Writellect LogoWritellect

Writellect Privacy Policy

Last updated: Feb 4, 2025

1. Introduction

Welcome to Writellect (“the Platform,” “we,” “us,” or “our”). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services.

Data Controller:

  • Name: Dmytro Chaban (Self-Employed)
  • Address: Dusekestr 8, 13187, Berlin, Germany
  • Email: gdpr@writellect.com

This Privacy Policy applies to all users globally and outlines your rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Personal Data We Collect

We collect the following categories of personal data:

  1. Authentication & Account Data

    • Email address
    • Password (hashed/encrypted)
    • Email verification status (boolean)
    • Firebase user ID
    • Authentication tokens and timestamps
    • (Optional) Google Sign-In details (if you choose to sign up with Google)

  2. Business Information

    • Business size
    • Business fields/industries
    • Business preferences

  3. Payment & Subscription Data

    • Stripe customer ID
    • Subscription status and tier information
    • Payment history and timestamps
    • Billing details

  4. Project & Content Data

    • Project settings and configurations
    • User preferences
    • Content creation history (including prompts and generated content)
    • Generated content tied to user or project

  5. Usage Data

    • API usage metrics
    • Model usage statistics
    • Project interaction data
    • Feature usage patterns

  6. Technical Data

    • Session information
    • API interaction logs

Note: We do not collect IP addresses, geographic location, or detailed device/browser data for analytics at this time.

3. How We Use Your Data

3.1 Account Management & Authentication

  • To create and maintain your user account (including email verification).
  • To provide secure login via email/password or Google Sign-In.

3.2 Business Customization & Personalization

  • To tailor the Platform's services based on your business size, industry, and preferences.
  • To adapt AI-generated outputs to your specific context.

3.3 Subscription & Payment Processing

  • To process payments and manage subscriptions through our payment provider (Stripe).

3.4 Usage Analytics & Service Optimization

  • To understand how users interact with Writellect and improve our services.
  • We use Google Analytics to gather aggregated information (e.g., number of visitors, page views, etc.).

3.5 AI Model Training

  • Internal Use: We may use anonymized or user-specific data (depending on your plan settings) to train internal AI models.
  • Third-Party APIs: We call external APIs such as OpenAI and Anthropic with zero retention settings; however, prompts and generated content may be stored in our databases based on your plan preferences.

3.6 Customer Support

  • To address user queries, requests, or issues via email or in-app support.

We do not share your personal data with third-party advertisers for targeted marketing purposes.

We process your personal data under the following legal bases:

  • Consent: Where you have given clear consent for specific processing (e.g., optional Google Analytics tracking, AI training data).
  • Performance of a Contract: To fulfill our obligations in providing the SaaS service (subscription, access to content generation tools, etc.).
  • Legitimate Interest: To enhance security, detect fraudulent activity, or improve our Platform's functionality.

5. Data Retention

  1. Active Accounts: We retain your personal data for as long as your account remains active.
  2. Inactive Accounts: Data related to inactive accounts will be deleted after one (1) year of inactivity.
  3. Account Deletion Requests: When you request account deletion (via gdpr@writellect.com or in-app settings), we will delete your data after a standard processing period.
  4. Backups: Backups are not stored after deletion and are excluded from future backup cycles.

6. Data Sharing and Third Parties

6.1 Third-Party Services We Use

We share or process certain data with the following third-party services, all of which we understand to be GDPR-compliant:

  1. Stripe (Payment Processing)

    • Data Shared: Billing details, payment history, subscription status.

  2. Firebase (Authentication and Hosting)

    • Data Shared: Email, password (hashed), tokens.

  3. Google Cloud Platform (GCP) (Hosting)

    • Data Stored: Our primary databases and services operate in EU-based data centers.

  4. Amazon Web Services (AWS) (Occasional Storage or Backup)

    • Data Stored: Some microservices or backups if needed.

  5. Google Analytics (Usage Analytics)

    • Data Shared: Aggregated user engagement data (no IPs or geolocation stored).

  6. OpenAI, Anthropic, Together AI, Replicate API (AI Content Generation)

    • Data Shared: Prompts and generated content. Zero retention is configured by default with these APIs; however, prompts/results may be stored in Writellect's database based on your subscription plan.

