Privacy Policy

Last updated: June 2026 (updated 4 Jun — W1.5b Auto-Research: Reddit/Scholar/X/Instagram/LinkedIn/TikTok/Wikipedia/News tools wired; agent-loop consent enforcement; third-party platform ToS links added)

Introduction

Coffeescribe is operated by 7sumcreations LLC, a Wyoming limited liability company with registered address at 1309 Coffeen Ave, Suite 1200, Sheridan, Wyoming 82801, USA ("Company", "we", "our", "us"), which is the data controller for personal information collected through the Service. "Coffeescribe" is a trade name (DBA) of 7sumcreations LLC. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered book creation platform. Please read this policy carefully to understand our practices regarding your personal data.

We never sell your personal data. We never share personal data with third parties for their own marketing purposes.

1. Information We Collect

Information You Provide

Account Information: Email address, password (hashed), display name, username
Legal Consent Records: Timestamp of Terms/Privacy acceptance, age confirmation, version accepted
Book Content: Book titles, descriptions, chapters, and all content you create or edit
Preferences: Settings, preferences, and customizations you configure
Feedback: Any feedback, support requests, or communications you send us
Provider API Keys (BYOK — optional): If you choose to use the “Bring Your Own Key” feature in Settings → API Keys, you may paste your own third-party provider keys (OpenRouter, OpenAI, Apify, Mistral, OpenAlex, Google Books). These keys are encrypted with AES-256-GCM before storage and the plaintext is never returned to your browser after saving. Only the last four characters of each key are stored in readable form for display purposes. Keys are stored in a dedicated table with row-level security (only your account can read or modify your own keys). BYOK is entirely optional — leaving a provider blank means the platform key is used instead.

Automatically Collected Information

AI Generation Logs: Token counts (input/output), AI model used, and generation cost. We do not retain prompt text or AI responses on our servers for training purposes — prompts are forwarded to our AI provider in real time (see Third-Party Services for what happens at the provider).
Deleted Book Snapshots: When you delete a book, we keep a temporary snapshot in an internal recovery archive for up to 90 days, then it is automatically and permanently deleted. Snapshots are never visible to other users.
Token Transactions: Token balance changes, transaction timestamps, IP address and user agent (for security/fraud prevention)
Account Statistics: Total tokens used, total cost, last activity timestamp
Audiobook Playback Position: When you listen to an Audioscribe chapter, we save how many seconds into the chapter you got so playback can resume where you left off. Position is stored per-user per-chapter, visible only to you (own-rows-only access), and is deleted when you delete the scribe or your account. Anonymous listeners (those playing via a shared link without signing in) do not generate playback data.
Imported Documents (Scribe Conversion): When you use the Scribe Conversion feature to upload a PDF, EPUB, Word, text, or Markdown document, we store the original source file privately in our system while the conversion is in progress. The file is deleted after conversion completes (or after 7 days if you abandon the upload). The resulting imported scribe is stored as a normal scribe in your library and follows the standard book-content retention rules. For scanned PDFs, the file bytes are also sent to Mistral AI for OCR — see Third-Party Services. When you publish an imported scribe to the public library, we record the timestamp of your ToS-consent confirmation as an audit trail for take-down requests.
Payment Data: Subscription status, plan type, and billing dates (payment details handled by Paddle — we never see your card number)
Hosting Logs: Access logs managed by Vercel and Supabase (see their policies)

What We Do NOT Collect

Page browsing history or click tracking
Search queries or export history
Third-party advertising or tracking cookies
Location data beyond IP-based country
Payment card numbers (handled entirely by Paddle)

2. How We Use Your Information

We use your information for the following purposes:

Service Provision: To operate, maintain, and provide features of the platform
AI Content Generation: To process your prompts and generate book content
Account Management: To manage your account, authentication, and preferences
Billing: To process payments and manage subscription status via Paddle
Communication: To send service-related notifications and respond to inquiries
Improvement: To analyse usage patterns and improve our service
Security: To detect and prevent fraud, abuse, and security threats
Legal Compliance: To comply with legal obligations and enforce our terms

AI Training

We do not train AI models on your content.Your prompts, your books, your research notes, and your uploaded documents are never used to train our own models or any third-party model on our behalf. If we ever decide to offer an opt-in option to use de-identified content for training future versions of our own models, we will give active users advance notice and an explicit opt-in — nothing changes without your consent.

