Privacy Policy

1. Data Controller

2. Information We Collect

2.1 Account Information

• Email address
• Name (if provided)
• Password (stored securely using encryption)
• Account creation and last login dates

2.2 Usage Data

• Text you submit for humanisation
• Humanised output text
• Credit/word usage
• Processing times and service interactions
• Browser type and version
• IP address (anonymised where possible)

2.3 Payment Information

• Transaction history
• Payment amounts and dates
• Payment card details (processed by Stripe; not stored on our servers)

2.4 Technical Data

• Cookies and similar technologies
• Device and browser information
• Analytics data (see Section 8)

3. How We Use Your Data

3.1 Service Delivery

• Processing your text for humanisation
• Storing your history for future reference
• Account management and authentication
• Credit management and payment processing

3.2 Service Improvement

• Analysing usage patterns to enhance our service
• Training and improving our AI models
• Technical support and troubleshooting
• Developing new features

3.3 Communications

• Service-related updates and notifications
• Account confirmations and password recovery
• Customer support
• Marketing communications (only with your consent; you can opt out at any time)

3.4 Legal Compliance

• Meeting legal and regulatory requirements
• Enforcing our terms of service
• Protecting our rights and safety

4. Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal grounds:

• Contract: To provide our service to you as agreed
• Consent: For marketing communications and non-essential cookies
• Legitimate Interests: For service improvement, security, and fraud prevention
• Legal Obligation: For tax, accounting, and regulatory compliance

5. Data Sharing and Third Parties

5.1 Service Providers

We share your data with trusted third parties who help us deliver the service:

• Supabase: Database and authentication (EU servers, GDPR compliant)
• Google (Gemini): AI text processing (GDPR compliant)
• Stripe: Payment processing (PCI-DSS certified)
• Vercel: Hosting and analytics (GDPR compliant)
• Mixpanel: Anonymous usage analytics (with your consent)

5.2 We Never Sell Your Data

5.3 Legal Requirements

We may disclose your data if required by law, court order, or to protect our legal rights.

6. Data Security

We take the security of your data seriously and implement appropriate technical and organisational measures:

• SSL/TLS encryption for all data transmission
• Encrypted storage of sensitive data
• Regular security assessments
• Access controls and authentication measures
• Regular data backups
• Secure payment processing via Stripe (PCI-DSS Level 1)

7. Data Retention

8. Cookies and Tracking

8.1 Essential Cookies

Required for authentication and core service functionality. These cannot be disabled:

• Authentication cookies (Supabase): Keep you logged in securely
• Session cookies: Maintain service functionality and word balance
• Cookie consent: Remember your cookie preferences (valid for 1 year)

8.2 Analytics Cookies (Optional)

With your consent, we use:

• Vercel Analytics: Privacy-focused, anonymised visitor statistics
• Mixpanel: Anonymous usage analytics to improve our service

These analytics tools do not use personal identifiers and are GDPR compliant.

8.3 Managing Your Cookie Preferences

You can manage your cookie preferences by:

• Deleting cookies in your browser and reloading the page (the cookie banner will reappear)
• Adjusting cookie settings in your browser (note: this may affect service functionality)

9. Your Rights Under UK GDPR

As a UK resident, you have the following data protection rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data
• Right to Restriction: Request limited processing of your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent for processing based on consent

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. In such cases, we ensure:

• Appropriate safeguards are in place (such as UK International Data Transfer Agreements or Standard Contractual Clauses)
• Service providers are GDPR compliant
• Your rights remain protected

11. Children's Privacy

Our service is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us immediately.

12. Automated Decision-Making

We use AI for text processing, but we do not make automated decisions that have legal or significant effects on you without human oversight.

13. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or a prominent notice on our website. The "last updated" date at the top indicates when this policy was last revised.

14. Contact Us

15. Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the UK's data protection authority: