← Back

Privacy Policy

Last updated: April 29, 2026

1. What we are

MyScrive is an AI writing copilot delivered as a Chrome extension and a web dashboard at myscrive.com. This policy explains what data we collect, how we use it, and the third parties we share it with.

2. What we collect

  • Account info. Your email address and name, supplied via Clerk when you sign in. Optionally a profile picture from your Google account.
  • Subscription info. Your plan (Free / Pro / Team), plan status, and a Stripe customer ID if you upgrade. Card details are handled by Stripe — we never see them.
  • Usage counts. A daily counter of how many generations you've made, used to enforce your plan's daily limit. We do NOT store the contents of prompts or responses.
  • API tokens (Chrome extension). When you sign in from the extension, we mint a long-lived token. We store only its SHA-256 hash — the raw token lives only in your browser's extension storage.
  • Prompt content (transient). When you click Run, the prompt you typed is sent through our server to the AI provider you chose (Google, Anthropic, OpenAI, or Perplexity). We do not log, store, or train on your prompt or its response. The provider does receive it; see Section 4.

3. What we do NOT collect

  • The contents of pages you visit while the extension is installed.
  • The contents of your Gmail messages or any other email account. The Gmail integration reads only what you explicitly select or the compose draft you're actively writing — and that text only travels when you click a MyScrive action.
  • Your browsing history, cookies, or analytics from third-party sites.
  • Voice recordings. The voice-input feature uses your browser's built-in Web Speech API, which sends audio to your operating system or browser vendor (typically Google for Chrome) — never to MyScrive.

4. Third parties we share with

We share data ONLY with the providers we need to deliver the service:

  • Clerk (authentication) — your email, name, sign-in metadata.
  • Supabase (database) — your account, plan, usage counts.
  • Stripe (payments) — your billing details, if you upgrade.
  • Vercel (hosting) — request logs that may include your IP and user-agent.
  • AI providers — when you generate content, your prompt is sent to the provider you selected (Google Gemini, Anthropic Claude, OpenAI GPT, or Perplexity). Each operates under their own privacy policy.

We do not sell your data to advertisers or any other third party.

5. How long we keep data

  • Account data: as long as your account exists.
  • Usage counts: 90 days, then automatically purged.
  • API tokens: until you sign out or revoke them.
  • Prompts and responses: never stored on our servers.

6. Your rights

If you're in the EU/UK (GDPR) or California (CCPA), you have the right to:

  • Access the data we hold about you.
  • Correct inaccurate data.
  • Delete your account and all associated data.
  • Export your data in a machine-readable format.
  • Object to processing.

Email contact@myscrive.com from your account's email address. We respond within 30 days.

7. Security

We use HTTPS everywhere, hash-only API token storage, and least-privilege database access. No system is perfectly secure, but we follow industry standards. If we ever discover a breach affecting you, we'll notify you within 72 hours.

8. Children

MyScrive is not intended for children under 13 (or 16 in the EU). We do not knowingly collect data from minors.

9. Changes to this policy

If we make material changes, we'll email you at the address on file and update the “Last updated” date at the top of this page.

10. Contact

Questions, complaints, or data requests: contact@myscrive.com.