Privacy Policy

Novlr Limited ("Novlr", "we", "us", or "our") operates the Novlr creative writing platform at novlr.org and its associated services. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform.

We are committed to protecting your privacy and being transparent about how we handle your data. If you have any questions, contact us at [email protected].

Summary of Key Points

1. Information We Collect

1.1 Information You Provide

• Account information: When you register, we collect your first name, last name, email address, and password.
• Subscription and billing information: When you subscribe to a paid plan, we collect billing details (such as billing address and payment card information) through our payment processor, Stripe. Novlr does not store your full payment card details — these are held securely by Stripe.
• Your writing and content: Your manuscripts, notes, outlines, comments, tags, synopses, and any other content you create within Novlr.
• Profile and project images: Profile photos and project cover images you upload.
• Preferences and settings: Your editor preferences, notification settings, writing goals, personal dictionary entries, and other customisation choices.
• Support communications: Messages you send through our in-app support chat or via email.
• Account deletion feedback: If you choose to delete your account, we may collect optional feedback about your reasons.
• Author website content: If you create an author website, we collect your published content selections, custom domain configuration (if applicable), and any images you upload for your website.

1.2 Information Collected Automatically

• Usage data: We track activity such as words written, writing sessions, and feature usage to power your personal analytics dashboard (e.g., writing streaks, favourite writing times, word count history). This data is stored in our own database — we do not use third-party analytics services.
• Session information: We generate a session identifier stored in your browser to group activity during a single visit.
• Device and browser information: We collect your browser's user agent string in limited contexts (e.g., when logging backup events for troubleshooting). A debug information download is available in your account settings, which includes browser type, platform, screen size, and viewport dimensions — this is generated locally and only shared if you choose to send it to our support team.
• Timezone: Your browser's timezone is sent to our real-time sync server to coordinate document synchronisation.
• Device identifier: A randomly generated device identifier is stored in your browser's local storage for session management purposes.

1.3 Information from Third-Party Integrations

If you choose to connect your account to third-party services for backups, we receive limited information from those services:

• Google Drive: Your Google account email and name (used to identify the connected account) and an OAuth access token to upload backups to your Google Drive.
• Dropbox: Your Dropbox account email and name and an OAuth access token to upload backups to your Dropbox.

You can disconnect these integrations at any time from your account settings, which revokes our access.

2. How We Use Your Information

We use your information for the following purposes:

• Providing our service: To operate Novlr, including real-time document synchronisation, content storage, and project management.
• Your writing analytics: To power your personal dashboard showing writing statistics such as word counts, writing streaks, and session patterns. These analytics are visible only to you.
• Grammar checking: When you use the grammar checker, your document text is sent to our self-hosted LanguageTool server for analysis. This server is operated by Novlr — your text is not sent to any third party for grammar checking.
• Billing and subscriptions: To process payments, manage your subscription, and provide receipts through Stripe.
• Communications: To send you transactional emails (e.g., password resets, subscription confirmations) and, with your consent, marketing communications (e.g., newsletters, writing tips).
• Support: To respond to your enquiries and provide customer support.
• Backups: To create and manage backups of your work to Google Drive or Dropbox when you have enabled these integrations.
• Sharing and collaboration: To facilitate document and project sharing when you choose to generate share links or collaborate with others.
• Content and learning: To provide Academy courses, writing tips, and publishing advice within the platform.
• Author websites: To host and display your public author website, including any content, images, and pages you choose to publish.
• Service improvement: To understand how our platform is used and to improve our features and user experience.
• Security and integrity: To protect against fraud, abuse, and security threats.

3. Your Words, Your Rights

Your words are yours. This is a core principle at Novlr. When you write on our platform, you retain full ownership of your work and all rights to it. We do not claim any intellectual property rights over your content.

3.1 Novlr and AI

We do not use AI to process, analyse, or train on your writing. No part of your work is shared with AI services or used for machine learning purposes. Your content remains exclusively yours and is not accessible to any AI system.

Our grammar checking feature uses a self-hosted open-source tool (LanguageTool) that runs on our own infrastructure. Your text is not sent to any external AI service for this purpose, and it is not retained after the check is complete.

4. How We Share Your Information

We do not sell your personal information to third parties. We share your information only in the following circumstances:

4.1 Service Providers (Sub-processors)

We use trusted third-party service providers to help operate our platform. These providers process your data on our behalf and are contractually bound to protect it:

Note on custom domains: If you configure a custom domain for your author website, you do so through your own third-party domain registrar or DNS provider. Novlr does not act as an intermediary for custom domain registration, and the privacy policies of your chosen provider apply to that service.

4.2 Content You Choose to Share

When you generate a share link for a document or project, the content becomes accessible to anyone with that link. You control sharing settings and can revoke share links at any time.

4.3 Embedded Third-Party Content

Certain areas of our platform embed content from third parties:

• YouTube and Vimeo: Academy course videos may be embedded from these platforms. Their privacy policies apply when you view these videos.
• Spotify: Our community page may include an embedded Spotify playlist.
• Google Fonts: We use fonts served by Google Fonts, which may process your IP address as described in Google's Privacy Policy.

These embeds are not related to your writing content and do not have access to your Novlr account or manuscripts.

