Privacy Policy
Effective Date: February 6, 2026 | Last Updated: February 6, 2026
Plain Language Summary: We collect only what we need to run the service (email, name, payment info via Stripe). Your creative content stays yours. We don't sell your data. Your AI API key is stored encrypted. We use cookies only for authentication, not tracking. You can delete your account and data at any time.
1. Introduction
Romance Weaver ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our web-based writing platform at romanceweaver.com ("the Service").
By using the Service, you consent to the practices described in this policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Information You Provide
| Data Type |
What We Collect |
Why |
| Account Information |
Email address, first name, last name, password (hashed) |
Account creation and authentication |
| Profile Information |
Pen name, writing preferences, preferred genres |
Personalize your writing experience |
| Payment Information |
Processed by Stripe. We store only your Stripe customer ID, subscription status, and plan tier. We never see or store your full card number. |
Subscription billing |
| AI Provider API Key |
Your API key for OpenRouter or other AI providers, stored encrypted in our database |
Enable AI-powered generation features |
| Creative Content |
Books, characters, outlines, scenes, and related writing data you create |
Core service functionality |
2.2 Information Collected Automatically
| Data Type |
What We Collect |
Why |
| Usage Data |
AI generation counts, feature usage, login timestamps |
Enforce subscription limits, improve the Service |
| Log Data |
IP address, browser type, pages visited, timestamps |
Security monitoring, debugging |
| Email Delivery |
Email send status, bounce/complaint data |
Ensure email deliverability |
2.3 Information We Do NOT Collect
- We do not use third-party analytics or tracking scripts (no Google Analytics, no Facebook Pixel)
- We do not collect biometric data
- We do not access your device contacts, photos, or files
- We do not track you across other websites
3. How We Use Your Information
- Provide the Service: Store your books and creative content, process AI generation requests, manage your account
- Billing: Process subscription payments through Stripe, send billing-related emails
- Communication: Send transactional emails (account verification, password reset, subscription confirmations, usage alerts, trial expiry warnings)
- Security: Detect and prevent unauthorized access, abuse, or fraud
- Improvement: Understand usage patterns to improve features and performance (aggregated, not individual)
4. Third-Party Services
We share data with the following third-party services, only as necessary to provide the Service:
| Service |
Purpose |
Data Shared |
Their Privacy Policy |
| Amazon Web Services (AWS) |
Infrastructure hosting, database, email delivery (SES) |
All Service data is hosted on AWS |
AWS Privacy |
| Stripe |
Payment processing |
Email, name, payment method (handled directly by Stripe) |
Stripe Privacy |
| AI Providers (OpenRouter, Anthropic, OpenAI, etc.) |
AI content generation |
Your prompts and story content sent via YOUR API key. We do not share your account data with AI providers. |
Varies by provider |
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
5. AI-Generated Content and Your Data
- When you use AI generation features, your story content (prompts, character details, scene instructions) is sent to your chosen AI provider using your own API key.
- We do not retain copies of AI prompts or responses beyond what is stored as part of your book content in our database.
- Each AI provider has their own data retention and training policies. We recommend reviewing your provider's terms regarding whether they use API inputs for model training.
- You are responsible for your relationship with your AI provider.
6. Cookies and Local Storage
We use minimal browser storage:
- Authentication Tokens: Stored in localStorage to keep you signed in. These are JWT tokens that expire and are refreshed automatically.
- Session Preferences: UI preferences like sidebar state or display settings.
We do not use advertising cookies, third-party tracking cookies, or analytics cookies.
7. Data Security
We implement reasonable security measures to protect your data:
- All data transmitted between your browser and our servers is encrypted via HTTPS/TLS
- Passwords are hashed using industry-standard algorithms (bcrypt)
- API keys are stored encrypted in our database
- Database credentials are managed through AWS Secrets Manager
- Access to infrastructure is restricted to authorized personnel
No method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Data Retention
- Active Accounts: We retain your data for as long as your account is active.
- Deleted Accounts: Upon account deletion, we remove your personal information and creative content within 30 days. Some data may be retained in backups for up to 90 days.
- Email Logs: Transactional email records are retained for 12 months for deliverability monitoring.
- Billing Records: Payment records are retained as required by tax and financial regulations (typically 7 years).
9. Your Rights
Depending on your jurisdiction, you may have the following rights:
9.1 All Users
- Access: Request a copy of the personal data we hold about you
- Correction: Update or correct inaccurate information via your Profile page
- Deletion: Delete your account and associated data from your Account page
- Export: Download your creative content (book export features)
9.2 EU/EEA Residents (GDPR)
If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation:
- Legal Basis: We process your data based on (a) your consent, (b) contractual necessity to provide the Service, and (c) our legitimate interest in operating and improving the Service
- Data Portability: Receive your data in a structured, machine-readable format
- Restriction: Request restriction of processing in certain circumstances
- Objection: Object to processing based on our legitimate interests
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
- Supervisory Authority: Lodge a complaint with your local data protection authority
9.3 California Residents (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to Know: What personal information we collect, use, and share
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do not sell personal information, so this right is automatically satisfied
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights
10. Children's Privacy
The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.
11. International Data Transfers
Our Service is hosted on Amazon Web Services in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
12. Email Communications
We send the following types of emails:
- Transactional (cannot opt out): Account verification, password reset, subscription confirmations, payment receipts, security alerts
- Service Notifications (cannot opt out while subscribed): Usage limit warnings, trial expiry notices, important service changes
We do not send marketing emails. We will never share your email address with third parties for marketing purposes.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or a prominent notice on the Service at least 30 days before the changes take effect. Your continued use after the effective date constitutes acceptance.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Email: support@romanceweaver.com
For data protection inquiries from the EU, you may also contact our data protection point of contact at the same email address.