Privacy Policy

1. Information We Collect

We collect the following categories of information when you use SirWritesALot:

Account data — When you sign up, we collect your email address. If you sign in with a magic link or OAuth provider, we receive the email associated with that account.

Content data — Articles, outlines, brand voice guides, and other text you create within the Service are stored in our database so you can access them across sessions.

Usage data — We log actions such as editor creations, AI generation requests, and credit transactions to maintain your credit balance and provide usage history.

Payment data — Stripe processes all payment information. We never store your full card number. We receive a Stripe customer ID and subscription/payment status from Stripe's API.

Cookies & local storage — We use cookies to maintain your authenticated session (managed by Supabase Auth) and local storage to persist your UI preferences such as theme (dark/light).

2. How We Use Your Information

We use the information we collect to:

(a) Provide, maintain, and improve the Service; (b) Authenticate your identity and manage your account; (c) Process payments and manage subscription and credit balances; (d) Generate AI content by passing your prompts and article text to Anthropic's AI API; (e) Send transactional emails such as magic-link sign-in emails and payment receipts; (f) Detect and prevent abuse or fraud; (g) Respond to your support requests.

3. Third-Party Services

SirWritesALot integrates with third-party services that process your data under their own privacy policies:

Supabase — Handles authentication, session management, and primary database storage. Data is stored in Supabase-managed PostgreSQL instances.

Stripe — Processes all payment transactions. Subject to Stripe's privacy policy at stripe.com/privacy.

Anthropic — AI-generated content is produced by sending your article text and prompts to Anthropic's API. Content sent to Anthropic is subject to Anthropic's usage policies.

DataForSEO — Keyword metrics and competitor data are fetched from DataForSEO's API. Queries include the target keyword and your domain name.

Zyte — Competitor page HTML is fetched via Zyte's scraping API. URLs are sent to Zyte for retrieval.

Jina AI — Autocomplete and search features may use Jina's Reader API. Requests include the keyword query.

4. Data Retention

We retain your account and content data for as long as your account is active. If you delete your account, we will delete your personal data and content within 30 days, except where retention is required by law (e.g., billing records which may be retained for up to 7 years).

Anonymized usage statistics may be retained indefinitely.

5. Your Rights

Depending on your jurisdiction, you may have the right to:

(a) Access — Request a copy of the personal data we hold about you; (b) Correction — Ask us to correct inaccurate data; (c) Deletion — Request that we delete your personal data (subject to legal retention obligations); (d) Portability — Request your content data in a machine-readable format; (e) Objection — Object to certain types of processing.

To exercise any of these rights, contact us at sathish@rirm.in. We will respond within 30 days.

6. Cookies

We use strictly necessary cookies to maintain your authenticated session. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but doing so will prevent you from staying signed in.

We use local storage to persist your theme preference (dark/light mode). This data is stored locally on your device and is not transmitted to our servers.

7. Security

We take reasonable technical and organizational measures to protect your data, including TLS encryption for data in transit and encrypted storage for authentication tokens. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

If you believe your account has been compromised, please contact us immediately.

8. Children's Privacy

The Service is not directed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

10. Contact

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us at sathish@rirm.in.