Plotwrıght

Legal

Privacy Policy

Version 1.0.0 · Effective June 10, 2026

This policy explains what information Plotwright (the "Service") collects, how we use it, and who we share it with. We collect only what we need to run the Service. We do not sell your information, and we do not use advertising or third-party analytics.

1. Who we are

The Service is operated by Ken Hinton, based in the United States, who is responsible for the personal information described here. The Service is currently in a closed, invitation-only alpha. You can reach us about privacy at admin@plotwright.ai.

2. Information we collect

Account information

Your display name, email address, your password (stored only as a hashed value — we never see or store your actual password), and the organization you belong to.

Authentication and security data

Sign-in timestamps; hashed, expiring tokens for invitations and password resets; a sign-in session cookie; and your IP address and standard server request logs, which we use to operate the Service and to rate-limit sign-in attempts.

Content you create

Everything you put into the Service — your projects, frameworks, evaluations, notes, and related records. You may choose to enter personal information about other people (for example colleagues, stakeholders, or contacts). You are responsible for having a lawful basis to do so, and you should avoid entering sensitive personal information you do not need.

AI usage records

When you use an AI feature, we record metadata about the request — the model used, token counts, estimated cost, the time, and which feature made the call — so we can enforce your monthly AI budget and understand cost. We do not keep a separate copy of your AI prompts beyond the content already stored in your account.

Feedback

The subject, message, and any replies you send through the in-app feedback channel.

Cookies

The Service uses a strictly-necessary session cookie to keep you signed in (it lasts about seven days) and a small preference cookie that remembers your current workspace. That is all — there are no analytics, advertising, or cross-site tracking cookies, so there is no cookie banner to click through. Clearing these cookies will sign you out.

3. How we use your information

We use your information to:

  • provide and operate the Service;
  • authenticate you and keep your account secure;
  • generate the AI assistance you request and enforce your AI budget;
  • send you transactional emails, such as invitations and password resets;
  • respond to your feedback and support requests;
  • maintain, debug, and improve the Service; and
  • comply with the law and enforce our Terms.

4. AI features and the content you send to them

The Service uses Anthropic's Claude models through Anthropic's commercial API. When you use an AI feature — such as drafting, coaching, reviewing, suggesting, or discovering — the content you are working on (for example the project, framework section, or register in front of you) is sent to Anthropic to generate the response. Some features also use Anthropic's web search to look up public information.

Anthropic's commercial API terms, as in effect on the effective date of this policy, state that Anthropic does not use content submitted through its commercial API to train its models and retains it only as needed to provide and secure the service. We do not control Anthropic's practices; please review Anthropic's Privacy Policy and commercial terms for the current details.

Because the content you work on can be sent to the AI provider, please avoid putting confidential information, or personal information about other people that you do not have the right to share, into AI-assisted fields.

5. How we share information

We do not sell your personal information, and we do not share it for advertising. We share information only:

  • Within your organization, according to the visibility setting you choose for each item — private to you, readable by your workspace, or editable by your workspace.
  • With service providers that operate the Service on our behalf (our "sub-processors"):
  • Anthropic — AI features — receives the content you submit to those features.
  • Resend — email delivery — receives the recipient address and contents of invitation and password-reset emails.
  • Vercel — application hosting — processes requests, IP addresses, and server logs.
  • Supabase — managed database hosting — stores the data you keep in the Service.
  • When required by law, or to protect the rights, safety, or property of you, us, or others.
  • In a business transfer, if the Service is ever involved in a merger, acquisition, or sale of assets, subject to this policy.

6. Where your data is processed

We and our sub-processors are located in, and process data in, the United States. If you use the Service from outside the United States, you understand that your information will be transferred to and processed in the United States.

7. How long we keep it

We keep your account information and content while your account is active and until you delete it or ask us to. When you delete your account, we remove your personal account data and content, except where we must keep certain records to comply with the law, resolve disputes, or enforce our agreements. AI usage records may be kept after the related content is deleted, as a billing and audit record. Backups are retained for a limited period and then overwritten.

8. How we protect it

We store passwords only as Argon2 hashes; we encrypt data in transit using HTTPS; we isolate each organization's data so tenants cannot see one another's content; we use hashed, expiring tokens for invitations and password resets; and we rate-limit sign-in attempts. No system is perfectly secure, but we work to protect your information and will notify you of a data breach as required by law.

9. Your choices and rights

You can ask us to access, correct, export, or delete your personal information by emailing admin@plotwright.ai. To delete your account during the alpha, contact us at the same address. We will respond within a reasonable time.

California residents

If you live in California, the CCPA/CPRA gives you rights over your personal information. The categories we collect are identifiers (such as your name and email), internet and network activity (such as logs), and the content you choose to provide. We do not sell or "share" (for cross-context behavioral advertising) your personal information. You have the right to know what we collect, to delete it, to correct it, and not to be treated differently for exercising these rights. To exercise them, email admin@plotwright.ai. Depending on the scale of the Service, the CCPA may not formally apply to us during the alpha, but we will honor these requests regardless.

If you live somewhere with additional data-protection rights, contact us and we will honor the rights that apply to you.

10. Children

The Service is not directed to anyone under 18, and we do not knowingly collect information from anyone under 18.

11. Changes to this policy

We may update this policy from time to time. When we do, we will revise the effective date above, and we will announce material changes in the Service.

12. Contact

Ken Hinton admin@plotwright.ai