Privacy Policy

Information We Collect

Account & Identity Data

When you create an account, we collect your email address and a hashed password. If you provide a display name or author pen name, that is also stored. We do not collect government-issued identification unless required by law or Stripe’s identity verification process for connected accounts.

Payment Data

All payment processing is handled by Stripe, Inc. We do not store full payment card numbers, CVV codes, or bank account details on our servers. We receive only a tokenised reference (Stripe customer ID and last-four card digits) sufficient to manage your subscription. If you connect a Stripe account to receive payouts as an author, Stripe collects and verifies your banking details directly under their own privacy policy.

Content You Create

As you use the platform, we store the content you create and upload: manuscript drafts, chapter text, brief inputs, cover images, storefront configurations, and interview session answers. This content is tied to your account and stored on our behalf by Supabase.

Usage & Technical Data

We collect standard server logs including IP addresses, browser type, operating system, referring URLs, pages visited, and timestamps. This data is used for security monitoring, debugging, and aggregate product analytics. We may use privacy-respecting, cookieless product analytics tools (such as Vercel Analytics) to understand how features are used — these tools do not set advertising cookies or build individual user profiles for third-party targeting.

Communications

If you contact us by email or submit a form, we retain that correspondence. If you opt into marketing communications, we store your email address for that purpose separately from your account data.

Why We Process Your Data

We process your personal data for the following purposes and, where GDPR or equivalent law applies, on the following lawful bases:

• Operating the service (account authentication, payment processing, Bindery AI generation, storefront delivery) — lawful basis: performance of contract.
• Security & fraud prevention (server logs, rate limiting, abuse detection) — lawful basis: legitimate interests.
• Product analytics (understanding feature usage in aggregate, improving the platform) — lawful basis: legitimate interests. We use cookieless, privacy-respecting tools that do not build advertising profiles.
• Marketing communications (product updates, creator tips, promotional offers) — lawful basis: consent. You may withdraw consent at any time by unsubscribing or contacting us.
• Legal compliance (billing records, responding to lawful requests) — lawful basis: compliance with legal obligations.

We do not sell your personal data to third parties for advertising purposes. We do not use the specific content of your manuscripts to train AI models operated by Quari Press.

Third Parties & Sub-Processors

We share your data with the following categories of service providers who process it on our behalf. We only share what is necessary for the service to function.

Supabase. Our database, authentication system, and file storage are provided by Supabase, Inc. Supabase processes personal data on our behalf under a data processing agreement. Data is stored in AWS us-east-1 by default. Supabase privacy policy: supabase.com/privacy.

Stripe. All payment processing and author payout management is handled by Stripe, Inc. When you enter payment information or connect a Stripe account, that data is transmitted directly to Stripe under their privacy policy. We receive only tokenised references. Stripe privacy policy: stripe.com/privacy.

Anthropic. The Quari Bindery uses Claude, a large language model developed by Anthropic, PBC. Prompts you submit — including your brief, voice sample, chapter outlines, and interview answers — are transmitted to Anthropic’s API for processing to generate content. Anthropic’s API usage policy prohibits them from using API inputs to train their models. Anthropic privacy policy: anthropic.com/privacy.

OpenAI. Cover image generation and certain other image processing features use OpenAI’s API (including gpt-image-1). Image generation prompts derived from your book brief may be transmitted to OpenAI for processing. OpenAI privacy policy: openai.com/policies/privacy-policy.

Vercel. Our application is hosted on Vercel, Inc.’s infrastructure. Vercel processes request data (including IP addresses and headers) as part of serving the application. We may also use Vercel Analytics for cookieless, aggregate traffic insights. Vercel privacy policy: vercel.com/legal/privacy-policy.

We do not share your personal data with advertising networks, data brokers, or any third parties for their own marketing purposes.

Data Retention & Security

We retain your account data for as long as your account is active. Upon account deletion, your data is removed from our active systems within 30 days. Billing records and legally required financial data may be retained for up to seven years in compliance with applicable law. Backups are retained for up to 90 days and are subject to the same access controls as production data.

We use industry-standard encryption for data in transit (TLS 1.2+) and at rest (AES-256 via Supabase). Access to production data is restricted to personnel who need it to operate the service. We perform periodic security reviews and apply security patches promptly.

Despite these measures, no internet transmission or storage system is completely secure. If we become aware of a security breach that affects your personal data, we will notify you in accordance with applicable law.

Your Rights & Choices

Depending on your jurisdiction, you have the following rights regarding your personal data. To exercise any of these rights, contact us at [SUPPORT EMAIL — founder to specify] or privacy@quari.press. We will respond to verified requests within 30 days.

• Access. You may request a copy of the personal data we hold about you.
• Correction. You may request correction of inaccurate or incomplete data.
• Deletion. You may request deletion of your account and personal data. We will delete your data from active systems within 30 days; residual copies in backups are purged within 90 days. Data we are legally required to retain cannot be deleted on request.
• Portability. You may request an export of your account data in a machine-readable format.
• Objection. You may object to processing based on legitimate interests. We will assess the objection and cease processing unless we have compelling legitimate grounds.
• Withdraw consent. Where processing is based on consent (e.g. marketing emails), you may withdraw consent at any time without affecting prior processing.

Residents of the European Economic Area and the United Kingdom may also lodge a complaint with their local supervisory authority (e.g. the ICO in the UK, or your national data protection authority in the EEA). California residents may have additional rights under the CCPA, including the right to know what data is sold (we do not sell personal data) and the right to opt out of sale. We do not discriminate against users who exercise their privacy rights.

International Data Transfers

Quari Press is operated from the United States. Your data is stored primarily on Supabase infrastructure in AWS us-east-1. If you access the platform from the European Economic Area, the United Kingdom, or other jurisdictions with data transfer restrictions, your personal data will be transferred to and processed in the United States.

For transfers from the EEA or UK, we rely on the data transfer mechanisms made available by our sub-processors (Supabase, Stripe, Anthropic, OpenAI, and Vercel), each of which has implemented Standard Contractual Clauses or relies on other approved transfer mechanisms. By using Quari Press, you acknowledge that your data will be processed in the United States in accordance with this policy.

Children’s Privacy

Quari Press is not directed at children. We do not knowingly collect personal data from individuals under the age of 13 (or 16 in the European Economic Area and the United Kingdom). If you believe a child has created an account on our platform, please contact us at [SUPPORT EMAIL — founder to specify] and we will delete the account and associated data promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via an in-app notice before the changes take effect. The “Effective” date at the top of this page reflects when the current version was last updated. Your continued use of the platform after changes take effect constitutes acceptance of the revised policy.