Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect your username, email address, and password (stored as a secure hash, never in plain text). If you sign in with Google, we receive your name and email from Google's OAuth service.

Usage Data

We log metadata about your rewrites: word counts, mode used (Quick Fix or Deep Rewrite), tone selected, detected language, and timestamps. We do not permanently store the actual text you submit for rewriting.

Technical Data

We collect IP addresses for rate limiting and security purposes. Standard server logs include request timestamps, URLs accessed, and HTTP status codes.

2. How We Use Your Information

We use your information to provide and improve the Service, enforce usage limits, prevent abuse, display your personal analytics, and communicate with you about your account (verification emails, password resets). We do not sell your personal information to third parties.

3. Third-Party Services

When you use Deep Rewrite mode, your text is sent to third-party AI providers (currently OpenAI) for processing. These providers have their own privacy policies. We send only the text content needed for rewriting — no personal information is included in API requests. Google Sign-In is handled by Google's OAuth service.

4. Data Storage and Security

Your account data is stored in our database. Passwords are hashed using Django's PBKDF2 algorithm. We use CSRF protection, rate limiting, input sanitization, and security headers to protect the Service. Access to user data is limited to administrators.

5. Data Retention

Account data is retained as long as your account is active. Rewrite logs (metadata only, not text content) are retained for analytics. You can delete your account at any time from your profile page, which removes your personal data.

6. Cookies and Local Storage

We use Django session cookies for authentication. We use browser localStorage to store session history (your recent rewrites) and guest usage counts. No third-party tracking cookies are used.

7. Your Rights

You can access your personal data through your profile and analytics pages. You can update your email and name on your profile page. You can delete your account and associated data at any time. You can submit data-related requests through the feedback system.

8. Guest Users

Guest users (not logged in) can use the Service with limited rewrites. We track guest usage via browser localStorage and server sessions. No personal information is collected from guest users beyond IP addresses for rate limiting.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information promptly.

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users of significant changes via email. Continued use of the Service after changes constitutes acceptance.

11. Contact

For privacy-related questions or requests, please use the feedback button on the website or contact us through the app.