4.4 Legal Requirements

We may disclose your information if required to do so by law, or if we believe in good faith that disclosure is necessary to comply with legal obligations, protect our rights, investigate fraud, or respond to a government request.

5. Cookies and Local Storage

5.1 Cookies

We use essential cookies to manage your authentication session. These cookies are required for the platform to function and keep you logged in. We do not use advertising or third-party tracking cookies.

5.2 Browser Local Storage

We use your browser's local storage to save your preferences and improve your experience. This data stays on your device and is not transmitted to our servers unless necessary for functionality. Examples include:

• Theme and accessibility preferences (e.g., dark mode, dyslexia-friendly font)
• Editor layout preferences (sidebar state, desk layout)
• Onboarding progress and dismissed notifications

You can clear local storage at any time through your browser settings.

6. Data Storage and Security

6.1 Data Location

Your data is stored on servers located in the United States through our infrastructure provider, Supabase. Our real-time sync server is hosted on Google Cloud Platform.

6.2 Security Measures

We take the security of your data seriously and implement appropriate technical and organisational measures, including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Row-Level Security (RLS) policies on our database to ensure users can only access their own data
• Authentication via secure session management
• Regular security reviews of our codebase
• Access controls limiting employee access to user data

6.3 Data Retention

• Active accounts: Your data is retained for as long as your account remains active.
• Deleted accounts: When you delete your account, your data is scheduled for permanent deletion within 30 days. During this period, your account is deactivated and your data is not accessible.
• Backups: If you have connected Google Drive or Dropbox backups, files already backed up to those services will remain in your own cloud storage accounts. You can delete them directly from those services.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

7.1 Rights Under UK and EU GDPR

If you are in the United Kingdom or European Economic Area, you have the right to:

• Access your personal data and obtain a copy
• Rectify inaccurate or incomplete data
• Erase your personal data ("right to be forgotten")
• Restrict processing of your data
• Data portability — receive your data in a structured, commonly used format (you can export your manuscripts and notes in DOCX, PDF, ODT, EPUB, or RTF format at any time)
• Object to processing based on legitimate interests
• Withdraw consent at any time where processing is based on consent (e.g., marketing emails)

Legal basis for processing: We process your data based on:

• Contract: To provide the Novlr service you have signed up for
• Consent: For marketing communications (you can unsubscribe at any time)
• Legitimate interests: For service improvement, security, and fraud prevention

To exercise your rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. For UK residents, this is the Information Commissioner's Office (ICO) at ico.org.uk.

7.2 Rights Under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Delete your personal information
• Opt-out of the sale of your personal information (we do not sell your personal information)
• Non-discrimination for exercising your privacy rights

To exercise your CCPA rights, contact us at [email protected].

8. Marketing Communications

When you create an account, you may be added to our marketing email list via MailerLite. You can manage your email preferences at any time from your account notification settings, including:

• Novlr news and updates
• Weekly writing progress summaries
• Community and writing tips

You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in any email or adjusting your preferences in your account settings. Transactional emails (such as password resets and subscription confirmations) are not affected by your marketing preferences.

9. Sharing and Collaboration

Novlr allows you to share your work in two ways:

• Project share links: You can generate a read-only link to share an entire project. You control which documents and notes are included, and you can revoke the link at any time.
• Document share links: You can generate a link to share a single document with configurable access levels.

When someone accesses a share link, they can view the shared content. Share links include a noindex directive to prevent search engines from indexing shared content.

Real-time collaboration uses our sync server, which processes document content solely for the purpose of keeping documents synchronised between sessions and devices. Content is not stored on the sync server beyond what is necessary for synchronisation.

10. Author Websites

Novlr allows you to create a public author website to showcase your work and connect with readers.

• What you publish: You control which content, pages, and images appear on your author website. Published content is publicly accessible to anyone who visits your website URL.
• Domains: Your author website is hosted on a default Novlr subdomain (via Vercel). You may optionally configure a custom domain through your own domain registrar. Note: Novlr does not manage custom domain registration on your behalf.
• Visitor privacy: We do not collect analytics or tracking data about visitors to your author website. Author websites are statically hosted with no visitor cookies or third-party tracking.
• Images: Images you upload for your author website are stored on Google Cloud Platform. These images are publicly accessible when displayed on your published website.

11. Data Portability and Export

You can export your writing at any time in the following formats:

• DOCX (Microsoft Word)
• PDF
• ODT (OpenDocument)
• EPUB (e-book)
• RTF (Rich Text Format)

Notes can also be exported in these formats. Your data belongs to you, and we make it straightforward to take it with you.

12. Account Deletion

You can delete your account at any time from your account settings. When you request account deletion:

1. Your account is immediately deactivated
2. All your personal data, writing content, and associated records are permanently deleted within 30 days
3. Your Stripe subscription is cancelled
4. Any connected integrations (Google Drive, Dropbox) are disconnected — files already backed up remain in your cloud storage
5. You will receive a confirmation email

Once deletion is complete, your data cannot be recovered.

13. International Data Transfers

If you are located outside the United States, your data will be transferred to and processed in the United States where our servers are located. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.

By using Novlr, you consent to the transfer and processing of your data in the United States.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Sending a notice to the email address associated with your account
• Displaying a prominent notice within the Novlr platform

We encourage you to review this policy periodically. Your continued use of Novlr after changes are posted constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Novlr Limited
Email: [email protected]