Privacy Policy

Effective Date: [DATE]
Last Updated: [DATE]

Our Commitment to Your Privacy

Orwell Writing Coach helps you improve your business writing. We believe your documents and data should remain private. This policy explains exactly what we collect, why we collect it, and your rights.

1. What We Collect

1.1 Information You Provide

Email address: Used for authentication and account management only
Text you submit for feedback: Sent to AI models for analysis but NOT stored on our servers
Your ratings and feedback: When you rate our suggestions or report issues

1.2 Information We Automatically Collect

Writing patterns and metadata:
- Document structure (word count, number of sections, paragraph count)
- Writing metrics (sentence length averages, passive voice percentage, readability scores)
- Improvement areas identified by our system
Usage information:
- Number of feedback requests
- Timestamps of activity
- AI model used for each request
- Response times

⚠️ Important: What We DON'T Store

We do NOT permanently store:

Your actual document text or content
File names or document titles
Any sensitive business information from your submissions

Your documents are processed in real-time and immediately discarded after analysis.

2. How We Use Your Information

2.1 To Provide Our Service

Authenticate your account
Process your text through AI models to provide writing feedback
Track your progress and personalize recommendations
Display your usage statistics

2.2 To Improve Our Service

Analyze aggregated usage patterns to improve our AI prompts
Monitor system performance and response times
Identify and fix technical issues
Understand which types of feedback are most helpful

2.3 Legal Basis (GDPR)

We process your data based on:

Consent: By creating an account, you consent to our data processing
Legitimate Interest: Improving our service and ensuring security
Contract: Providing the writing coaching service you signed up for

3. Data Security

3.1 Encryption

In transit: All data transmitted between your browser and our servers uses TLS/HTTPS encryption
At rest: Database information is encrypted using industry-standard AES-256 encryption

3.2 Access Controls

Your data is accessible only via authenticated API calls with your JWT token
Administrative access is password-protected and logged
We use secure hosting providers with SOC 2 compliance

3.3 Third-Party AI Providers

Your text is temporarily sent to AI providers (OpenAI, Anthropic, Groq) for analysis. These providers:

Process data in accordance with their privacy policies
Do NOT use your data to train their models (per our API agreements)
Do NOT retain your submissions beyond the processing time

4. Data Retention

Account data: Retained while your account is active
Writing metadata: Retained to track your progress and personalize feedback
Inactive accounts: Automatically deleted after 24 months of inactivity
Document content: NOT stored (processed in real-time only)

5. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights:

5.1 Right to Access

Request a copy of all personal data we hold about you.

5.2 Right to Rectification

Correct any inaccurate information (e.g., update your email address).

5.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your account and all associated data.

5.4 Right to Data Portability

Export your data in a machine-readable format (JSON).

5.5 Right to Object

Object to processing of your data for certain purposes.

5.6 Right to Withdraw Consent

Withdraw your consent at any time by deleting your account.

To exercise these rights: Email [YOUR-EMAIL] with your request.

6. Cookies and Tracking

We use minimal cookies:

Authentication token: Stored in browser localStorage to keep you logged in (essential for service)
No analytics cookies: We do not use Google Analytics or similar tracking
No advertising cookies: We do not show ads or use ad networks

7. International Data Transfers

Our servers are located in the European Union (Frankfurt, Germany) to ensure GDPR compliance. If you access our service from outside the EU, your data may be transferred to the EU and processed there.

8. Children's Privacy

Orwell Writing Coach is not intended for users under 16 years of age. We do not knowingly collect information from children. If you believe a child has provided us with personal data, please contact us immediately.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by:

Updating the "Last Updated" date at the top
Displaying a notice on our website
Sending an email notification (for significant changes)

10. Contact Us

Data Controller: [YOUR NAME/COMPANY NAME]

Email: [YOUR-EMAIL]

Address: [YOUR ADDRESS if required for GDPR]

For GDPR-related inquiries or to exercise your rights, please email us with "GDPR Request" in the subject line.

If you have concerns about how we handle your data, you have the right to lodge a complaint with your local data protection authority.

11. Document Upload Notice

When You Upload Documents:

✅ Your document is processed immediately for analysis
✅ Feedback is generated and displayed to you
✅ Only metadata (word count, structure, patterns) is saved
❌ The actual document content is NOT stored on our servers
✅ All data transmission is encrypted (HTTPS/TLS)
✅ Your data is stored in EU servers (GDPR-compliant)

Your documents remain private and are never stored permanently.