Separately, when you send a prompt to an AI model via Coffeescribe, the prompt is forwarded to our AI provider (OpenRouter) for processing. OpenRouter and the underlying model provider may, depending on the model and tier you select, use prompts for their own training — see the OpenRouter section below for details. This is independent of Coffeescribe and governed by their privacy policy.

3. Third-Party Services

We use the following third-party services to operate Coffeescribe:

Supabase

Database hosting, authentication, and file storage. Your account data, books, and preferences are stored securely on Supabase infrastructure.

Supabase Privacy Policy →

OpenRouter

AI model routing and inference. Your prompts and book content are processed through OpenRouter to generate AI content. Free tier prompts may be used for model training by underlying providers. Paid tier prompts are not shared for training. When you enable Web Search for a scribe, OpenRouter's web search plugin queries third-party search providers and returns source URLs and titles, which Coffeescribe stores as citations. Clicking a citation opens the third-party URL in a new tab — we do not proxy or auto-fetch these URLs on your behalf.

OpenRouter Privacy Policy →

Paddle

Payment processing for subscriptions and one-time purchases. When you subscribe, Paddle receives your name, email address, and payment information to process transactions. Paddle acts as Merchant of Record — we never receive or store your payment card details.

Paddle Privacy Policy →

Mistral AI (OCR)

Optical character recognition for scanned PDFs uploaded via Scribe Conversion. When you upload a PDF that contains no embedded text (a scan or image-only PDF), we send the page images to Mistral's OCR API to extract the text. Mistral receives only the file bytes of your upload — no account information, no email, and nothing else. The OCR cost is billed to your token allowance and is shown in the cost preview before you commit. We do not send Mistral any content from your already-created scribes, your research, your notes, or any other part of your account.

Mistral Privacy Policy →

Apify

Web scraping and data extraction for Research Mode. When you extract YouTube transcripts, scrape web pages, run an optional Apify Actor search (Google Scholar, Twitter/X, Reddit, LinkedIn, Instagram, TikTok, YouTube Search, or News search) in a Cafe, or enable those tools in Auto-Research, your search query or URL is sent to Apify for content extraction. No personal data is shared — only the query or URL you provide.

Social-network and Scholar Actors (LinkedIn, Instagram, TikTok, Twitter/X, Reddit, Google Scholar): These Actors are opt-in and require explicit per-Cafe consent before use. They are available to Pro and Creator subscribers only. Consent is enforced both in the UI and server-side in the Auto-Research agent executor — a step that lacks consent is skipped and surfaced as a skipped step, never silently discarded. When enabled, your search query is forwarded to Apify, which runs the Actor on its own infrastructure. Your query is not attributed to your personal account on those platforms. We store the consent timestamp in the cafe_actor_consents table (per Cafe, per Actor) as an audit record. Consent records are deleted when you delete the Cafe or your account.

News search and Wikipedia: The News search tool uses a platform-pinned Apify actor and is available to all tiers via Auto-Research (no per-actor consent row, gated on tier). Wikipedia uses the free MediaWiki REST API directly (no Apify, no consent).

Third-party platform terms:The social and scholar tools access content that is subject to each platform's own terms of service. By enabling a consent-gated tool you acknowledge this. Relevant terms: Reddit, Google (Scholar), X/Twitter, Instagram, LinkedIn, TikTok. An AUP / indemnification clause covering automated access is a planned legal follow-up and is not yet included in these terms.

Apify Privacy Policy →

Academic Search and Identifier Resolution APIs

Academic paper search and identifier enrichment for Research Mode. When you search academic databases or paste an identifier (DOI, ISBN, PMID, arXiv ID, ISSN, or URL) in a Cafe, the identifier or query is sent to the relevant resolver.

