Privacy Policy

Last updated: May 10, 2026

This Privacy Policy explains how Writerify collects, uses, and protects information when you use our Windows desktop application and website. Writerify is operated by Isloo Marketing, and the data controller for personal data described here is reachable at support@writerify.org. We take privacy seriously: Writerify is a local-first tool, which means most of your data never leaves your computer.

Contents

Quick summary
Data we collect
Data stored on your computer only
How we use data
Third parties
Cookies & analytics
Data retention
Your rights (GDPR / CCPA)
Security
Contact

1. Quick summary

We collect only what's necessary to operate the license system and process payments.
Your generated articles, AI API keys, WordPress credentials, prompts, and image cache all stay on your local computer. They never travel to our servers.
For payments and refunds we use Paddle, a Merchant of Record that handles billing data on our behalf.
License activation uses your computer's hardware fingerprint (a one-way SHA-256 hash of OS-level machine identifiers). This is not personally identifying on its own.
We do not sell, rent, or share your personal information with third parties for marketing.

2. Data we collect

Account & license data

Email address — provided at checkout, used to deliver your license key and respond to support inquiries.
License key — generated when you purchase, bound to your machine fingerprint.
Machine fingerprint — a SHA-256 hash of your computer's stable identifiers (Windows MachineGuid + CPU model + RAM bucket + hostname + MAC). It is one-way; we cannot reverse it into the original IDs.
Hostname — the friendly name of your computer (e.g., "John-PC"), used to display "License bound to: John-PC" in the app.
Activation logs — timestamp + IP address + user-agent for each license activate / validate / deactivate call. Used to detect license abuse (e.g., one key activating from 50 different IPs in a week).

Payment data

All payment processing is handled by Paddle.com Inc., acting as Merchant of Record. Paddle receives your card or bank details — we do not. Paddle's privacy policy is at paddle.com/legal/privacy. We only receive a transaction ID, the email address you used at checkout, and the plan name.

3. Data stored on your computer only (never sent to our servers)

Everything below stays on your hard drive. Uninstall Writerify and it's gone (the output folder remains until you delete it manually).

Your generated articles (.md files in your chosen output folder)
API keys you paste for Claude / OpenAI / Gemini / OpenRouter / Pexels / Pixabay / YouTube
WordPress + Next.js site credentials
Custom prompt templates and your edits
Image cache (WebP-compressed CC photos)
Job queue history + activity log
Settings, theme preference, and any custom prompts you've authored

These are stored in standard Windows app-data folders and protected by your operating system's user-account permissions. We do not sync them to the cloud unless you explicitly configure a publishing target (WordPress / Next.js) — and even then, articles go directly from your computer to that target, not via us.

4. How we use data

To operate your license — activate, validate, and deactivate license seats; enforce the one-PC-per-key rule.
To process payments and refunds — through Paddle.
To provide support — when you email us, we read your messages and reply.
To detect abuse — aggregate IP and fingerprint patterns help us identify license key sharing.
To send transactional emails — your license key, refund confirmations, payment receipts. We do not send marketing emails without explicit opt-in.

5. Third parties

We use a small number of third-party services strictly to operate the product:

Paddle — payment processing & tax compliance (Merchant of Record).
Vercel — hosting for this marketing website.
VPS provider (Hetzner / DigitalOcean) — hosts the license server that handles activate / validate / deactivate requests.

We have data-processing agreements in place with each. We do not share data with advertisers, marketing networks, or data brokers.

6. Cookies & analytics

This website uses no tracking cookies. Your theme preference (dark/light) is stored in your browser's local-storage and never sent anywhere. We do not run Google Analytics, Facebook Pixel, or any third-party analytics on this site at present.

7. Data retention

License records (email + key + fingerprint + activation log) are retained as long as your license is active, plus 24 months after expiry for tax + audit purposes.
Payment records are retained as long as required by law (typically 7 years for tax).
Support emails are kept for 24 months after the last reply, then deleted.

8. Your rights (GDPR / CCPA)

If you're in the EU, EEA, UK, or California, you have the right to:

Access — request a copy of all personal data we hold about you;
Rectify — correct inaccurate data;
Erase — request deletion ("right to be forgotten") subject to legal retention requirements;
Port — receive your data in a machine-readable format;
Object / restrict — limit how we process your data;
Withdraw consent — at any time, for any processing based on consent.

To exercise any of these rights, email support@writerify.org. We respond within 30 days.

9. Security

We protect your data with industry-standard practices: HTTPS everywhere, encrypted local-storage for license cache (XOR-encrypted electron-store), bcrypt-hashed admin credentials on the license server, and least-privilege server access. No internet-connected system is 100% secure, but we make a real effort.

10. Contact

All questions — privacy, GDPR / CCPA, security, general support — go to one inbox: support@writerify.org. Use a clear subject line (e.g. "Privacy request", "GDPR data access", "Security disclosure") for the fastest routing.