Privacy Policy

WritePilot ("we", "us", "our") operates the WritePilot platform at https://writepilot.app. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, how long we keep it, and the rights you have. We aim to keep this document short, plain, and honest.

• Account data — name, email address, hashed password, and billing details.
• Site data you provide — WordPress site URLs, application passwords, brand profile, content preferences, and editorial settings.
• Google account data (only if you connect Google Search Console) — your Google email, the list of your verified Search Console properties, and read-only Search Console performance data (clicks, impressions, CTR, position by query / page / country / device).
• Content data — articles, prompts, briefs, and assets you create or upload.
• Usage data — log data, IP address, browser type, device, pages visited, and feature interactions used to debug, secure, and improve the Service.
• Cookies — strictly necessary cookies for authentication and limited first-party analytics.

When you connect a Google account we request the following OAuth scopes:

• https://www.googleapis.com/auth/webmasters.readonly — to list verified Search Console properties and read performance metrics.
• https://www.googleapis.com/auth/userinfo.email and openid — to identify which Google account you connected.

Google user data is used only to display Search Console analytics inside WritePilot and to generate AI-powered SEO recommendations for your own content. We do not sell, rent, share, or transfer Google user data to third parties for advertising, profiling, or any unrelated purpose. Google user data is never used to train general-purpose AI / ML models.

WritePilot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• to provide, operate, and maintain the Service;
• to authenticate users and protect Accounts from unauthorized access;
• to process payments and manage subscriptions;
• to generate, optimize, and publish Content on your behalf;
• to communicate service updates, security notices, and support replies;
• to monitor and improve performance, reliability, and product features;
• to comply with legal obligations and enforce our Terms.

We process personal data under the following legal bases: contract (to provide the Service you signed up for), legitimate interests (to secure and improve the Service), consent (where required, e.g. optional analytics), and legal obligation (e.g. tax and accounting).

OAuth refresh and access tokens are encrypted at rest using AES-GCM. All traffic is served over HTTPS / TLS. Database access is restricted by row-level security so each user can only access their own data. We follow the principle of least privilege for internal systems and review access regularly. No method of transmission or storage is 100% secure, but we work hard to protect your data.

We keep personal data only as long as necessary for the purposes described above. You can disconnect Google Search Console at any time from Dashboard → Search Console → Disconnect; this deletes the stored tokens and cached metrics. You may request full account deletion by emailing support@writepilot.app; we will delete all personal data and Google user data within 30 days, except where retention is required by law (e.g. invoices).

We rely on the following carefully selected processors to operate the Service:

• Supabase — managed database & authentication hosting.
• Cloudflare — edge runtime, CDN, and DDoS protection.
• Google APIs — Search Console and Indexing API (only when you connect them).
• OpenAI / Google Gemini — AI text generation; prompts may include excerpts of your content.
• Payment processor — to handle subscriptions and invoices.

Each processor is bound by a data-processing agreement and may only act on our documented instructions.

Some sub-processors are located outside your country of residence, including in the United States. Where required, transfers are protected by Standard Contractual Clauses or equivalent safeguards.

You have the right to access, rectify, delete, port, restrict, or object to processing of your personal data, and to withdraw consent at any time. To exercise these rights, email support@writepilot.app. You also have the right to lodge a complaint with your local data-protection authority.

The Service is not directed to children under 16 and we do not knowingly collect personal data from them. If you believe we have collected data from a child, please contact us and we will delete it.

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated by email or through the Service.

For privacy questions, contact support@writepilot.app or visit our contact page.