OpenAlex — Open-access scholarly metadata (250M+ works). Search queries and DOI/identifier lookups sent. A small per-call fee applies (billed to your token allowance).
arXiv — Preprint server for physics, math, CS, and related fields. Only your search query or arXiv ID is sent. Free.
PubMed (NCBI) — ESummary + EFetch — Biomedical and life sciences literature. Search queries and PMIDs sent. EFetch returns abstract text and MeSH terms, which are stored in your Cafe source record. Free.
Crossref — DOI and ISSN resolution (Crossref Works API + Crossref Journals API). Only the DOI or ISSN you provide is sent. Free.
Open Library (Internet Archive) — ISBN and book metadata resolution. Only the ISBN you provide is sent. Free.
Google Books — ISBN fallback when Open Library misses. Only the ISBN you provide is sent. Free (up to 100,000 requests/day with our API key).

No personal data (name, email, account ID) is shared with any of these services — only the search query or identifier you provide.

OpenAlex Privacy →arXiv Privacy →NCBI Policies →

Research Mode — Data Privacy

Your uploaded documents, notebook imports, and curated Serving Tray notes are stored only on our servers — the original files and notes themselves are never sent to external services. Text extraction (PDF, DOCX) and embedding vector generation both run entirely on our servers using an open-source model. However, when you actively use a feature that needs an external AI service, the following limited extracts are sent out:

Web Search: Your search query is sent to OpenRouter for AI-powered search
Academic Search: Your search query is sent to the selected database (OpenAlex, arXiv, or PubMed)
Academic Analysis: Paper abstracts are sent to OpenRouter for AI analysis
Identifier Paste: The DOI, ISBN, PMID, arXiv ID, ISSN, or URL you paste is sent to the relevant resolver (Crossref, OpenAlex, PubMed, Open Library, Google Books). No account data is included. Pro/Creator only.
YouTube Transcripts: Only the YouTube URL is sent to Apify (not transcript content)
URL Scraping: Only the article URL is sent to Apify (not scraped content)
Apify Actor searches (Scholar, Twitter/X, Reddit, LinkedIn, Instagram, TikTok, YouTube Search): Your search query is sent to Apify for the selected Actor. Requires explicit per-Cafe consent. Pro/Creator only. Consent is enforced both in the UI and server-side in the Auto-Research agent executor.
Auto-Research — News search: Your search query is sent to a pinned Apify actor for news article discovery. Available to all tiers via Auto-Research. No per-actor consent row required.
Auto-Research — Wikipedia: Your search query is sent to the MediaWiki REST API (free, no Apify). No personal data is shared.
Q&A Chat: Your question + relevant research excerpts are sent to OpenRouter for answer generation
Auto-Write Research Reports: Your topic (in Topic mode) or the cached enrichment summaries of your selected Tray sources (in From Tray mode) plus your chosen citation style and model are sent to OpenRouter to generate the report body. The resulting report is stored in your account as a cafe_artefacts row (private to your Cafe). Hard-capped at $1 per run.
Detect Conflicts: The enrichment summaries of pairs of sources in your Cafe are sent to OpenRouter pairwise for the LLM to assess factual disagreement. Only the summary text used in the Cafe surfaces is sent — no extra account data is included. The resulting Conflict Report is stored in your account as a cafe_artefacts row. Hard-capped at $0.50 per run; soft 5-minute rate-limit between runs.
Tray empty-source full scrape: When you opt to "Scrape full article" from the Tray confirmation dialog on a source with empty content, the source's URL is sent to Apify for a one-off URL scrape (same Apify path as the regular URL Scrape feature). The scraped content is then saved to your Cafe source row.
Embeddings: Generated locally on our servers — no research text leaves our infrastructure
Cafe Sharing: When you share a Cafe via a read-only link, other authenticated Coffeescribe users can view your research sources and tray items. No data is sent to external services — sharing is internal to the Coffeescribe platform only
Report Sharing (W1.3): When you share an individual Auto-Write report using its Share button, we store an is_shared flag and a share_token UUID on the cafe_artefacts row. Other authenticated Coffeescribe users who open the share link can read the report body, citations, and bibliography. The share token is deleted (and sharing is immediately revoked) when you toggle sharing off. Both fields are deleted when you delete the report, the parent Cafe, or your account. Recipients must be signed in — no anonymous access is granted. The content of the report (AI-generated prose) is not sent to external services as part of sharing; sharing is internal to the Coffeescribe platform only
Apify Actor consent records: When you consent to an Apify Actor for a Cafe, we store a cafe_actor_consents row (Cafe ID, Actor ID, timestamp) as an audit record. These records are deleted when you delete the Cafe or your account.
PubMed abstracts and MeSH terms: When a PubMed source is enriched via the EFetch path, the abstract text and MeSH term array are stored in your Cafe source record. These are private to your account and deleted with the Cafe or account.
Manual citation entries: When you add a citation by hand in the Bibliography Editor, we store a cafe_sources row of type manual_entry containing the fields you typed (authors, title, journal, year, etc.). These rows are private to your Cafe and deleted with the Cafe or account.

