Privacy Policy

Our Privacy Commitment

Polish My Book ("we", "our", "us") operates www.polishmybook.com. We take your privacy seriously, especially when it comes to your unpublished manuscripts. This policy explains how we collect, use, and protect your data.

1. Information We Collect

1.1 Account Information

• Personal data: Name, email address, password (encrypted)
• Payment data: Processed by Stripe (we never store card details)
• Usage data: Analysis history, subscription status, preferences

1.2 Manuscript Content

• What we collect: The manuscript text you submit for analysis
• How long we keep it: Maximum 7 days, then permanently deleted
• Who can access it: Only you (and our analysis algorithms)
• Is it used for AI training? NEVER

1.3 Analysis Results

• What we keep: Analysis reports, scores, recommendations
• How long: Indefinitely (unless you delete your account)
• Why: So you can access past reports and track improvement over versions

2. How We Use Your Information

2.1 Manuscript Content

We do NOT:

• ❌ Train AI models on your manuscript
• ❌ Share your content with AI providers (OpenRouter, Anthropic) beyond the single analysis request
• ❌ Store your manuscript in AI provider logs (our contracts prohibit this)
• ❌ Use your manuscript for research, product improvement, or any other purpose
• ❌ Share your manuscript with publishers, agents, or anyone else

2.2 Account Information

We use your personal data to:

• • Create and manage your account
• • Process payments and send receipts
• • Email your analysis reports and magic links
• • Provide customer support
• • Send service updates (you can opt out of marketing emails)

3. Data Retention & Deletion

3.1 Automatic Manuscript Deletion

3.2 Immediate Deletion (On Request)

You can delete your manuscript immediately from your dashboard at any time—you don't have to wait 7 days. This is useful if you accidentally submitted the wrong file or change your mind.

3.3 What We Keep After Deletion

After your manuscript is deleted, we retain:

• • Your analysis report (plot scores, recommendations, etc.)
• • Payment records (for accounting and tax compliance)
• • Your account information (name, email)

Why? So you can access your past reports and track improvement between drafts. The analysis results contain no reconstructable manuscript content—just scores and recommendations.

3.4 Full Account Deletion (GDPR Right to Erasure)

You can request full account deletion at any time. This permanently deletes:

• • Your account and profile
• • All analysis reports
• • All manuscript content (if not already deleted)
• • Email preferences and login credentials

We retain only minimal payment records as required by law for accounting and fraud prevention (typically 7 years).

4. Data Security

4.1 Encryption

• In transit: TLS 1.3 encryption for all data transfers
• At rest: AES-256 encryption for database storage
• Backups: Encrypted with separate keys

4.2 Access Controls

• • Only authorised personnel can access production systems (2FA required)
• • All access is logged and audited
• • Manuscripts are isolated by user ID—no cross-user access possible
• • JWT tokens expire after 7 days

4.3 AI Provider Contracts

We use OpenRouter and Anthropic for AI analysis. Our contracts with them:

• ✓ Prohibit using your manuscript for model training
• ✓ Require zero-retention policies (no logs of your content)
• ✓ Ensure GDPR and CCPA compliance

5. Third-Party Services

5.1 Stripe (Payment Processing)

We use Stripe to process payments. Stripe handles all card data—we never see or store your card details. See Stripe's Privacy Policy.

5.2 SendGrid (Email Delivery)

We use SendGrid to send transactional emails (analysis reports, receipts, password resets). See SendGrid's Privacy Policy.

5.3 OpenRouter & Anthropic (AI Analysis)

Your manuscript is sent to OpenRouter/Anthropic for analysis. Our contracts require:

• • Zero data retention (no logs, no storage)
• • No use for model training
• • Immediate deletion after analysis

See OpenRouter's Privacy Policy and Anthropic's Privacy Policy.

6. Your Rights (GDPR & CCPA)

You have the right to:

• Access: Download all your data (account, reports, payment history)
• Rectification: Correct inaccurate personal data
• Erasure: Delete your account and all associated data
• Portability: Export your data in JSON/PDF format
• Objection: Opt out of marketing emails (transactional emails still sent)
• Restriction: Request temporary suspension of data processing

To exercise these rights, email privacy@polishmybook.com or use the controls in your account dashboard.

7. Cookies & Tracking

We use minimal cookies:

• Essential: Authentication token (JWT), session management
• Analytics: We do NOT use Google Analytics or third-party trackers

8. International Transfers

Our servers are hosted in the UK/EU. If you access Polish My Book from outside the UK/EU, your data may be transferred internationally. We ensure all transfers comply with GDPR via Standard Contractual Clauses.

9. Children's Privacy

Polish My Book is not intended for users under 16. We do not knowingly collect data from children. If we discover we've collected data from a child, we will delete it immediately.

10. Changes to This Policy

We may update this policy occasionally. If we make material changes, we'll email you 30 days in advance. Continued use after changes means you accept the updated policy.

11. Contact Us