Data Policy

Transparent data practices

This page details our data collection, storage, processing, and security practices. We believe in transparency about how your information is handled.

Data collection

We collect data necessary to provide and improve our services:

  • Account data: Name, email address, password (encrypted), subscription status, and billing information.
  • Content data: Story ideas, conversations with agents, outlines, manuscripts, notes, and exported files.
  • Usage data: Timestamps, word counts, feature usage, agent interactions, and performance metrics.
  • Technical data: IP address, browser type, device information, and error logs.
  • Analytics data: Anonymized usage patterns to improve product functionality and user experience.

Data processing & storage

  • Storage location: Data is stored in secure databases hosted by Supabase (PostgreSQL) with encryption at rest.
  • Processing: Data is processed on our servers and sent to AI providers (OpenRouter, OpenAI, Google, Anthropic) only as necessary to fulfill agent requests.
  • Retention: Account data and content are retained while your account is active. Deleted data is removed from our databases within 30 days, though backups may retain copies for up to 90 days.
  • Backups: Regular encrypted backups are maintained for disaster recovery and are retained for 90 days before deletion.

Data security

  • Encryption: Data in transit is encrypted using TLS/SSL. Data at rest is encrypted using AES-256.
  • Access controls: Access to user data is restricted to authorized personnel only, using role-based access controls and multi-factor authentication.
  • Database security: Row-level security policies ensure users can only access their own data.
  • Monitoring: We monitor for unauthorized access, data breaches, and suspicious activity.
  • Incident response: In the event of a data breach, we will notify affected users within 72 hours as required by applicable law.

Third-party services

We use third-party services that may process your data:

  • Supabase: Database hosting and authentication (privacy policy: supabase.com/privacy).
  • Stripe: Payment processing (privacy policy: stripe.com/privacy).
  • AI providers: OpenRouter and model vendors process prompts and responses. We configure providers to not train on your data when opt-out options are available.
  • Analytics: We may use anonymized analytics services to understand product usage patterns.

Your data rights

You have the following rights regarding your personal data:

  • Access: Request a copy of all data we hold about you.
  • Correction: Update or correct inaccurate data through your account settings or by contacting us.
  • Deletion: Request deletion of your account and associated data. Note that some data may be retained if required by law or for legitimate business purposes.
  • Portability: Export your manuscripts and project data in standard formats.
  • Objection: Object to certain types of data processing, such as marketing communications.
  • Restriction: Request restriction of processing in certain circumstances.

To exercise these rights, email support@quillcrew.com. We will respond within 30 days.

Cookies & tracking

We use cookies and similar technologies to:

  • Maintain your session and authentication state.
  • Remember your preferences and settings.
  • Analyze usage patterns (anonymized).
  • Improve security and prevent fraud.

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of the service.

International data transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including the United States. We ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

Children's privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it immediately.

Updates

This data policy may be updated periodically to reflect changes in our practices or legal requirements. Material changes will be communicated via email and in-app notifications.

Last updated: 11/18/2025

Contact

For questions about this data policy or to exercise your data rights, please contact us at: support@quillcrew.com