← Back to Home

Privacy Policy

Last updated: December 4, 2025

Introduction

Coffeescribe ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered book creation platform. Please read this policy carefully to understand our practices regarding your personal data.

1. Information We Collect

Information You Provide

  • Account Information: Email address, password (hashed), display name
  • Legal Consent Records: Timestamp of Terms/Privacy acceptance, age confirmation
  • Book Content: Book titles, descriptions, chapters, and all content you create or edit
  • Preferences: Settings, preferences, and customizations you configure
  • Feedback: Any feedback, support requests, or communications you send us

Automatically Collected Information

  • AI Generation Logs: Token counts (input/output), AI model used, generation cost, prompts sent to AI
  • Token Transactions: Token balance changes, transaction timestamps, IP address and user agent (for security/fraud prevention)
  • Account Statistics: Total tokens used, total cost, last activity timestamp
  • Hosting Logs: Access logs managed by Vercel and Supabase (see their policies)

What We Do NOT Collect

  • ❌ Page browsing history or click tracking
  • ❌ Search queries or export history
  • ❌ Third-party advertising or tracking cookies
  • ❌ Location data beyond IP-based country

2. How We Use Your Information

We use your information for the following purposes:

  • Service Provision: To operate, maintain, and provide features of the platform
  • AI Content Generation: To process your prompts and generate book content
  • Account Management: To manage your account, authentication, and preferences
  • Communication: To send service-related notifications and respond to inquiries
  • Improvement: To analyze usage patterns and improve our service
  • Security: To detect and prevent fraud, abuse, and security threats
  • Legal Compliance: To comply with legal obligations and enforce our terms

3. Third-Party Services

We use the following third-party services to operate Coffeescribe:

Supabase

Database hosting, authentication, and file storage. Your account data, books, and uploaded files are stored securely on Supabase infrastructure.

Supabase Privacy Policy →

OpenRouter

AI model routing and inference. Your prompts and book content are processed through OpenRouter to generate AI content. OpenRouter may use various AI providers.

OpenRouter Privacy Policy →

Vercel

Web hosting and serverless functions. Our application is hosted on Vercel's infrastructure, which may collect access logs and analytics.

Vercel Privacy Policy →

4. Data Retention

We retain your data for as long as necessary to provide our services:

Data TypeRetention Period
Account DataUntil you delete your account
Book ContentUntil you delete the book or account
AI Generation LogsIndefinite (billing audit trail)
Token TransactionsIndefinite (billing audit trail)
Hosting LogsPer Vercel/Supabase policies

Note: We currently do not have automated data deletion schedules. AI generation logs and token transactions are retained indefinitely for billing accuracy and service improvement. We may implement automated retention policies in the future.

After account deletion, we may retain anonymized, aggregated usage statistics for analytics purposes.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

GDPR Rights (EU Users)

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

CCPA Rights (California Users)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising rights

How to Exercise Your Rights

  • Export Data: Use the profile settings to export your book data
  • Delete Books: Delete individual books from your dashboard
  • Delete Account: Use the "Danger Zone" in profile settings to delete your account
  • Other Requests: Contact us through the feedback system for other data requests

6. Data Security

We implement appropriate security measures to protect your data:

  • All data transmitted over HTTPS encryption
  • Passwords are hashed and never stored in plain text
  • Database access is restricted with row-level security policies
  • Regular security audits and updates
  • Authentication tokens with appropriate expiration

While we take security seriously, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

7. Cookies and Local Storage

We use cookies and local storage for:

  • Authentication: Session cookies to keep you logged in
  • Preferences: Storing your theme preference (light/dark mode)
  • Functionality: Maintaining application state and user experience

We do not currently use third-party tracking or advertising cookies.

8. Children's Privacy

Coffeescribe is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children under these ages. If you believe we have collected information from a child, please contact us immediately so we can delete the data.

9. International Data Transfers

Your data may be processed in countries outside your residence, including the United States and other countries where our service providers operate. These countries may have different data protection laws. By using our service, you consent to the transfer of your data to these countries. We ensure appropriate safeguards are in place with our service providers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we may notify you via email or a prominent notice on our platform. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us through the feedback button in the application or reach out to our support team. For data protection inquiries in the EU, you may also contact your local data protection authority.

This Privacy Policy should be read alongside our Terms of Service.