Duskwrit

Privacy Policy

Last updated: February 28, 2026

This Privacy Policy describes how Duskwrit ("we", "us", "our") collects, uses, stores, and protects your information when you use the Duskwrit platform and services (the "Service"). We take the privacy of your creative works especially seriously.

1. Information We Collect

1.1. Account Information: Email address, display name, profile picture (via OAuth providers).

1.2. Authentication Data: OAuth tokens for Google, GitHub, and Discord. These tokens are encrypted at rest and used solely for authentication.

1.3. Creative Content: Manuscripts, chapters, scenes, character descriptions, location details, worldbuilding notes, entity data, knowledge graph relationships, brainstorm chat messages, and any other creative content you write or generate through the Service ("Your Works").

1.4. AI Interaction Data: Prompts sent to AI providers (Anthropic Claude, Google Gemini) for features like entity detection, consistency checking, writing assistance, brainstorming, and AI fill. These prompts contain excerpts of Your Works necessary to provide context-aware AI features.

1.5. Usage Data: Features used, word counts, writing sessions, export history, project metadata, plan and billing status.

1.6. Technical Data: IP address, browser type, device type, operating system, referring URLs, pages visited, and timestamps. Collected via server logs.

1.7. Payment Data: Processed and stored by Stripe. We do not store credit card numbers, CVVs, or full payment details on our servers. We receive only: last four digits, card brand, billing address, and transaction status.

1.8. Cookies: We use essential cookies for authentication and session management. We do not use third-party advertising cookies or tracking pixels.

2. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To process Your Works through AI features (entity detection, consistency checking, writing assistance, brainstorming).
  • To store and sync Your Works across devices.
  • To generate and maintain knowledge graphs, entity profiles, and version history.
  • To process payments and manage subscriptions.
  • To send transactional emails (account verification, billing receipts, export confirmations).
  • To monitor and enforce usage limits and terms compliance.
  • To diagnose technical issues and improve performance.

We do NOT use Your Works to train AI models. Your manuscripts are sent to AI providers (Anthropic, Google) via their APIs solely for real-time feature processing. As of the date of this policy:

  • Anthropic does not use API inputs for model training.
  • Google Gemini API does not use API inputs for model training (when using the paid API tier).

We will update this policy if these providers change their data practices, and we will notify you of any material changes.

3. How We Share Your Information

We do not sell, share, or analyze the content of your manuscripts. We collect only usage metrics (word counts, feature usage, export history) — never the substance of what you write. We do not sell your personal information or Your Works. We share data only with:

  • Anthropic — AI processing (manuscript excerpts sent for entity detection, consistency checking, writing assistance). Subject to Anthropic's API Terms.
  • Google — AI processing via Gemini API (manuscript excerpts sent for AI features). Subject to Google's API Terms.
  • Google, GitHub, Discord — Authentication only. Subject to each platform's privacy policies.
  • Stripe — Payment processing. Subject to Stripe's Privacy Policy.
  • Cloud infrastructure providers — For hosting and database storage. Data is encrypted in transit and at rest.
  • Law enforcement — Only when required by valid legal process (court order, subpoena). We will notify you if legally permitted to do so.

We do NOT share Your Works with:

  • Advertisers or marketing companies.
  • Data brokers.
  • Other users (unless you explicitly enable collaboration features in the future).

4. What We Send to AI Providers

Transparency about what data leaves our servers:

  • Entity Detection: The text content of scenes you write or edit (typically 500-2000 words at a time).
  • Consistency Checking: Entity descriptions and scene excerpts for contradiction analysis.
  • AI Writing Assistance (Continue, Rewrite, Expand, Describe, Dialogue, Summarize): Selected text plus surrounding context (~2000 words), current scene metadata, relevant entity descriptions, and knowledge graph relationships.
  • Brainstorm Chat: Your chat message plus project context (genre, entity list, current scene summary).
  • AI Fill: Entity profile fields plus related entities and scene appearances.

All AI API calls use encrypted connections (TLS). We do not send your full manuscript in any single API call — only relevant excerpts needed for the specific feature.

5. Data Retention

  • Your Works (manuscripts, entities, knowledge graphs): Stored for the duration of your account.
  • Version history (scene snapshots): Retained per plan limits (up to 50 per scene).
  • Brainstorm chat history: Stored for the duration of the project.
  • Account data: Retained for the duration of your account.
  • Server logs: Retained for 90 days, then automatically purged.
  • AI interaction logs: We do not log the content of AI API requests or responses beyond what is necessary for error debugging (error messages only, not manuscript content).
  • Upon account deletion: All associated data — manuscripts, entities, knowledge graphs, version history, chat history, and personal data — is permanently and irreversibly deleted within 30 days.

6. Data Security

We implement reasonable technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) for all connections.
  • Encryption at rest for sensitive data (OAuth tokens, API keys).
  • Database access restricted to application layer only; no direct database access from the public internet.
  • Authentication via secure OAuth 2.0 flows with httpOnly, Secure, SameSite cookies.
  • Per-user rate limiting to prevent abuse.
  • Project-level data isolation enforced at the API layer (every request verifies project ownership).
  • Regular dependency updates and security monitoring.

No system is 100% secure. We cannot guarantee absolute security but will notify you promptly if a breach affecting your data occurs. We strongly recommend maintaining local backups of your manuscripts via the export feature.

7. Your Rights

You have the right to:

  • Access: Request a copy of all personal data and creative content we hold about you.
  • Export: Download your complete projects at any time in Markdown, DOCX, PDF, or plain text format. We will never hold your work hostage.
  • Correction: Update or correct personal data via account settings.
  • Deletion: Delete your account and all associated data (manuscripts, entities, graphs, chat history, versions). Contact [email protected] or use account settings.
  • Restrict Processing: Request that we stop processing your data (note: this may require account termination as AI processing is core to the Service).
  • Withdraw Consent: Revoke OAuth connections at any time via account settings.
  • Data Portability: Export all your data in standard formats (Markdown, DOCX) for use with other services.

To exercise these rights, contact [email protected]. We will respond within 30 days.

8. GDPR Compliance (EEA Users)

If you are located in the European Economic Area:

  • Our legal basis for processing is: (a) contract performance (providing the Service), (b) legitimate interest (improving the Service, fraud prevention, security), and (c) consent (where applicable).
  • You have the right to lodge a complaint with your local data protection authority.
  • We do not engage in automated decision-making that produces legal or significant effects on you. AI features are creative assistance tools, not automated decision systems.
  • For AI processing that sends data to US-based providers (Anthropic, Google), we rely on Standard Contractual Clauses and the providers' DPAs.

9. CCPA Compliance (California Users)

If you are a California resident:

  • You have the right to know what personal information we collect and how it is used.
  • You have the right to request deletion of your personal information.
  • We do not sell personal information.
  • We will not discriminate against you for exercising your privacy rights.

10. PIPEDA Compliance (Canadian Users)

As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA):

  • We collect only the personal information necessary to provide the Service.
  • We obtain meaningful consent for the collection, use, and disclosure of personal information.
  • You may withdraw consent at any time (which may require account termination).
  • You may request access to your personal information and challenge its accuracy.
  • Contact our Privacy Officer at [email protected].

11. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect personal information from minors. If we learn that we have collected data from a minor, we will delete it promptly.

12. International Data Transfers

Your data may be processed and stored in Canada and the United States. AI API calls are processed by Anthropic (US) and Google (US). By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 14 days before they take effect. Continued use after changes constitutes acceptance.

14. Contact

For privacy-related inquiries: [email protected]

For data deletion requests: [email protected]

Privacy Officer: [email protected]