Resend

Transactional email delivery. Coffeescribe uses Resend to send the following types of email:

Auth emails — signup verification codes and password reset codes (routed via Supabase Auth).
Invite emails — during private early access, when an admin sends a waitlist member their personal invite code, your email address and invite code are passed to Resend for delivery.
Broadcast emails — occasional service announcements sent by the Coffeescribe team to subscribers. Your email address (and, where relevant, your subscription tier) is used to determine recipients; only your email address is passed to Resend.

We do not use Resend for third-party marketing or advertising. Resend retains delivery logs (sender, recipient, subject, timestamp, delivery status) for approximately 30 days for deliverability and abuse-prevention purposes; message bodies are not retained beyond what is needed to deliver the message.

Resend Privacy Policy →

Bring Your Own Key (BYOK) — third-party provider calls made with your key

If you add your own API key for a provider in Settings → API Keys, your requests for that provider will be made directly to that provider using your key. This means:

OpenRouter key: Your prompts for scribe generation and Research Ask-AI are sent to OpenRouter under your account. OpenRouter's privacy policy governs how your data is handled. You are responsible for reviewing OpenRouter's terms regarding model training.
OpenAI key: AudioScribe narration requests are sent to OpenAI under your account. OpenAI's privacy policy applies to those calls.
Apify key: Research Mode YouTube-transcript and URL-scraping requests are sent to Apify under your account.
Mistral key: Scribe Conversion OCR requests for scanned PDFs are sent to Mistral under your account.
OpenAlex key: Research enrichment academic-metadata lookups use your key under your OpenAlex account.
Google Books key: Research enrichment ISBN fallback lookups use your key under your Google Cloud account.

Coffeescribe encrypts your key at rest (AES-256-GCM) and never shares it with any other party. The key is transmitted to the provider only at the time of the API call it is meant to authorise. Your key is never returned to your browser in plaintext after saving — only the last four characters are displayed. If you remove a key from Settings, the encrypted record is permanently deleted and future requests fall back to the platform key.

When you use a BYOK provider, your data-handling relationship for those calls is governed by that provider's privacy policy, not Coffeescribe's. Review the relevant policies before adding a key.

Vercel

Web hosting and serverless functions. Our application is hosted on Vercel's infrastructure, which may collect access logs and analytics.

Vercel Privacy Policy →

4. Data Retention

We retain your data for as long as necessary to provide our services:

Data Type	Retention Period
Account Data	Until you delete your account
Book Content (private)	Until you delete the book or account
Book Content (public)	Retained in library on account deletion, re-attributed to "Deleted User"
Deleted Book Snapshots	Up to 90 days, then automatically and permanently purged
AI Generation Logs	Indefinite (billing audit trail)
Token Transactions	Indefinite (billing audit trail)
Audiobook Playback Position	Until you delete the scribe or account
Imported Source Files (Scribe Conversion)	Deleted after successful conversion (or after 7 days for abandoned uploads)
Publish-Consent Timestamps (Imports)	Retained for as long as the imported scribe is published, plus 90 days after take-down (audit trail)
Apify Actor Consent Records	Until you delete the Cafe or your account (cascade delete)
PubMed Abstracts + MeSH Terms (cafe_sources columns)	Until you delete the source, the Cafe, or your account
Auto-Write Reports + Conflict Reports (cafe_artefacts)	Until you delete the artefact, the Cafe, or your account
Report Share Token (cafe_artefacts.share_token)	Until you toggle sharing off, delete the report, delete the Cafe, or delete your account — whichever comes first
Manual Citation Entries (cafe_sources type=manual_entry)	Until you delete the source, the Cafe, or your account
Email Delivery Logs (Resend)	~30 days (sender, recipient, subject, timestamp, delivery status — message bodies not retained beyond delivery)
Provider API Keys (BYOK — encrypted)	Until you remove the key from Settings → API Keys or delete your account (cascade delete)
Hosting Logs	Per Vercel/Supabase policies

