Privacy Policy

Last Updated

May 17, 2026 · Effective May 17, 2026

Key Privacy Highlights
  • Your screenplay content is never used to train AI models.
  • Uploaded files are deleted shortly after analysis completes.
  • Data is encrypted in transit and at rest.
  • You can delete your analyses or your account at any time (subject to legal retention requirements).

1. Introduction

Story Notes (“we,” “our,” or “us”) operates a screenplay analysis service that provides AI-generated feedback on creative writing. This Privacy Policy explains how we collect, use, protect, and share information when you use our service at storynotes.app (the “Service”).

We are committed to protecting your privacy and the confidentiality of your creative work. This policy describes our data practices and your rights regarding your personal information.

2. Information We Collect

2.1 Account Information

  • Email address (for account creation and notifications)
  • Authentication tokens (for secure sign-in)
  • Account preferences and settings
  • Payment information (processed by Stripe — we do not store or see your full card number)

2.2 Screenplay Content

  • Uploaded screenplay files (PDF format)
  • File metadata (title, author, page count, file size)
  • Analysis results and generated reports

2.3 Technical Information

  • IP addresses and device information
  • Browser type and version
  • Usage analytics and service performance metrics
  • Error logs and debugging information (we do not intentionally log screenplay content)

2.4 Other Collected Data

  • Customer Support Communications: Emails or other messages you send us, which may include personal information or excerpts from your screenplay
  • Cookies & Similar Technologies: Minimal cookies for authentication and service performance, manageable via your browser settings

3. How We Use Your Information

3.1 Service Provision

  • Analyzing your screenplays using AI technology
  • Generating feedback and reports
  • Managing your account and preferences
  • Processing payments for premium features

3.2 Communication

  • Sending analysis completion notifications
  • Providing customer support
  • Sending important service updates (required for account operation)
  • Sending marketing communications (only with your consent, where required)

3.3 Service Improvement

  • Analyzing aggregate usage patterns to improve the Service
  • Debugging technical issues
  • Ensuring security and preventing abuse

We do not use your screenplay content to train AI models, and we do not use it to improve the Service beyond providing your own analysis.

4. Screenplay Content Protection

Our Commitment

We understand the sensitive nature of creative work and take practical measures to protect it.

4.1 AI Processing

  • Not Used for Training: We process screenplays using Anthropic’s commercial API, under terms that do not permit using submitted content to train AI models. Your screenplay is not used to train any model.
  • Limited Retention by Anthropic: Anthropic may retain API inputs and outputs for a limited period (up to 30 days) for trust & safety purposes, then deletes them. See privacy.anthropic.com.
  • Commercial API, Not Consumer Chat: We use Anthropic’s commercial API, not the Claude.ai consumer product, which carries different privacy terms.
  • No Routine Human Review: Your content is not reviewed by Anthropic staff unless flagged for abuse investigation under their policies.

4.2 Our Storage Practices

  • Prompt Deletion of Uploads: Your original uploaded file is stored only temporarily during processing and is deleted shortly after analysis completes (typically within minutes).
  • No Long-Term File Retention: We do not retain, cache, or back up your original screenplay files beyond the brief processing window.
  • What We Keep: We retain the generated analysis and scores. These may include short quoted excerpts or references from your screenplay as part of the feedback. We do not retain a copy of the full original screenplay.
  • Encryption: Data is encrypted in transit using TLS and encrypted at rest by our database and storage providers.
  • No Content Logging: We do not intentionally store screenplay content in application logs or error reports.

4.3 Processing Infrastructure

  • Job Queue: We use Upstash QStash to schedule analysis jobs; the queue does not store screenplay content.
  • Ephemeral Compute: Analysis runs in short-lived serverless functions.
  • Temporary File Storage: Uploaded files are held briefly in AWS S3 with server-side encryption and deleted promptly after analysis completes.

5. Data Sharing and Third Parties

5.1 Service Providers

We use the following providers to operate the Service:

  • Anthropic — AI analysis processing (limited retention for trust & safety only; not used for training)
  • Stripe — Payment processing (we do not see your full card details)
  • AWS S3 — Temporary encrypted file storage during analysis (files deleted promptly after)
  • Vercel — Application hosting and serverless execution
  • Resend — Transactional email delivery
  • Upstash — Job queue (QStash) and short-lived performance caching (Redis); no screenplay content stored

5.2 Data Sharing Limitations

We do not sell, rent, or trade your personal information. We may share it:

  • With your explicit consent
  • To comply with valid and binding legal requests (see Section 5.3)
  • To protect our rights, property, or safety
  • In connection with a business transfer (with privacy protections maintained)

5.3 Legal Requests

We respond only to legal requests that are valid and binding under applicable law. Unless prohibited, we will make reasonable efforts to notify you before disclosing your information.

6. Data Retention

6.1 Retention Periods

  • Uploaded Screenplay Files: Deleted shortly after analysis completes (typically within minutes)
  • Anthropic Processing: Retained by Anthropic for a limited period (up to 30 days) for trust & safety, then deleted
  • Analysis Results: Retained until you delete them or close your account
  • Account Information: Retained while your account is active
  • Payment Records: Retained as required for tax and legal compliance
  • Technical Logs: Retained for a limited period (typically up to 90 days; no screenplay content)

6.2 Data Deletion

You may delete individual analyses or your entire account at any time. We will remove personal information and analysis results from our active systems within 30 days, except where retention is required by law (for example, payment records for tax compliance).

7. Security

We take reasonable measures to protect your information, including:

  • Encryption in transit (TLS) and encryption at rest via our providers
  • Access to administrative systems restricted to the operator and protected by authentication
  • Prompt deletion of uploaded files after processing
  • Not selling or trading personal information
  • Basic monitoring for errors and abuse, and incident response practices

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your Rights and Choices

8.1 Access and Control

You can:

  • View your personal information and analysis results
  • Correct your account information
  • Delete specific analyses or your account entirely
  • Export your analysis results
  • Opt out of marketing communications

8.2 Regional Rights

If you are located in the EU/UK, California, or other regions with privacy laws, you may have additional rights, including:

  • Right to access, correct, or delete your personal information
  • Right to object to or restrict processing
  • Right to data portability
  • Right to lodge a complaint with a supervisory authority

9. International Data Transfers

We store and process data in the United States. If you access the Service from outside the United States, your information is transferred to and processed in the United States. Where required for transfers from the EU/UK, we rely on appropriate safeguards such as Standard Contractual Clauses.

10. Children's Privacy

The Service is intended for adults aged 18 and older and is not directed to children. We do not knowingly collect personal information from anyone under 18, and in particular not from children under 13. If we learn that we have collected such information, we will delete it.

11. Changes to This Policy

We may update this Privacy Policy. We will notify you of material changes by one or more of:

  • Email to your registered address
  • A prominent notice on the Service
  • An in-app notification

Continued use of the Service after the effective date of an update means you accept the updated policy.

12. Legal Basis for Processing

Where required (for example, under GDPR/UK GDPR), we process your personal information on these bases:

  • Contract Performance: Providing the screenplay analysis service
  • Legitimate Interest: Securing the Service and preventing abuse
  • Consent: Marketing communications (where required)
  • Legal Obligation: Compliance with applicable laws
Questions About Privacy?

Contact us at [email protected].

For Anthropic’s data policies, see privacy.anthropic.com.