do not use:

• We do not use advertising cookies, pixel trackers, or any technology designed to follow you across websites for behavioral profiling or ad targeting.
• We do not embed third-party social media tracking pixels.
• Our cookie use is limited to what is strictly necessary to operate the Service.

You may configure your browser to block or delete cookies. Blocking essential session cookies will prevent you from logging in and using the platform. Blocking other cookies will not meaningfully affect your WriteO experience.

09.Diagnostic Data and Platform Analytics

To keep WriteO reliable and continuously improving, we collect standard diagnostic and performance data. This is described in our Terms and Conditions (Section 09) and explained in full here.

What we collect:

• Performance metrics: Server response times, API latency, page load durations, and system error rates. Collected to identify degradations in platform performance and maintain service quality.
• Error and crash reports: Technical details of platform errors, including error types, stack traces, request paths, and timestamps. Collected to identify bugs and prioritize fixes. These reports do not include your creative content.
• Feature usage statistics: Aggregated counts of how often specific features are used (for example, how many sessions involve the chapter editor versus the character dashboard). This data is anonymized before analysis and used solely to guide product development decisions.
• Session and navigation patterns: The sequence of pages or features accessed within a session, used in aggregated and anonymized form to understand user flows and identify areas where the platform creates friction or confusion.

What this data is not used for:

• Diagnostic data is never shared with any third party for advertising, profiling, or commercial purposes.
• Your creative content is never included in, associated with, or used to contextualize diagnostic data.
• Diagnostic data is not sold, licensed, or otherwise transferred for any commercial purpose.

10.Payment Data and Billing

When you purchase a subscription or Lifetime plan:

• You enter your payment details on Paddle's secure, PCI-DSS compliant checkout interface. WriteO has no access to your card or banking details at any point in this process.
• Upon successful payment, Paddle sends WriteO a webhook notification. WriteO stores only the transaction identifier, plan information, payment status, and the Paddle customer ID associated with your account. We use this to update your subscription and billing status in our system.
• For Lifetime plan purchases, WriteO records a consent entry at the time of payment, including the timestamp and platform of the purchase, as evidence of agreement to the Lifetime-specific terms. This record is retained for compliance and legal purposes.
• Billing history (dates of payments, amounts, plan names, and invoice identifiers) is stored in our system to allow you to review your transaction history through your account settings.

Refunds: If you submit a refund request, the correspondence associated with that request (your email address, the reason provided, and the outcome) is retained as part of your billing record. This record is used to process the refund, prevent duplicate claims, and maintain an accurate financial audit trail. Approved refund records are retained for the same period as other transaction data, as described in Section 13. For full details of our refund eligibility policy, please refer to Section 12 of our Terms and Conditions.

In the event of a payment dispute or fraud investigation, we may share relevant transaction identifiers with Paddle or legal authorities to assist in resolving the matter.

11.Data Security

Protecting your data is a core engineering and operational priority at WriteO. We implement multiple layers of security controls to protect your account and creative work from unauthorized access, loss, or disclosure.

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security). Plain HTTP connections are redirected to HTTPS.
• Encryption at rest: Your data is stored on servers that apply industry-standard encryption at rest to protect against unauthorized physical or logical access to storage media.
• Password security: Passwords are hashed using industry-standard cryptographic hashing. We never store or transmit passwords in plain text.
• Row-Level Access Controls: Our database is configured with strict access policies that enforce boundaries between user accounts. Each user can access only their own data. These policies are enforced at the database level, independent of application-level checks.
• Administrative access controls: Access to production systems is restricted to a minimal set of authorized personnel and requires strong authentication. All administrative actions are logged.
• Security monitoring: We actively monitor platform systems for anomalous activity, unauthorized access attempts, and security events.
• Dependency and vulnerability management: We maintain an active process for reviewing and updating software dependencies to address known security vulnerabilities.

Despite these measures, no system can guarantee absolute security. If you suspect that your account has been compromised, please contact us immediately at [email protected] and change your password without delay.

In the event of a data breach that affects your rights or freedoms, we will notify affected users and, where required by law, the relevant supervisory authority, in accordance with applicable data breach notification obligations.

12.Data Retention and Account Deletion

We retain your personal information and creative content for as long as your account is active. Upon account deletion, we apply the following rules based on your account type. All retention periods for financial records reflect industry-standard obligations under applicable tax, accounting, and financial regulation.

Free Plan Users:

• You may delete your account at any time through your account settings.
• Upon deletion, your profile, creative content, and all associated personal data are permanently erased from our active systems within 30 days.
• Because no financial transaction has occurred, no billing records are retained beyond the deletion window.

Paid Subscribers (Monthly and Annual Plans):

• You may cancel your subscription and request account deletion at any time.
• Upon deletion, your profile and creative content are permanently erased within 30 days.
• However, because a financial transaction has occurred, we are legally required to retain transaction records, including payment dates, amounts, plan names, invoice identifiers, and refund records, for a period of up to 7 years from the date of each transaction. This retention is required to comply with tax law, financial reporting obligations, and anti-fraud regulations.
• Retained financial records contain only the minimum data required for legal compliance. They do not include your creative content, which is deleted in full within the standard 30-day window.
• You will receive confirmation by email once your content and profile have been deleted.

