Privacy Notice

gowrite is an online writing platform operated by gowrite Ltd, a company registered in England & Wales. We are the data controller responsible for your personal data. If you have any questions about this Privacy Notice or our data handling practices, you can contact us.

We collect and process the following categories of personal data:

• Account information: Your name, email address, and password when you create an account.
• Manuscript content: Text, drafts, manuscripts, and any creative writing you upload, store, or create through the Service.
• Usage data: Information about how you interact with the Service, including which features you use, how often you use them, and the dates and times of your access.
• Payment information: Payment details processed through Stripe. We do not directly store your credit card or payment card data. Stripe processes and secures this information according to its own privacy practices.
• Device and browser information: Your IP address, device type, operating system, browser type, and related technical information.

We use your personal data for the following purposes:

• To provide the Service: To create and manage your account, store your manuscript content, and deliver writing assistance features.
• To process payments: To charge subscription fees or credit purchases to your account through Stripe.
• Essential communications: To send you transactional emails such as account confirmation, password resets, subscription updates, and important service notices.
• To improve the Service: To analyse usage patterns, identify bugs, optimise features, and enhance your experience (in anonymised or aggregated form where possible).
• Legal compliance: To comply with applicable laws, regulations, and legal processes including tax obligations and law enforcement requests.

When you use our AI-assisted writing features, your manuscript text is transmitted to Anthropic’s Claude API to generate results such as prose polish, restructuring, and manuscript analysis.

Important: Your manuscript content is not used to train Anthropic’s AI models. It is processed solely to generate the result you requested and is subject to Anthropic’s data processing terms. Anthropic has committed to not training on customer data submitted through their API.

By using AI Features, you acknowledge and agree that your manuscript content will be transmitted to and processed by Anthropic.

Under the UK GDPR and EU GDPR, we rely on the following legal bases to process your personal data:

• Contract performance: Processing necessary to perform our contract with you, including creating accounts, storing content, and providing the Service.
• Legitimate interests: Processing to improve our Service, analyse usage patterns, detect fraud, and protect the security of our systems and users.
• Consent: Where you have explicitly consented to specific processing, such as receiving marketing communications or enabling analytics cookies.
• Legal obligation: Processing required by law, including tax reporting and compliance with legal demands.

We do not sell your personal data to third parties. We only share your data with trusted service providers as necessary to deliver the Service:

• Anthropic: Manuscript text sent to Claude API for AI-assisted writing features.
• Stripe: Payment information processed securely for subscription billing.
• Vercel: Hosts and delivers the gowrite platform and services.
• Email service provider: Sends transactional emails on our behalf.

All service providers are contractually bound to process your data only as necessary to provide their services and must maintain appropriate security protections.

We may disclose your data if required by law, court order, or government request, or if we reasonably believe disclosure is necessary to protect the rights, safety, or property of gowrite, our users, or the public.

Your personal data may be transferred to, stored in, and processed in the United States, the European Union, or other countries outside your country of residence.

Where we transfer data internationally, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection under GDPR. If you would like further information about these safeguards, please contact us.

We retain your personal data as follows:

• Account data: Retained while your account is active. Once you request account closure, personal identifying data is deleted within 30 days.
• Backups: Backups containing your data are purged within 90 days of account closure to ensure complete deletion across all systems.
• Usage logs and analytics: Anonymised or aggregated usage data may be retained longer for statistical purposes.
• Legal holds: If required by law, we may retain data for longer to satisfy legal or regulatory obligations.

Under UK GDPR and EU GDPR, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data (subject to legal retention requirements).
• Right to restrict processing: Request that we limit how we process your data.
• Right to data portability: Receive your data in a structured, commonly used format and transmit it to another controller.
• Right to object: Object to processing based on legitimate interests or other legal bases.
• Right to withdraw consent: Withdraw any consent you have given at any time.

California Consumer Privacy Act (CCPA) Rights: If you are a California resident, you have the right to:

• Know: Request what personal information we collect, use, and share about you.
• Delete: Request deletion of personal data collected from you (with certain exceptions).
• Opt-out: Opt out of the sale or sharing of your personal data (we do not sell your data).
• Non-discrimination: We will not discriminate against you for exercising your rights.

To exercise any of these rights, please contact us. We will respond to your request within 30 days (or as required by applicable law).

We use cookies and similar tracking technologies to operate the Service and understand your preferences.

Essential cookies: Required for the Service to function, including authentication, session management, and security. These are placed by default and cannot be disabled without impacting functionality.

Analytics cookies: Help us understand how you use the Service by collecting anonymised data about page visits and feature usage. These are placed only with your consent.

Advertising cookies: We do not use advertising cookies to track you across third-party websites for targeted advertising.

You can control cookie preferences through your browser settings or our cookie consent banner. Disabling non-essential cookies will not prevent you from using the Service, but may limit certain functionality.

The Service is not intended for children under 16 years of age. In the United States, the Children’s Online Privacy Protection Act (COPPA) prohibits us from knowingly collecting personal data from children under 13 without verifiable parental consent. We do not knowingly collect data from users under 13, and we do not knowingly allow users under 16 to create accounts.

If we become aware that we have collected data from a child under 13 (or under 16 in other jurisdictions), we will promptly close the account and delete all associated data. If you believe a child has provided us with personal data, please contact us immediately.

We implement industry-standard technical, administrative, and physical security measures to protect your personal data against unauthorised access, alteration, disclosure, and destruction. These include encrypted data transmission (HTTPS), access controls, and regular security assessments.

However, no security system is impenetrable. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for notifying us immediately of any unauthorised access via our contact form.

We may update this Privacy Notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by email and by a prominent notice within the Service at least 14 days before the new Privacy Notice takes effect.

Continued use of the Service following notice of material changes constitutes your acceptance of the updated Privacy Notice. If you do not agree to the changes, you may close your account.

You have the right to lodge a complaint with the relevant data protection authority if you believe we have violated your data protection rights.

• UK residents: Information Commissioner’s Office (ICO)
• EU residents: Your national data protection authority (listed at the European Data Protection Board)
• Other jurisdictions: Contact the relevant data protection or privacy authority in your country.

Before filing a complaint with a supervisory authority, we encourage you to contact us so we may attempt to resolve your concern directly.

If you have questions, concerns, or requests regarding this Privacy Notice or our data handling practices, please contact us:

Contact: Send us a message
Data Controller: gowrite Ltd, England & Wales

We will respond to your enquiry within 14 days.