Privacy Policy

Effective date: September 1, 2025

Last Updated: January 4, 2026

This Privacy Policy explains what data Authorlytica (“we,” “our,” “us”) collects, how it’s used, and the rights you have. The Service is operated by Studio Adam Rendo in the Netherlands, who acts as the data controller.

1. Data We Collect

We only collect the data needed to run the Service:

Account data

Email address
Username
Optional profile picture
Optional demographic info (gender, birthday, country)

Writing data

Word counts
Writing sessions (duration, mood rating, notes – if you enter them)
Project titles and descriptions
Metadata used to calculate stats (streaks, averages, etc.)

Preferences

Daily word goal
Theme selection
Display formats (time, number, date)

Payment data

Payments are processed by Stripe.
We receive:

Subscription status
Payment dates
Limited card metadata (e.g., last four digits)

We never store full card details.

Technical data

IP address (standard server logs)
Browser and device type
Last login time
Error logs for debugging and security

Cookies & local storage

A single secure cookie for login
Local storage for options like theme

No advertising cookies or cross-site tracking.

Feedback

Any optional messages you send via app feedback forms or email.

2. How Your Data Is Used

Your data is used only to:

Provide the core functionality of Authorlytica
Keep your account secure
Calculate your writing statistics and progress
Fix bugs, maintain performance, and prevent abuse
Send service updates and optional product announcements
Comply with legal obligations (e.g., payment records)

We access your data only when necessary for maintenance, debugging, or support.

3. Email Communications

You will receive:

Essential emails (cannot unsubscribe):

Password resets
Security and account notifications
Important service updates

Non-essential emails (optional):

Product news
Feature announcements
Helpful tips
You can unsubscribe from these anytime.

4. Data Retention

Your data stays with us until you delete it or request account deletion.
You can reset all writing data from the Settings page.
To delete your account entirely, email contact@adamrendo.com.
Backups may retain deleted data for up to 30 days.
Certain records (e.g., payment history) may be kept longer if required by law.

5. Data Sharing

We do not sell or rent your data.

We share only with trusted providers who help run the Service:

Stripe (payments)
AWS and Fly.io (hosting and infrastructure)
FastMail and Brevo (email delivery and communications)
Cloudflare (IP-based country/currency detection)
Umami (analytics and error monitoring)
Authorities if required by law

Some providers may process data outside the EU. When that happens, we rely on recognized safeguards to protect your data.

6. International Storage

The main application database is hosted in the EU (Netherlands).
Some processing (e.g., payment processing, email delivery, CDN caching) may occur outside the EU under appropriate safeguards.

7. Automated Processing

Automated calculations (streaks, stats, averages) are used to display your progress.
These do not make decisions that have legal or significant effects on you.

8. Your Rights (GDPR)

If you are in the EU or a similar jurisdiction, you have the right to:

Access your data
Correct inaccurate data
Delete your data
Export your data in machine-readable form
Restrict certain processing
Object to processing based on legitimate interests
Withdraw consent for optional communications

To exercise any of these rights, contact contact@adamrendo.com.
We aim to respond within 30 days.

You may also file a complaint with your local data protection authority.
For the Netherlands, that is the Autoriteit Persoonsgegevens.

9. Security

We use industry-standard security measures:

TLS/HTTPS encryption
Secure password hashing
Access controls for production systems
Encrypted storage where appropriate
Regular security updates and monitoring

No system is perfectly secure, but we take reasonable measures to protect your data.

Data Breach

If a breach affects your personal data, we will notify you and relevant authorities as required by law.

10. Children’s Privacy

The Service is not intended for children under 13.
We do not knowingly collect data from children under 13.
If we learn this happened, we will delete the data promptly.

For ages 13–16, parental consent may be required depending on local law.

11. Business Changes

If Authorlytica is ever transferred, merged, or acquired, users will be notified in advance and may delete their data before the change where possible. Any new owner must maintain privacy protections equal to or greater than those in this policy.

12. Additional Rights for U.S. Residents

Some U.S. states provide additional privacy rights.
If you are a U.S. resident, you may request:

Access to the personal information we hold
Correction of inaccurate information
Deletion of your data

We do not sell personal data.
We do not share data for targeted advertising.
We do not engage in profiling that produces significant effects.

Requests can be made by emailing contact@adamrendo.com.

(This single section covers CCPA, CPRA, VCDPA, CPA, CTDPA, etc., without pages of corporate legalese.)

13. Policy Updates

This policy may be updated occasionally.
If the changes are significant, we will notify users by email or in-app notice.

Contact
For any privacy questions or requests:
contact@adamrendo.com