Lifetime License Holders:

• Because the Lifetime plan represents a permanent, one-time purchase of ongoing access to the WriteO platform, your account and associated data are not subject to routine deletion. Standard self-service account deletion is not available for Lifetime license holders.
• If you wish to have your Lifetime account and data deleted, you must submit an explicit written deletion request to [email protected]. We will then initiate an identity verification process to confirm that the request is made by the verified account holder.
• Upon successful identity verification and confirmation of your intent, we will process the deletion of your profile and creative content within 30 days. By requesting deletion, you acknowledge and agree that your Lifetime license is permanently revoked and cannot be reinstated. No refund is available upon voluntary account deletion.
• As with all paid accounts, transaction records associated with your Lifetime purchase are retained for up to 7 years from the date of purchase for legal and financial compliance, even after account deletion.
• Lifetime consent records, which evidence your agreement to the Lifetime plan terms at the time of purchase, are retained for the full statutory limitation period applicable to contract disputes, typically 6 to 7 years depending on jurisdiction, even after account deletion.

Other Retention Periods:

• Support communications: Retained for up to 2 years from the date of the most recent communication in a thread.
• Diagnostic and error logs: Retained for up to 90 days in raw form, after which they are deleted or reduced to anonymized aggregate summaries containing no personally identifiable information.
• Backup data: System backups may retain data for up to 30 additional days after the primary deletion, after which backups containing your data are overwritten or permanently deleted.

13.Your Privacy Rights

You have the following rights with respect to your personal information. To exercise any of these rights, please contact us at [email protected]. We will respond to verifiable requests within 30 days.

• Right of Access: You have the right to request a copy of the personal data we hold about you, including a description of how we use it.
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you. Most profile information can be updated directly within your account settings.
• Right to Erasure: You have the right to request permanent deletion of your personal data and account, subject to the retention obligations and account-type rules described in Section 12.
• Right to Data Portability: You have the right to receive your personal data and creative content in a structured, commonly used, and machine-readable format. WriteO provides export tools within your account to allow you to download your content at any time.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while you contest the accuracy of your data or where you believe we have no legitimate basis for processing.
• Right to Object: Where we rely on legitimate interests as our legal basis for processing, you have the right to object to that processing. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
• Right to Withdraw Consent: Where processing is based on your consent (for example, optional marketing communications), you have the right to withdraw that consent at any time without affecting the lawfulness of processing that occurred prior to withdrawal.
• Right to Lodge a Complaint: If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.

Please note that some rights are subject to conditions and exceptions under applicable law. Where we cannot fulfill a request fully, we will explain the reason and the options available to you.

14.Children's Privacy

WriteO is intended for users aged 13 and older. We do not knowingly collect personal information from children under the age of 13.

• If you are under 13, you may not create an account or use the WriteO platform.
• If you are between 13 and 18 years of age, your use of WriteO must be with the knowledge and consent of a parent or legal guardian, who agrees to our Terms and this Privacy Policy on your behalf.
• If we become aware that we have inadvertently collected personal information from a child under 13, we will take prompt steps to delete that information from our systems. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].

15.International Data Transfers

WriteO serves users globally. Your personal data may be stored and processed in countries outside your country of residence, including countries where data protection laws may differ from those in your jurisdiction.

• Your account data and creative content are stored on our hosting infrastructure. Where our hosting provider transfers or replicates data across geographic regions for redundancy or reliability purposes, they do so under appropriate contractual safeguards.
• Our payment processor, Paddle, is a global business and may process payment transaction data in multiple jurisdictions in the course of providing payment services. Paddle's international data transfer practices are governed by their own Privacy Policy and applicable data protection law.
• By using WriteO, you acknowledge that your information may be transferred to and stored in countries outside your jurisdiction, and you consent to such transfers where required by the operation of the Service.
• Regardless of where your data is stored or processed, we apply the protections and commitments described in this Privacy Policy to your information at all times.

16.Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or platform functionality. When we make material changes:

• We will provide at least 30 days' advance notice via email or a prominent in-app notification before the changes take effect.
• The updated Privacy Policy will be published on this page with a revised effective date at the top of the document.
• Your continued use of WriteO after the revised policy takes effect constitutes your acceptance of the updated terms.
• If you do not agree with any material changes, you may export your content and close your account before the changes take effect. Please contact us at [email protected] if you need assistance doing so.

Non-material changes (such as clarifications, formatting improvements, or corrections that do not alter our actual data practices) may be made at any time without advance notice. The effective date will be updated to reflect the most recent revision.

17.Contact Us

If you have questions about this Privacy Policy, wish to exercise any of your rights, or have concerns about how your data is handled, please contact us:

Last updated: June 5, 2026. WriteO App reserves the right to amend this Privacy Policy in accordance with Section 16.