Privacy Policy

Account information: When you register, we collect your email address and a hashed (never plaintext) version of your password.

Content: We store the documents, outlines, characters, and other creative content you create within the Service.

Usage data: We log AI generation requests (model used, token counts, latency, feature used) for billing and analytics. We do not log the full content of your prompts or outputs beyond a short snippet (up to 200 characters) for debugging.

Payment information: Payments are processed by Stripe. We do not store credit card numbers. We receive a record of successful transactions from Stripe.

BYOM API keys: If you provide your own AI provider API keys, they are stored in our database associated with your account. They are never exposed to other users or returned via our API.

• To provide and improve the Service
• To process payments and manage your credit balance
• To send transactional emails (password resets, receipts)
• To detect abuse and enforce our Terms of Service
• To generate aggregate, anonymized usage analytics

We do not use your content to train AI models. Content you create is processed by third-party AI providers solely to generate your requested output. Those providers' data practices are governed by their own privacy policies.

If you use the "Bring Your Own Model" feature, your prompts are sent directly to the provider using your API key. We act only as a relay.

We do not sell your personal data. We share data only with:

• AI providers (Anthropic, OpenAI, Google, DeepSeek) — to process your generation requests
• Stripe — to process payments
• Resend — to send transactional emails
• Hosting infrastructure (Vercel, database provider) — to run the Service

We retain your account and content data for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, subject to legal retention requirements.

Archived projects are retained for 90 days before permanent deletion, allowing you to recover them if needed.

Passwords are hashed using bcrypt and never stored in plaintext. All data is transmitted over HTTPS. We implement reasonable technical and organizational measures to protect your data against unauthorized access.

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict certain processing
• Data portability

To exercise these rights, contact us at privacy@muzewriter.com.

We use a single session cookie to keep you logged in (via NextAuth.js). We do not use tracking or advertising cookies.

We may update this policy from time to time. We will notify you of material changes via email or an in-app notice. Your continued use of the Service constitutes acceptance of the updated policy.

For privacy-related inquiries, contact privacy@muzewriter.com.