Privacy Policy
Plain English Summary
Here is the short version. The full policy follows below.
- Your writing never leaves your browser. All text analysis happens locally on your device. We cannot read your work.
- We do not sell your data. Not to advertisers, not to AI companies, not to anyone. Ever.
- We collect the basics. Account info (if you sign up), basic analytics, and payment details (handled by our payment processor, not stored by us).
- We do not track your keystrokes. witnessd captures keystroke timing locally on your machine. That data stays on your machine.
- You control your data. You can request a copy, correction, or deletion at any time. We respond within 30 days.
- We respect your rights under GDPR and CCPA. Whether you are in Europe, California, or elsewhere, you have clear rights over your data.
This summary is not legal advice. Please read the full policy below for complete details.
1. The Big Picture
WritersLogic is a privacy-first tool. We built it that way on purpose.
WritersLogic, Inc. ("we," "our," or "us") operates the WritersLogic website and web application, along with the witnessd desktop application. witnessd is a product of WritersLogic, Inc. This policy covers everything: our websites (writerslogic.com, witnessd.com), web apps, desktop apps (witnessd CLI and native apps), APIs, and all related services.
The most important thing to understand is this: your writing content is analyzed entirely within your browser or on your local device. We never see it, we never store it, and we could not read it even if we wanted to. That is not a marketing claim — it is how the software is architecturally designed.
By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
2. What We Collect
We keep data collection to a minimum. Here is exactly what we collect and why.
Information you give us directly
- Account details — Your email address and name when you create an account. This is how we identify you and let you sign in.
- Payment information — Billing details when you subscribe to a paid plan. Our payment processor handles this directly; we never see or store your full card number.
- Support messages — Whatever you share when you contact us for help or feedback.
- Community submissions — Content you voluntarily submit to community features, along with the display name you choose.
Information collected automatically
- Basic analytics — Pages visited, features used, time spent, and interaction patterns. This helps us understand which features are useful and which need improvement.
- Device and browser info — Browser type, operating system, and screen size. We use this to make sure the app works correctly on your device.
- Log data — IP address, access times, referring URLs, and error logs. Standard web server information that helps us keep the service running and troubleshoot problems.
- Cookies — Session cookies (to keep you signed in), authentication tokens, and analytics identifiers. We do not use cookies for advertising.
Your writing content: local processing only
Your writing stays on your device. This deserves emphasis because it is the foundation of our privacy model.
- All text analysis in WritersLogic runs in your browser. Your words are never transmitted to our servers.
- All authorship proof generation in witnessd happens locally on your machine. Keystroke timing, SWF proofs, and document hashes are generated and stored on your device.
- We never use your writing for AI training, model improvement, or any other purpose.
The three exceptions: (1) Content you explicitly choose to share via share links. (2) Content you submit to community features. (3) Cryptographic hashes (not your actual writing) that you choose to anchor to a timestamp service. In each case, you take the action; we never do it on your behalf.
3. What We Don't Collect
Being explicit about what we do not do matters as much as explaining what we do.
- We do not read, store, or transmit your writing. Your text content never touches our servers.
- We do not record your keystrokes. witnessd captures keystroke timing on your local machine. It never leaves your device.
- We do not sell or rent your personal information. Not to third parties, not to data brokers, not to anyone.
- We do not use your content for AI training. Your writing is yours. We never feed it into any model.
- We do not share your email with marketing partners. We do not send marketing emails from third parties.
- We do not access your API keys. If you configure optional AI features with your own keys, those keys stay in your browser's temporary storage.
- We do not use advertising cookies. We do not run ads and do not track you across other websites.
4. How We Use Your Data
The data we do collect serves specific, limited purposes:
- Running the service — Authenticating you, processing payments, delivering features you use.
- Improving the product — Understanding which features work well and which need attention, based on aggregated usage patterns.
- Keeping things secure — Detecting fraud, preventing abuse, and investigating security incidents.
- Operating community features — Managing submissions, voting, and prize fulfillment.
- Processing timestamp anchors — When you choose to anchor an authorship proof, we submit only a cryptographic hash (not your writing) to a timestamp service.
- Communicating with you — Responding to support requests, sending account notifications, and informing you of important service changes.
- Complying with the law — Meeting legal obligations when required by applicable law.
5. Data Storage and Security
Where your data lives
Your writing (WritersLogic)
In your browser only. Preferences and cached content stay in browser storage. Nothing goes to our servers.
Your authorship proofs (witnessd)
On your local device only. Keystroke timing, SWF proofs, and document hashes never leave your machine unless you explicitly anchor a hash.
Account and payment data
Stored securely by our authentication and PCI-DSS compliant payment providers. We do not maintain our own database of payment credentials.
Community submissions
Stored in secure cloud databases, accessible to all users as part of the community feature.
Analytics
Processed by our analytics provider. We use aggregated data, not individual tracking profiles.
How we protect it
- HTTPS encryption for all data in transit
- Industry-standard authentication protocols
- API keys stored only in your browser's temporary storage
- Security headers and best practices across all endpoints
- Regular security reviews and updates
How long we keep it
- Account data — As long as your account is active. Deleted within 30 days of your request.
- Winning community contributions — Retained permanently as part of the collective work.
- Non-winning community contributions — Deleted after the voting period concludes.
- Voting records — Retained for 1 year for audit purposes, then deleted.
- Analytics data — Retained per our analytics provider's policies (typically 14-26 months).
6. Third Parties
We use a small number of trusted services to operate. Here is who they are and what they do.
