Privacy Policy

Account data — When you register, we collect your name, email address, and (if you sign in via Google) your Google profile information.

Usage data — We log the features you use, PRDs you generate, and actions you take inside the app in order to improve the product and calculate AI credit consumption.

Payment data — Billing is handled by DodoPayments. We store only a tokenised reference to your subscription; we never see your raw card number.

Communications — If you email us or fill out a support form, we retain that correspondence.

Analytics — We use PostHog (product analytics) and Microsoft Clarity (session replay) to understand how people use Scriptonia. Both are configured to respect Do Not Track signals.

To provide the service — Authenticating you, generating PRDs and blueprints, syncing with connected integrations (Linear, Notion, GitHub, etc.).

To communicate with you — Transactional emails (password resets, billing receipts, plan changes) sent via Resend.

To improve the product — Aggregated, anonymised usage patterns inform our roadmap decisions.

To enforce our policies — Detecting abuse, fraud, or violations of our Terms of Service.

We do not sell your personal data to third parties. We do not use your PRD content to train AI models.

Data is stored in a PostgreSQL database hosted on Prisma's managed infrastructure, with encryption at rest and in transit (TLS 1.2+).

Session tokens are stored in HTTP-only cookies and signed with a secret rotated periodically.

We apply the principle of least privilege — internal team members only access production data when required for support or debugging.

We use Sentry for error monitoring; stack traces may contain request metadata but are never exposed publicly.

Strictly necessary — Session cookie required for authentication. Cannot be disabled without breaking login.

Analytics — PostHog and Microsoft Clarity set first-party or third-party cookies to track page views and sessions. You can opt out via your browser settings or a global privacy control.

We do not use advertising cookies or cross-site tracking cookies.

Scriptonia integrates with several third-party services. Each has its own privacy policy:

• Google OAuth — for sign-in (policies.google.com/privacy)

• DodoPayments — for billing and subscription management

• Prisma / Supabase — for database hosting

• Upstash Redis — for rate-limiting and session caching

• OpenRouter / Anthropic / OpenAI — AI inference providers (your PRD content is sent to these APIs to generate output; it is governed by their data processing agreements)

• Resend — transactional email delivery

• PostHog and Microsoft Clarity — product analytics

Account data is retained for as long as your account is active.

If you delete your account, we delete your personal data and PRDs within 30 days, except where we are required by law to retain certain records.

Aggregated, anonymised analytics data may be retained indefinitely.

Depending on your jurisdiction, you may have the following rights:

• Access — request a copy of the personal data we hold about you.

• Rectification — ask us to correct inaccurate data.

• Erasure — request deletion of your account and associated data.

• Portability — export your PRDs as Markdown at any time from the dashboard.

• Objection — object to certain processing activities.

To exercise any of these rights, email us at privacy@scriptonia.dev. We will respond within 30 days.

Scriptonia is intended for users aged 16 and above. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it promptly.

We may update this policy when we add new features or are required to by law. Material changes will be communicated by email or an in-app banner at least 14 days before they take effect. The 'Last updated' date at the top of this page always reflects the current version.

For privacy-related questions or requests: privacy@scriptonia.dev

For general support: support@scriptonia.dev

Company: Scriptonia · scriptonia.dev