Some people love reading an in-depth account of privacy. If you’re not that kind of person, this is what you’ll likely want to know:
- We respect your privacy, and have no interest in selling or giving away your personal information or work.
- We don’t keep any more of your information or personal data on hand than we need.
- Our servers don’t hold credit card or banking information.
- Your content is yours, we believe in you, but we don’t want your work.
- By posting content into Stitchleaf you recognize that we’re not responsible if your work is lost, stolen, or given away.
- We do use tokens and cookies to attempt to verify you as the owner of your content.
- We will never access your written work unless you ask us to. That includes files you upload. Sometimes we may need to work with you to fix a bug if, for example, a document you uploaded is displaying strangely. Again, we won’t jump in unless you need us.
- We do keep record of your IP as you sign in to our services. That helps us get an idea of who is using your account so that we can spot odd behavior and head-off data theft. But we don’t store that data for any longer than we need to.
What Data We Collect
When you sign up for Stitchleaf, we do collect things like your first and last name, and an email address. That information is only used as part of communicating with you about our service. We will never sell or give away your information to a third party unless it’s part of a feature we offer. Even then, we only send the data we need to send in order to meet your expectations.
We expect that you’re probably using our writing app to, you know, write things. But we have no idea if that’s what you’re actually going to do with it. And we don’t look in on you to check. Your data is restricted to your account, and to those with whom you share it. (There is an option to share some data publicly on Stitchleaf Reader.)
If you should ever need or want to view the information we have stored about you, just send us an email at [email protected]. We would be happy to walk you through it, or restrict your data usage even further. But, as a note here, that may limit your ability to use some of the features of Stitchleaf.
Should you ever need help, we’re here for you. As we work with you, we’ll keep our messages and your email address for future reference. If you’re also on our public-facing (marketing) site we track activity for statistical reference and to test things out (like our design work). If you should ever volunteer data to us, in something like a survey, we do hang on to that for a reasonable amount of time.
The only times we will ever pass information about you along to another person is with regards to:
- Services you requested that we provide.
- If we think there may be a case of fraud or other illegal activity, our terms of service may have been violated, or if other laws require us to do so.
- Should we ever be acquired, we will send you notice as far ahead of time as we can so that you can act accordingly. But you will receive notice before any information about you is sent as part of a purchase agreement. (We mean the purchase of us, not you here.)
In the unlikely event that a problem with law enforcement arises, we will comply only once a court order has been provide to us and meet requirements of lawful requests by public authorities, or national security requirements. If we are able, and not restricted from doing so, we’ll even let you know when that happens. But without a court order we will not release the personal information of our users to any law enforcement.
Security and Encryption
When your data is sent back and forth between your device and our servers, we encrypt it. When we make a backup of your data, we encrypt it as well. Live data is not encrypted, because we need to access it so that you can use it. But otherwise, we don’t want to risk the theft of your best selling novel or personal data.
We or third parties might use “cookies” or similar technology as part of our services to track you.
When you delete something, it’s gone. We don’t keep a backup of your data once you’ve removed it. If you should close your account, we won’t keep your data on hand beyond the amount of time it takes to delete it, and for the backups of it to be deleted. (About 30 days).
Location of Site and Data
Our services are hosted in the United States. If you are outside of the United States (the European Union or elsewhere, for example), your data will be sent to us (encrypted) and stored here. When you use our site or services, you are consenting to this transfer of your data.
As part of the General Data Protection Regulation (GDPR) compliance, we recognize and will comply with your privacy rights except where we are limited by applicable laws from doing so. Your rights include:
- Right of Access: The ability to know what data we collect about you and how it is used.
- Right to Correction: The right to request corrections to the data we have on record about you.
- Right of Erasure (also known as the Right to be Forgotten): This is your right to request that we erase all information we have about you, except where limited or restricted by law. If we are asked to erase your information, it may mean that we are unable to provide you with further services, and could result in the immediate closing of your account.
- Right to Complain: You have the right to make a complaint about the way we work with your data to the appropriate supervisory authority.
- Right to Restrict Processing: You have the right to request restriction of how your information is collected and processed by us.
- Right to Object: In some cases you have the right to object to how and why your information is being processed.
- Right of Portability: You have the right to request your personal data from us and transmit it to someone else.
- Right to not be subject to Automated Decision-Making: You have the right to object to and prevent anything that could impact you legally (or similarly), being based on automated processes. This is limited if the decision is necessary as part of any contract we have with you, is allowed by European Law, or even if you have asked us to do it.
Processors and Third Parties
Some of our features require external processors (subprocessors). In the process of sending your data to them, we make every effort to do so securely. Here are the subprocessors we use, and an overview of how your data is used:
Stripe handles purchases and subscriptions from our web app.
Amazon (AWS) handles some of our machine learning functionality.
We use Facebook‘s pixel data on our public-facing site. From within Stitchleaf you may also choose to connect your Facebook account for analytics data.
When you upload a document, we send that to Google‘s Cloud Service for processing. We also use Google Analytics as well.
If you choose to use Stitchleaf or one of the other apps on your iOS device, we process in-app-purchases with Apple.
If you have any kind of issue or concern, please do get in touch.