Supabase (Authentication and Database)
Handles user sign-up, sign-in, and account management. Stores account-related data securely.
Stripe (Payment Processing)
Processes payments and manages subscriptions. PCI-DSS Level 1 compliant. We never see your full card number.
Cloudflare (Hosting and Security)
Provides hosting, content delivery, DDoS protection, and Turnstile challenge tokens to prevent bot abuse.
Google Analytics (Analytics)
Collects anonymized usage data to help us understand how people use the product. You can opt out with standard browser privacy tools or ad blockers.
A note about optional AI features: If you choose to use AI-powered features with your own API keys, your text may be sent directly from your browser to those AI providers (such as OpenAI or Anthropic). This happens only when you initiate it, and those interactions are governed by the respective provider's privacy policy, not ours. We never see the content of those requests.
7. Community Features
We offer community features where users can share writing and vote on contributions. If you participate, here is what you should know.
What we collect for community features
- The content you submit (this is by definition not private — other users will see it)
- Your display name (you choose this; it can be anonymous)
- Your account ID (for voting eligibility and prize fulfillment)
- Voting records (which contributions you vote for)
- Timestamps of your submissions and votes
Community contributions are public. Anything you submit to a community feature will be visible to all users. Winning contributions become permanent. Do not submit content you want to keep private.
If you win a contest
We will generate a unique promotional code for your prize, associate it with your account, display your chosen display name publicly, and use your email (if provided) to notify you. We will never publish your real name or email without your explicit consent.
8. Your Rights
Regardless of where you live, you have the following rights regarding your personal data:
Access and portability
You can request a complete copy of the personal data we hold about you, in a portable format. Email [email protected].
Correction
You can update your account information through your profile settings, or ask us to correct any inaccuracies.
Deletion
You can request that we delete your account and all associated personal data. To do so, email [email protected] with the subject line "Account Deletion Request" from the email address associated with your account. We will process your request and confirm deletion within 30 days. Note: winning community contributions are considered part of a collective work and may not be deletable. We may also retain data required by law.
Opt out of analytics
You can use browser privacy settings, ad blockers, or the cookie consent controls we provide to opt out of analytics collection.
We do not send marketing emails, so there is nothing to unsubscribe from. The only emails you will receive are account-related notifications (password resets, subscription confirmations, and similar).
9. For European Users (GDPR)
If you are in the European Economic Area (EEA), the UK, or Switzerland, you have additional rights under the General Data Protection Regulation. Here is what you should know.
Legal basis for processing
We process your data based on one or more of the following legal bases:
- Consent — When you sign up, submit community content, or opt into analytics.
- Contractual necessity — When we need to process data to provide the service you signed up for (authentication, payments).
- Legitimate interests — When we analyze aggregated usage data to improve the product, or take measures to prevent fraud.
Behavioural and authorship data (special category)
Our authorship tools measure how you write — typing rhythm, pauses, and editing patterns — to help confirm that you are the author. We never capture the keys you press or the text you write, only these derived patterns. Because patterns like these can help confirm a person's identity, we treat them as biometric data, a special category under the GDPR, and process them only on your explicit, opt-in consent (Article 9(2)(a)). This capture is always optional and never mandatory, and you can withdraw consent at any time, as easily as you gave it. We never rely on legitimate interest for this data.
Your additional GDPR rights
- Right to object — You can object to processing based on legitimate interests. We will stop unless we have compelling reasons to continue.
- Right to restrict processing — You can ask us to limit how we use your data in certain situations.
- Right to withdraw consent — You can withdraw consent at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint — You can file a complaint with your local data protection authority if you believe we are handling your data improperly.
To exercise any of these rights, contact our data protection point of contact at [email protected].
10. For California Users (CCPA)
If you are a California resident, the California Consumer Privacy Act gives you specific rights:
- Right to know — You can request that we disclose what personal information we collect, use, and share about you.
- Right to delete — You can request deletion of the personal information we have collected from you.
- Right to opt out of sale — We do not sell your personal information. This right is automatically satisfied.
- Right to non-discrimination — We will never charge you different prices, provide a different quality of service, or deny you service for exercising your CCPA rights.
To exercise these rights, contact [email protected]. We will verify your identity before processing any request and respond within 45 days as required by law.
11. Children's Privacy
The Service is not intended for anyone under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will promptly delete it.
12. International Data Transfers
We operate from the United States. If you access the Service from outside the US, your account and analytics data may be transferred to and processed in the United States or other countries where our service providers operate.
These countries may have different data protection laws than your own. By using the Service, you consent to this transfer. Where required by law (such as under GDPR), we rely on appropriate safeguards including standard contractual clauses.
13. Changes to This Policy
We may update this policy from time to time. When we do, we will:
- Update the "Last Updated" date at the top of this page
- Send an email notification to registered users for significant changes
- Display a notice within the app for material changes
We will never make retroactive changes that reduce your rights without giving you clear notice and, where legally required, obtaining your consent. Your continued use of the Service after a change constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this policy, want to exercise your rights, or just want to understand how your data is handled, reach out. We are real people and we read every message.
Entity: WritersLogic, Inc.
General privacy questions: [email protected]
Data protection inquiries: [email protected]
Response time: We aim to respond within 30 days. For GDPR and CCPA requests, we will respond within the legally required timeframe.
This privacy policy is written in plain language to help you understand how we handle your data. It is not legal advice. If you have specific legal questions about your rights, please consult a qualified attorney in your jurisdiction.