Privacy & Security Policy

Last updated: April 2026

Introduction

Write Stripe takes data privacy seriously. This policy explains what data we collect, how we use it, and how we protect it. We believe in minimal data collection and maximum transparency.

What We Collect

  • Organization info — name, owner email, subscription status
  • Agent info — display name, login code, activity timestamps
  • Conversation metadata — timestamps, platform, issue categories, sentiment scores
  • Grammar check results — error counts, fix rates — not the text itself
  • We do NOT store the actual text content of customer conversations on our servers
  • Customer names are SHA-256 hashed before storage — we never store actual customer identities

Browser Extension Permissions

  • The extension runs locally in the browser
  • It reads text from support platform editors to provide grammar checking and AI assistance
  • Text is sent to our AI processing endpoint for analysis but is NOT persisted
  • The extension communicates only with our API endpoint and Supabase backend

Data Security

  • All data encrypted in transit (TLS 1.3)
  • Data at rest encrypted in Supabase (AES-256)
  • No third-party analytics or tracking scripts
  • No selling of data to third parties, ever
  • Minimal data retention — we keep only what is needed for the analytics dashboard

AI Processing & Subprocessors

To provide grammar checking, reply generation, and conversation analysis, we send the relevant text from the support editor to our AI subprocessor for real-time processing.

  • DeepSeek — our primary large-language-model provider. Text is processed in real-time, not used for model training, and not persisted beyond the duration of the request as per their API terms.
  • LanguageTool — used for baseline spelling and grammar detection. Only the text being checked is sent; no account or personal metadata is attached.
  • Stripe — handles all payment processing. We never see or store your full card details.
  • Supabase — our database and authentication provider (hosted in the EU).
  • Resend — transactional email delivery for account notifications and support replies.
  • Sentry — error tracking to diagnose crashes. Error reports may include technical stack traces but not customer message content.
  • We do not use your conversation content to train AI models.

Your Rights (UK GDPR)

Write Stripe is operated from the United Kingdom. If you are in the UK or EEA, the UK GDPR and Data Protection Act 2018 apply to you. You have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — request deletion of your account and all associated data
  • Portability — request an export of your data in a machine-readable format
  • Objection — object to certain processing of your personal data
  • Complaint — lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk
  • Exercise any of these rights by emailing support@writestripe.com. We respond within 30 days.

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act: the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do not sell personal information. To exercise your CCPA rights, email support@writestripe.com.

Contact

If you have any questions about this privacy policy or our data practices, reach out at support@writestripe.com.