  7. Unsplash API, Pexels API (Image Sources)

    • Data Shared: Request parameters for image retrieval (no user PII).

  8. Tawk.to (Customer Support Chat)

    • Data Shared: Chat transcripts if you contact us via live chat.

6.2 Data Processing Agreements (DPAs)

We strive to maintain DPAs or equivalent agreements with all third-party services to ensure compliance with GDPR requirements.

7. Your GDPR Rights

Under the GDPR, you have the right to:

  1. Access: Request a copy of the personal data we hold about you.
  2. Rectification: Ask us to correct any inaccuracies in your data.
  3. Erasure (“Right to be Forgotten”): Request the deletion of your data where there is no compelling reason for us to keep it.
  4. Restriction of Processing: In certain circumstances, you have the right to restrict the processing of your data.
  5. Data Portability: Obtain a copy of your data in a structured, commonly used, and machine-readable format.
  6. Object to Processing: Object to certain types of processing (e.g., analytics).

To exercise any of these rights, please email us at gdpr@writellect.com.

8. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data:

  • Encryption: Data is encrypted in transit (HTTPS) and at rest (database encryption).
  • Firebase Auth & API Security: Strict authentication and authorization for API access.
  • Access Controls: Role-based permissions for our support and development teams to limit data access.
  • Security Audits: Periodic internal testing and external reviews to identify vulnerabilities.

9. Cross-Border Data Transfers

Writellect operates primarily in the European Union via Google Cloud Platform (EU Region). However, if you reside outside the EU, your data may transit or be accessed from your jurisdiction. We strive to ensure an adequate level of protection for your data by:

  • Hosting data in EU-based servers to the extent possible.
  • Using GDPR-compliant services that utilize Standard Contractual Clauses (SCCs) or equivalent safeguards for any transfers outside the EU/EEA.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential / Functional Cookies: Required for platform functionality (e.g., session management).

  • Analytics & Performance Cookies:

    • Google Analytics: We use Google Analytics to understand how visitors interact with our website. This service collects data about:

      • Pages visited and time spent
      • User engagement metrics
      • Traffic sources
      • Device categories (mobile/desktop) Note: We have configured Google Analytics to anonymize IP addresses and disabled data sharing for advertising purposes.

    • Hotjar: We use Hotjar to better understand our users' needs and optimize our service. This service may collect:

      • Mouse movements and clicks (heatmaps)
      • Scroll behavior
      • Non-sensitive text you type on pages Note: Hotjar is configured to mask any personal information and form fields.

  • Marketing Cookies: Not currently implemented. If introduced, you will have the option to opt in or out.

Upon visiting our Platform, you will see a cookie banner allowing you to accept or reject non-essential cookies. Essential cookies required for basic platform functionality cannot be disabled. You can modify your cookie preferences at any time via Settings or by emailing gdpr@writellect.com.

  • Session Cookies: Deleted when you close your browser
  • Persistent Cookies:
    • Google Analytics cookies: up to 2 years
    • Hotjar cookies: up to 1 year
    • Consent preferences: 1 year

For more information about how our analytics providers handle your data:

11. Minors and Sensitive Data

Our Platform is not targeted at individuals under the age of 16, and we do not knowingly collect personal data from minors. We also do not process special categories of personal data (e.g., health, religion, ethnicity). If you believe a minor has provided us with personal data, please contact gdpr@writellect.com so we can remove it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. We will notify subscribed users via email and post a revised policy on our website with an updated "Last updated" date at the top.

13. Contact Us

If you have any questions about this Privacy Policy, would like to exercise your rights, or have concerns about how we process your personal data, please reach out to:

Although we do not have a formally appointed Data Protection Officer (DPO) at this time, we will do our best to address any privacy-related inquiries or concerns you may have.

Thank You

We appreciate your trust in Writellect. By using our services, you acknowledge that you have read and understand this Privacy Policy. Your continued use of the Platform indicates your acceptance of our data practices.

If you do not agree with any part of this Privacy Policy, please discontinue using the Platform and contact us for any clarifications.

We use cookies for essential features and analytics. See our Privacy Policy.