Privacy Policy
Last updated: 2026-06-04 ยท Draft template โ review with legal counsel before publishing.
This document is a starting template, not legal advice. Finalize jurisdiction-specific wording (GDPR/CCPA), company details, and a Data Processing Agreement before launch.
1. What we collect
- Account: email, display name, hashed password, device metadata (name, platform, last seen).
- Your writing: manuscripts, Codex entries, and project metadata you choose to sync.
- Operational: request logs, audit log of security-relevant actions, and (only if you opt in) anonymous usage telemetry.
2. How we use it
To provide cross-device sync and backup, authenticate you, secure the service, and (with consent) improve the product. We do not sell your data or use your manuscripts to train AI models.
3. Storage & security
Manuscripts are encrypted at rest on the server. Authentication uses argon2id password hashing and short-lived signed tokens. Blobs are stored in object storage and transferred directly over TLS.
4. Sub-processors
| Provider | Purpose |
|---|---|
| Hetzner | Server hosting (EU) |
| Backblaze B2 + Cloudflare | Object storage + CDN |
| Resend | Transactional email |
| Sentry | Error monitoring |
5. Retention
Auth logs ~90 days, audit log ~1 year, telemetry ~30 days, backups ~35 days, deletion tombstones ~90 days. You can request export or deletion of your account data at any time.
6. Your rights
Access, export, correct, or delete your data. Account deletion is a soft-delete with a 30-day grace period, then permanent purge (cascading to backups within 90 days).
7. Contact
Questions or requests: privacy@novelforge.app.