Privacy Policy
Last updated: 7 June 2026
Controller: Riter.Ink — hello@riter.ink
The short version
If you never sign up, zero data ever leaves your device. Your writing lives entirely in your browser's local storage. We never see it, touch it, or know it exists.
If you do sign up, the picture changes modestly — we need to know your email address to create your account and sync your writing across devices. That's it.
What we collect and why
If you are a guest (no account)
Nothing. Your books and chapters are stored locally in your browser using IndexedDB. No network calls are made for your writing. No account, no data.
If you sign up
Email address Collected when you register. Used to verify your account, send password reset links, and contact you in the rare case someone tries to register with your address. Lawful basis: performance of a contract (Article 6(1)(b) GDPR).
Password Stored as a one-way hash. We never store or transmit your plain-text password.
Session data When you sign in, a session is created and stored in a cookie. The session links your browser to your account for the duration of your login. Lawful basis: performance of a contract.
Your writing (books and chapters) Title, content, word count, and timestamps for each book and chapter you create. Synced to our server so your writing is available across devices. Your writing content is yours — we do not read it, analyse it, or use it for any purpose other than syncing it back to you. Lawful basis: performance of a contract.
Security and abuse prevention logs
Every request to our backend is logged with the HTTP method, path, response status, duration, request ID, and the requesting IP address. Session creation and revocation events are also logged with a user ID or session ID. These logs are used to detect abuse, investigate errors, and monitor rate limiting. Lawful basis: legitimate interests (Article 6(1)(f) GDPR) — preventing abuse and keeping the service secure.
Logs are stored in Grafana Loki, hosted on our EU server (Hetzner, Germany). They are not shared with third parties and are retained for 30 days.
Analytics
We use Plausible Analytics to understand aggregate usage — page views, referrers, and approximate geography. Plausible is cookieless and privacy-preserving: it collects no personal data and cannot be used to track individuals. No data is shared with advertising networks. Lawful basis: legitimate interests — understanding how people use the product without invading their privacy. Plausible is hosted in the EU (Ireland).
CAPTCHA
Auth forms use Cloudflare Turnstile to prevent automated sign-up abuse. Turnstile processes your IP address and browser signals to determine whether a request is human. This data is processed by Cloudflare under their privacy policy. We do not receive or store any Turnstile data beyond the pass/fail result.
Who receives your data
| Recipient | Location | Role | Transfer safeguard |
|---|---|---|---|
| Hetzner | Germany (EU) | VPS hosting — backend, sync database | No transfer (EU) |
| Cloudflare | US | Frontend CDN and Workers | Standard Contractual Clauses (SCCs) |
| Resend | US | Transactional email delivery | Standard Contractual Clauses (SCCs) |
| Plausible Analytics | EU (Ireland) | Cookieless analytics | No transfer (EU) |
Resend receives your email address solely to deliver transactional emails (verification, password reset). It does not process your writing content.
Global Privacy Control (GPC)
We honour the Global Privacy Control signal. We never sell personal data, so GPC is already satisfied — your data is not shared with third parties for advertising or marketing purposes regardless of whether you send the signal.
Cookies
We set one cookie: a session cookie for authenticated users. It is strictly necessary to keep you signed in. No tracking cookies, no advertising cookies, no consent banner needed.
Retention
| Data | Retention |
|---|---|
| Account (email, password hash) | Until you delete your account |
| Writing content (books, chapters) | Until you delete it |
| Session data | Until you sign out or the session expires |
| Request logs (IP, path, status) | 30 days |
| Auth event logs (userId, sessionId) | 30 days |
Your rights
Under GDPR you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your account and associated data
- Restriction — ask us to pause processing while a dispute is resolved
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interests
- Complain — lodge a complaint with your local supervisory authority (in the EU, this is your national data protection authority)
To exercise any of these rights, email hello@riter.ink. We will respond within 30 days.
Changes to this policy
If we make material changes we will update the "Last updated" date at the top and, where appropriate, notify you by email.