Back to Home

Privacy Policy

Last updated: January 5, 2026

1. Introduction

Writesy ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered content generation service ("Service") at writesy.ai.

Please read this Privacy Policy carefully. By accessing or using Writesy, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (required)
  • Name (if provided)
  • Profile picture (if provided)
  • Authentication credentials (passwords are hashed, never stored in plain text)
  • OAuth provider data if you sign in with Google

2.2 Usage Data

We automatically collect information about how you use the Service:

  • Content generation history and preferences
  • Credit usage and consumption patterns
  • Feature usage and interactions
  • Campaign, project, and brand kit data you create
  • Device information (browser type, operating system)
  • IP address (anonymized for analytics, full IP retained for security for 30 days)
  • Access times, pages viewed, and referral URLs
  • Error logs and performance data

2.3 Content Data

When you use our content generation features, we process:

  • Topics, titles, keywords, and prompts you provide
  • Generated content and all versions/revisions
  • Content settings and generation preferences
  • Brand kit information (colors, fonts, voice guidelines, target audience)
  • Keyword research data and saved ideas
  • Media selections (stock photos, GIFs, AI-generated images)

2.4 Payment Data

Payment processing is handled by Paddle.com Market Limited ("Paddle"), our Merchant of Record. We receive from Paddle:

  • Transaction identifiers and order IDs
  • Subscription status and plan information
  • Billing country and currency (for tax purposes)
  • Payment method type (card, PayPal, etc.) but NOT full card details

We do not store, process, or have access to your payment card numbers. Paddle handles all payment processing in compliance with PCI-DSS Level 1 standards.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • Provide, maintain, and improve the Service
  • Process your transactions and manage subscriptions
  • Generate AI content based on your inputs and preferences
  • Personalize your experience and remember your settings
  • Store and display your content, campaigns, and projects

3.2 Communication

  • Send transactional emails (account confirmation, password reset, receipts)
  • Respond to your support requests and inquiries
  • Send service announcements and security alerts
  • Send marketing communications (with your consent, you can opt out anytime)

3.3 Security and Compliance

  • Detect, prevent, and address fraud and abuse
  • Monitor for security threats and unauthorized access
  • Enforce our Terms of Service and policies
  • Comply with legal obligations and respond to lawful requests

3.4 Analytics and Improvement

  • Analyze usage patterns to improve features and user experience
  • Debug issues and optimize performance
  • Develop new features and services

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service (account management, content generation, billing)
  • Legitimate Interests: Processing for fraud prevention, security, service improvement, and analytics, balanced against your privacy rights
  • Consent: Marketing communications and non-essential analytics cookies (you can withdraw consent anytime)
  • Legal Obligation: Processing required to comply with applicable laws (tax records, legal requests)

5. Third-Party Services

We share information with the following third-party service providers who help us operate the Service. These providers are contractually bound to protect your data:

Paddle

Payment processing and Merchant of Record (handles billing, taxes, refunds)

View Privacy Policy

Supabase

Database hosting, user authentication, and real-time services

View Privacy Policy

OpenRouter / Google AI

AI language model processing for content generation

Your prompts and content are sent to these providers for AI processing. Your content is not used to train their AI models.

Vercel

Application hosting, edge functions, and content delivery

View Privacy Policy

Inngest

Background job processing for content generation workflows

View Privacy Policy

Unsplash / Pexels

Stock photo search and integration

Search queries are sent to retrieve stock images.

fal.ai

AI image generation services

Prompts are sent for AI image generation when you use this feature.

6. Cookies and Tracking Technologies

6.1 Essential Cookies

These cookies are strictly necessary for the Service to function:

  • Authentication session cookies (keep you logged in)
  • Security tokens (CSRF protection)
  • User preferences (theme, language)

6.2 Analytics Cookies

With your consent, we may use analytics cookies to understand how users interact with our Service. You can opt out of analytics cookies through your browser settings or by contacting us.

6.3 Do Not Track

We do not currently respond to "Do Not Track" browser signals. However, you can manage cookies through your browser settings.

7. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

  • Account data: Retained until you delete your account, plus 30 days for backup recovery
  • Content data: Retained until you delete it or close your account
  • Security logs: IP addresses retained for 30 days; anonymized logs retained for 90 days
  • Transaction records: Retained for 7 years for tax and legal compliance
  • Marketing preferences: Retained until you unsubscribe or request deletion

After account deletion, we may retain anonymized, aggregated data for analytics and service improvement. This data cannot be used to identify you.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete personal data
  • Deletion: Request deletion of your personal data ("right to be forgotten")
  • Portability: Request a machine-readable copy of your data
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw Consent: Withdraw consent for processing based on consent

To exercise these rights, contact us at hello@writesy.ai. We will respond within 30 days (or as required by applicable law).

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of personal information collected, used, shared, or sold
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt out of sale or sharing of personal information
  • Right to Limit: Limit use of sensitive personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising these rights

We do not sell or share your personal information for cross-context behavioral advertising. To exercise your CCPA/CPRA rights, contact us at hello@writesy.ai.

10. International Data Transfers

Writesy is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For users in the EEA, UK, or Switzerland, we rely on the following mechanisms for international data transfers:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with sub-processors
  • Your explicit consent where required

By using the Service, you acknowledge and consent to the transfer, storage, and processing of your information as described in this Privacy Policy.

11. Children's Privacy

The Service is not intended for children under 13 years of age (or 16 in certain jurisdictions). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at hello@writesy.ai. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.

12. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

  • Encryption of data in transit using TLS 1.3
  • Encryption of data at rest using AES-256
  • Row-level security (RLS) in our database
  • Regular security assessments and penetration testing
  • Access controls and least-privilege principles
  • Multi-factor authentication for administrative access
  • Regular backups with encryption

While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our abilities.

13. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of discovering the breach (or as required by law)
  • Describe the nature of the breach and data affected
  • Provide recommended steps you can take to protect yourself
  • Report to relevant data protection authorities as required

14. Marketing Communications

We may send you marketing communications about our products, features, and promotions if you have opted in or where permitted by law.

You can opt out at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at hello@writesy.ai. Note that opting out of marketing does not affect transactional emails (receipts, security alerts, etc.).

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes:

  • We will post the updated policy on this page with a new "Last updated" date
  • For material changes, we will send an email notification to the address associated with your account
  • We may also display a prominent notice within the Service

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy. We encourage you to review this page periodically.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@writesy.ai

Website: writesy.ai

For GDPR-related inquiries or to submit a data subject access request (DSAR), please email us with "Privacy Request" in the subject line.