Privacy Policy

NeuraWrite ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using NeuraWrite, you consent to the data practices described in this policy.

Information You Provide:

• Account information: Email address (provided via Clerk authentication)
• Document content: Topics, assignments, thesis statements, and generated documents
• Rubric files: PDF or Word files you upload for assignment context
• Payment information: Processed securely by Stripe — we never store card details on our servers
• Communications: Support requests and feedback you send us

Information Collected Automatically:

• Usage data: API calls, document counts, word usage, and feature interactions
• Device information: Browser type, operating system, and general device category
• Analytics data: Page views, session duration, and navigation patterns (via Vercel Analytics)
• Cookies: Essential authentication cookies and optional analytics cookies (see our Cookie Policy)

• Student names or personally identifiable academic information
• Payment card numbers, CVVs, or bank account details (handled entirely by Stripe)
• Biometric data of any kind
• Precise geolocation data
• Social media profiles (unless you voluntarily provide them)

If you are in the European Economic Area (EEA) or United Kingdom, we process your data under the following legal bases:

• Contractual necessity: To provide the Service you signed up for (account management, document generation, billing)
• Legitimate interests: To improve our Service, prevent fraud, and ensure security
• Consent: For optional analytics cookies and marketing communications
• Legal obligation: When required to comply with applicable laws

• To provide, operate, and maintain the Service
• To generate, store, and allow re-download of your documents
• To track plan usage and enforce subscription limits
• To process payments and manage subscriptions
• To send transactional emails (trial expiration, billing, account changes)
• To respond to support requests and inquiries
• To improve our generation quality and Service (using anonymized, aggregated data only)
• To detect, prevent, and address technical issues, fraud, or abuse

To deliver the Service, we engage trusted sub-processors — third-party companies that handle data on our behalf. Your content may be transmitted to these providers as part of normal operations. We only share data to the extent strictly necessary to provide the feature you are using.

Authentication & User Management:

• Clerk — Authentication, session management, and user profiles (Privacy Policy)

Infrastructure & Hosting:

• Vercel — Application hosting, edge functions, and web analytics (Privacy Policy)
• Supabase — Database and file storage, hosted in the United States (Privacy Policy)
• Sentry — Application error monitoring. Error reports may include request metadata but are not linked to document content (Privacy Policy)

AI & Content Processing:

• Anthropic (Claude) — Primary AI model for content generation, Chat, and the Write tool (Privacy Policy). Anthropic does not use API inputs or outputs to train its models.
• Additional AI pipeline providers — We use multiple specialized AI services for research sourcing, content refinement, humanization, and quality scoring. Each provider processes your content in real-time only; none retain your content for model training. A complete and current list of our AI sub-processors is available upon request at support@neurawrite.ai.

Payment Processing:

• Stripe — Payment processing, subscription management, and billing. All payment data is handled exclusively by Stripe and never stored on our servers (Privacy Policy)

The AI Chat Assistant is designed with privacy isolation as a core principle:

• No server-side chat storage. We do not store your AI Chat conversation history in our database. Your chat history lives only in your browser's memory for the duration of your session and is cleared when you close or refresh the page.
• Per-request processing only. Each message you send is transmitted to Anthropic's Claude API as a single isolated API call. The conversation history you see is managed client-side and is sent to the API only to provide context for that specific response — it is not retained server-side between sessions.
• No cross-user access. It is technically impossible for another user to access your chat content. There is no shared chat database, no session persistence on our servers, and no mechanism by which chat data from one user can be exposed to another.
• Anthropic API data practices. Content sent to Anthropic via our API is subject to Anthropic's API privacy terms. Under those terms, API inputs and outputs are not used to train Anthropic's models. See Anthropic's Privacy Policy for full details.
• Usage metadata only. We log anonymous token counts and estimated costs per request to api_usage for billing and abuse monitoring. This log contains no message content — only your user ID, timestamp, token count, and service name.

Your information may be transferred to and processed in the United States and other countries where our service providers operate. If you are located in the EEA or UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where applicable, to protect your data in compliance with GDPR.

• Uploaded rubric files: Automatically deleted after 30 days
• Generated documents: Stored as long as your account is active
• Account data: Deleted within 30 days of account deletion request
• Usage and billing records: Retained for up to 7 years for tax and legal compliance
• Analytics data: Retained in anonymized form indefinitely

All data is encrypted in transit (TLS/HTTPS) and at rest. Access to your documents is restricted to your authenticated account only. We implement industry-standard security measures including:

• Row-Level Security (RLS) enforced at the database level
• Server-side authentication validation on every API request
• Service role key isolation (never exposed to client-side code)
• Webhook signature verification for external integrations

Data Breach Notification: In the event of a data breach that affects your personal information, we will notify you and applicable regulatory authorities within 72 hours of becoming aware of the breach, as required by GDPR.

If you are in the EEA or UK, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at support@neurawrite.ai. We will respond within 30 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale: We do not sell your personal information. However, you may still submit an opt-out request
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Do Not Sell My Personal Information: NeuraWrite does not sell personal information as defined by the CCPA. We do not share personal information with third parties for their own marketing purposes.

To exercise your California privacy rights, contact us at support@neurawrite.ai or submit a request through your account dashboard. You may also designate an authorized agent to make requests on your behalf.

We do not currently respond to Do Not Track browser signals. However, you can manage cookie preferences through our Cookie Policy settings.

NeuraWrite is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us at support@neurawrite.ai.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "last updated" date. For significant changes, we may also notify you via email. Continued use of the Service after changes constitutes acceptance of the updated policy.

For privacy questions, data deletion requests, or to exercise your data rights:

• Privacy inquiries: support@neurawrite.ai
• General support: support@neurawrite.ai
• Data Protection Officer: support@neurawrite.ai

We will fulfill all valid requests within 30 days.