Privacy Policy
Last updated: [EFFECTIVE DATE]
This Privacy Policy explains how [COMPANY LEGAL NAME], [LEGAL FORM], [REGISTERED ADDRESS], [COUNTRY] ("we", "us") processes personal data when you use the Schreibly grammar-checking service, including the website, browser extension, desktop applications, and API (the "Service"). We are the controller of this data within the meaning of the General Data Protection Regulation (GDPR).
Contact for data protection matters: [PRIVACY CONTACT EMAIL]
[If a Data Protection Officer is appointed: Data Protection Officer: [DPO CONTACT].]
1. The data we process
1.1 Account data
When you create an account through our identity system, we process your email address, display name, and authentication identifiers.
1.2 Text you submit for checking
The core function of the Service is to analyse text you submit. This text may contain personal data if you choose to include it. We process submitted text only to generate the checking result and related features. See Section 3 (AI providers) and Section 5 (retention).
1.3 Usage data
We process data about how you use the Service: number of words checked, the language and variant selected, timestamps, performance metrics, and the number of issues found.
1.4 Payment data
Purchases are processed by Paddle, which acts as Merchant of Record. We do not collect or store your full payment card details. Paddle processes payment data under its own privacy terms; we receive transaction information such as the product, amount, and status.
1.5 Technical data
We process your IP address, device and browser information, and server/application log data, for security and to operate the Service.
1.6 Cookies and local storage
The website and clients use cookies and local storage that are necessary for sign-in sessions and saving your preferences. [If you use any analytics or non-essential cookies, describe them here — these generally require consent.] See the Cookie Policy for the current cookie inventory.
2. Why we process data, and the legal bases
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide the checking service and manage your account | Performance of a contract — Art. 6(1)(b) |
| Process purchases and provide purchased words | Performance of a contract — Art. 6(1)(b) |
| Keep the Service secure and prevent abuse | Legitimate interests — Art. 6(1)(f) |
| Maintain and improve the quality of the Service | Legitimate interests — Art. 6(1)(f), or consent where required |
| Meet legal, tax, and accounting obligations | Legal obligation — Art. 6(1)(c) |
| Optional analytics or marketing, if any | Consent — Art. 6(1)(a) |
3. AI providers — how your submitted text is processed
To check your text, we transmit it to third-party large language model providers — [AI PROVIDER(S), e.g. Anthropic and/or OpenAI] — which perform the language analysis on our behalf as our processors. A current list is maintained at /legal/subprocessors. We transmit only the text needed to perform the check together with the language and variant settings. We select providers whose terms state that data sent through their API is not used to train their models; [confirm and reference the specific provider terms you rely on]. We do not sell your text or use it for advertising.
4. Caching
To improve speed and reduce processing, the result of a check may be temporarily stored (cached). Cached entries are kept for a limited period and then deleted automatically.
5. How long we keep data
- Account data: while your account is active, and deleted or anonymised within [RETENTION PERIOD] after the account is closed.
- Submitted text: processed to return a result and not stored beyond that, except cached results, which are deleted after [CACHE RETENTION PERIOD].
- Usage data: kept for [RETENTION PERIOD] for billing, security, and analytics.
- Billing records: kept for the period required by tax and accounting law [CONFIRM PERIOD WITH YOUR LAWYER / ACCOUNTANT].
6. Sharing and sub-processors
We share personal data only with service providers acting on our behalf, in the following categories: AI provider(s) for text analysis; Paddle for payments; [HOSTING PROVIDER] for hosting; and [EMAIL/OTHER PROVIDERS]. We may also disclose data where required by law. A current list of sub-processors is maintained at /legal/subprocessors, and is available on request at [PRIVACY CONTACT EMAIL].
7. International transfers
Some providers, including AI provider(s), may process data outside the EU/EEA, including in the United States. Where this happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and/or an adequacy decision. [Confirm the specific mechanism for each provider.]
8. Your rights
Under the GDPR you have the right to: access your data; have inaccurate data corrected; have data erased; restrict processing; data portability; and object to processing based on legitimate interests. Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact [PRIVACY CONTACT EMAIL]. You also have the right to lodge a complaint with a data protection supervisory authority, in particular the authority of [SUPERVISORY AUTHORITY — the data protection authority of your federal state].
9. Security
We use appropriate technical and organisational measures to protect personal data, including encryption of data in transit and access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Children
The Service is not directed at children under 16, and we do not knowingly process the personal data of children under 16 without appropriate consent. If you believe a child has provided us data, contact us and we will take appropriate steps. [Adapt this section to your intended audience.]
11. Changes to this policy
We may update this Privacy Policy. We will post the updated version with a new "Last updated" date and, for material changes, provide notice through the Service.
12. Contact
[COMPANY LEGAL NAME]
[REGISTERED ADDRESS], [COUNTRY]
Data protection enquiries: [PRIVACY CONTACT EMAIL]
See also: Terms of Service and Refund Policy.