Privacy Policy

Account info: email, username, optional display name, optional bio, optional avatar URL, password (bcrypt-hashed, never stored in plain text).

Content: stories, beats, characters, world elements, themes, forum posts, direct messages, Hall of Fame entries — i.e. what you write.

Usage data: AI prompt logs (for cost tracking + bug investigation), audit logs of moderator actions, error logs, basic request metadata (IP address, user agent — retained briefly for rate-limiting and abuse mitigation).

Payment info (when subscriptions launch): handled by Stripe. We store a customer ID; Stripe stores the card details.

• No third-party analytics scripts (no Google Analytics, no Mixpanel, no Hotjar).
• No advertising trackers. We don't sell ads.
• No fingerprinting beyond what your browser sends with every request.

Run the Service: render pages, send notifications, deliver AI features, prevent abuse. Internal analytics on aggregate usage to decide what to build next. Customer support and bug investigation.

We do not:

• Train AI models on your content.
• Sell your data to third parties.
• Share your content with anyone except as needed to run the Service (e.g. Workshop reviewers see what you submit, by design).

• Anthropic (Claude API) — receives the prompts for AI features. Anthropic doesn't train on API inputs by policy.
• Cloudflare R2 — encrypted database backups (object storage; no traffic routing).
• Gmail SMTP — outbound transactional email (verification, notifications).
• Fly.io — hosting provider for the app server and persistent volume.
• Stripe (when subscriptions launch) — payment processing.

You can:

• Access and edit your account info at /settings.
• Export your stories as Markdown or Fountain from each story's detail page.
• Delete your account at /settings. Personal info is cleared and stories are removed. Authored community content (forum posts, reviews, HOF entries) is retained anonymized to keep other users' content intact.
• Opt out of emails from /settings (transactional emails like email verification will still send while you're active).
• Request a copy of your data by emailing privacy@onemoredraft.com.

Active accounts: data retained until you delete the account or the item.

Soft-deleted accounts: personal info wiped immediately; system row retained as a tombstone so authored content can be attributed as "[deleted account]" without breaking other people's data.

AI prompt logs: retained 90 days, then aggregated/anonymized.

Backups: continuous WAL replication with a 30-day rolling retention.

Passwords are bcrypt-hashed at rest. Sessions are random tokens with server-side validation. All traffic is HTTPS. We use parameterized queries everywhere (no SQL injection surface) and run a strict CSP. Vulnerability reports go to security@onemoredraft.com.

The Service is not directed at children under 16. We don't knowingly collect data from anyone under 16. If you believe we have, email privacy@onemoredraft.com.

The Service may be hosted in or transmit data through countries outside your country of residence. By using the Service, you consent to such transfer.

Material changes will be announced via in-app notice and email (if opted in) at least 30 days before they take effect, except where immediate change is required by law or to address a security incident.

Privacy questions: privacy@onemoredraft.com.