WriteSharpBack to home

Updated May 2026

Privacy

This is a plain-English description of how WriteSharp handles your data. The short version: your writing stays in your account, we do not train models on it, and we keep analytics deliberately minimal.

What we store

When you sign up, we store:

  • Your email address and display name (from your auth provider).
  • A monthly word counter so we can enforce the free tier.
  • If you upgrade, your Stripe customer and subscription identifiers.

When you create a document, we store the document title and the structured body content inside your Supabase Postgres database. Documents are scoped to your user via row-level security; no other user can read them.

What we do not store

  • We do not retain the raw text of your documents in our analytics. The suggestion_events table records a SHA-256 hash of the text, a word count, the kind of suggestion, and token usage. It does not contain the source text.
  • We do not train any model on your writing.
  • We do not sell your data, ever.

Third parties

  • Anthropic processes the text you send for suggestions and rewrites. We rely on Anthropic's zero-retention policy. They do not train models on API traffic.
  • Supabase hosts the database and auth. Your data sits in a region we chose; you can request a region migration by contacting us.
  • Stripe processes payments. We never see your card number.
  • PostHog (optional, only if enabled) tracks basic product events like sign-in and feature usage. We never send document content to it.

Cookies

We use a session cookie issued by Supabase Auth. It is HTTPS-only, SameSite=Lax, and contains only an opaque session identifier. We do not use marketing trackers.

Your rights

  • You can export your documents at any time. Contact us if you need a bulk export.
  • You can delete your account by contacting us. Deletion removes all documents, suggestion events, and profile rows within seven days.
  • If you are in the EU or UK, you have rights under the GDPR (access, rectification, erasure, portability). Email us to exercise any of them.

Security

Auth tokens use Supabase's standard JWT flow. The API key for Anthropic lives server-side only and never reaches the browser. Database access is gated by row-level security on every user-facing table. We follow standard production practices including HTTPS everywhere, signed Stripe webhooks, and rate limiting on the suggestion API.

Changes to this policy

We will update this page when our practices change. Material changes will also be sent to your registered email address.

Contact

Email [email protected] with any privacy question. We reply within two business days.