Account Data

Until you delete your account

Book Content (private)

Until you delete the book or account

Book Content (public)

Retained in library on account deletion, re-attributed to "Deleted User"

Deleted Book Snapshots

Up to 90 days, then automatically and permanently purged

AI Generation Logs

Indefinite (billing audit trail)

Token Transactions

Indefinite (billing audit trail)

Audiobook Playback Position

Until you delete the scribe or account

Imported Source Files (Scribe Conversion)

Deleted after successful conversion (or after 7 days for abandoned uploads)

Publish-Consent Timestamps (Imports)

Retained for as long as the imported scribe is published, plus 90 days after take-down (audit trail)

Apify Actor Consent Records

Until you delete the Cafe or your account (cascade delete)

PubMed Abstracts + MeSH Terms

Until you delete the source, the Cafe, or your account

Auto-Write + Conflict Reports (cafe_artefacts)

Until you delete the artefact, the Cafe, or your account

Report Share Token (cafe_artefacts.share_token)

Until you toggle sharing off, delete the report, delete the Cafe, or delete your account — whichever comes first

Manual Citation Entries

Until you delete the source, the Cafe, or your account

Email Delivery Logs (Resend)

~30 days (sender, recipient, subject, timestamp, delivery status — message bodies not retained beyond delivery)

Provider API Keys (BYOK — encrypted)

Until you remove the key from Settings → API Keys or delete your account

Hosting Logs

Per Vercel/Supabase policies

After account deletion, we may retain anonymised, aggregated usage statistics for analytics purposes.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

GDPR Rights (EU Users)

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing

CCPA Rights (California Users)

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale of personal information (we do not sell your data)
Right to non-discrimination for exercising rights

How to Exercise Your Rights

Export Data: Use the profile settings to export your book data
Delete Books: Delete individual books from your dashboard
Delete Account: Use the "Danger Zone" in profile settings to delete your account
Other Requests: Email billing@coffeescribe.ai for other data requests

6. Data Security

We implement appropriate security measures to protect your data:

All data transmitted over HTTPS encryption
Passwords are hashed and never stored in plain text
Database access is restricted with row-level security policies
Regular security audits and updates
Authentication tokens with appropriate expiration
Payment data handled entirely by Paddle — we never store card details

While we take security seriously, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

7. Cookies and Local Storage

We use cookies and local storage for:

Authentication: Session cookies to keep you logged in
Preferences: Storing your theme preference (light/dark mode), and Workspace editor preferences such as whether you prefer the WYSIWYG view or Source (raw Markdown) view, and your chosen text size and alignment
Functionality: Maintaining application state and user experience

We do not use third-party tracking or advertising cookies.

Coffeescribe is built on a foundation of open-source software. For the full list of third-party packages we include and their licenses, see our Open Source Acknowledgements page.

8. Children's Privacy

Coffeescribe is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children under these ages. If you believe we have collected information from a child, please contact us immediately at billing@coffeescribe.ai so we can delete the data.

9. International Data Transfers

Your data may be processed in countries outside your residence, including the United States and other countries where our service providers operate. These countries may have different data protection laws. By using our service, you consent to the transfer of your data to these countries. We ensure appropriate safeguards are in place with our service providers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we may notify you via email or a prominent notice on our platform. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related inquiries, data requests, or to exercise your rights:

Data & privacy requests: billing@coffeescribe.ai
General support: Use the in-app feedback button
Postal address (data controller): 7sumcreations LLC, 1309 Coffeen Ave, Suite 1200, Sheridan, Wyoming 82801, USA

For data protection inquiries in the EU, you may also contact your local data protection authority.

This Privacy Policy should be read alongside our Terms of Service and AI Content Policy.