Back to Home

Privacy Policy

Last updated: May 2026

Introduction

Coffeescribe is operated by 7sumcreations LLC, a Wyoming limited liability company with registered address at 1309 Coffeen Ave, Suite 1200, Sheridan, Wyoming 82801, USA ("Company", "we", "our", "us"), which is the data controller for personal information collected through the Service. "Coffeescribe" is a trade name (DBA) of 7sumcreations LLC. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered book creation platform. Please read this policy carefully to understand our practices regarding your personal data.

We never sell your personal data. We never share personal data with third parties for their own marketing purposes.

1. Information We Collect

Information You Provide

  • Account Information: Email address, password (hashed), display name, username
  • Legal Consent Records: Timestamp of Terms/Privacy acceptance, age confirmation, version accepted
  • Book Content: Book titles, descriptions, chapters, and all content you create or edit
  • Preferences: Settings, preferences, and customizations you configure
  • Feedback: Any feedback, support requests, or communications you send us

Automatically Collected Information

  • AI Generation Logs: Token counts (input/output), AI model used, and generation cost. We do not retain prompt text or AI responses on our servers for training purposes — prompts are forwarded to our AI provider in real time (see Third-Party Services for what happens at the provider).
  • Deleted Book Snapshots: When you delete a book, we keep a temporary snapshot in an internal recovery archive for up to 90 days, then it is automatically and permanently deleted. Snapshots are never visible to other users.
  • Token Transactions: Token balance changes, transaction timestamps, IP address and user agent (for security/fraud prevention)
  • Account Statistics: Total tokens used, total cost, last activity timestamp
  • Audiobook Playback Position: When you listen to an Audioscribe chapter, we save how many seconds into the chapter you got so playback can resume where you left off. Position is stored per-user per-chapter, visible only to you (own-rows-only access), and is deleted when you delete the scribe or your account. Anonymous listeners (those playing via a shared link without signing in) do not generate playback data.
  • Imported Documents (Scribe Conversion): When you use the Scribe Conversion feature to upload a PDF, EPUB, Word, text, or Markdown document, we store the original source file privately in our system while the conversion is in progress. The file is deleted after conversion completes (or after 7 days if you abandon the upload). The resulting imported scribe is stored as a normal scribe in your library and follows the standard book-content retention rules. For scanned PDFs, the file bytes are also sent to Mistral AI for OCR — see Third-Party Services. When you publish an imported scribe to the public library, we record the timestamp of your ToS-consent confirmation as an audit trail for take-down requests.
  • Payment Data: Subscription status, plan type, and billing dates (payment details handled by Paddle — we never see your card number)
  • Hosting Logs: Access logs managed by Vercel and Supabase (see their policies)

What We Do NOT Collect

  • Page browsing history or click tracking
  • Search queries or export history
  • Third-party advertising or tracking cookies
  • Location data beyond IP-based country
  • Payment card numbers (handled entirely by Paddle)

2. How We Use Your Information

We use your information for the following purposes:

  • Service Provision: To operate, maintain, and provide features of the platform
  • AI Content Generation: To process your prompts and generate book content
  • Account Management: To manage your account, authentication, and preferences
  • Billing: To process payments and manage subscription status via Paddle
  • Communication: To send service-related notifications and respond to inquiries
  • Improvement: To analyse usage patterns and improve our service
  • Security: To detect and prevent fraud, abuse, and security threats
  • Legal Compliance: To comply with legal obligations and enforce our terms

AI Training

We do not train AI models on your content.Your prompts, your books, your research notes, and your uploaded documents are never used to train our own models or any third-party model on our behalf. If we ever decide to offer an opt-in option to use de-identified content for training future versions of our own models, we will give active users advance notice and an explicit opt-in — nothing changes without your consent.

Separately, when you send a prompt to an AI model via Coffeescribe, the prompt is forwarded to our AI provider (OpenRouter) for processing. OpenRouter and the underlying model provider may, depending on the model and tier you select, use prompts for their own training — see the OpenRouter section below for details. This is independent of Coffeescribe and governed by their privacy policy.

3. Third-Party Services

We use the following third-party services to operate Coffeescribe:

Supabase

Database hosting, authentication, and file storage. Your account data, books, and preferences are stored securely on Supabase infrastructure.

Supabase Privacy Policy →

OpenRouter

AI model routing and inference. Your prompts and book content are processed through OpenRouter to generate AI content. Free tier prompts may be used for model training by underlying providers. Paid tier prompts are not shared for training. When you enable Web Search for a scribe, OpenRouter's web search plugin queries third-party search providers and returns source URLs and titles, which Coffeescribe stores as citations. Clicking a citation opens the third-party URL in a new tab — we do not proxy or auto-fetch these URLs on your behalf.

OpenRouter Privacy Policy →

Paddle

Payment processing for subscriptions and one-time purchases. When you subscribe, Paddle receives your name, email address, and payment information to process transactions. Paddle acts as Merchant of Record — we never receive or store your payment card details.

Paddle Privacy Policy →

Mistral AI (OCR)

Optical character recognition for scanned PDFs uploaded via Scribe Conversion. When you upload a PDF that contains no embedded text (a scan or image-only PDF), we send the page images to Mistral's OCR API to extract the text. Mistral receives only the file bytes of your upload — no account information, no email, and nothing else. The OCR cost is billed to your token allowance and is shown in the cost preview before you commit. We do not send Mistral any content from your already-created scribes, your research, your notes, or any other part of your account.

Mistral Privacy Policy →

Apify

Web scraping and data extraction for Research Mode. When you extract YouTube transcripts or scrape web pages in a Cafe, the URL is sent to Apify for content extraction. No personal data is shared — only the URL you provide.

Apify Privacy Policy →

Academic Search APIs

Academic paper search for Research Mode. When you search for academic papers in a Cafe, your search query is sent to the selected academic database. We support three sources — all free and open:

  • OpenAlex — Open-access scholarly metadata (250M+ works). Only your search query is sent.
  • arXiv — Preprint server for physics, math, CS, and related fields. Only your search query is sent.
  • PubMed (NCBI) — Biomedical and life sciences literature (35M+ articles). Only your search query is sent.

No personal data is shared with any of these services.

OpenAlex Privacy →arXiv Privacy →NCBI Policies →

Research Mode — Data Privacy

Your uploaded documents, notebook imports, and curated Serving Tray notes are stored only on our servers — the original files and notes themselves are never sent to external services. Text extraction (PDF, DOCX) and embedding vector generation both run entirely on our servers using an open-source model. However, when you actively use a feature that needs an external AI service, the following limited extracts are sent out:

  • Web Search: Your search query is sent to OpenRouter for AI-powered search
  • Academic Search: Your search query is sent to the selected database (OpenAlex, arXiv, or PubMed)
  • Academic Analysis: Paper abstracts are sent to OpenRouter for AI analysis
  • YouTube Transcripts: Only the YouTube URL is sent to Apify (not transcript content)
  • URL Scraping: Only the article URL is sent to Apify (not scraped content)
  • Q&A Chat: Your question + relevant research excerpts are sent to OpenRouter for answer generation
  • Embeddings: Generated locally on our servers — no research text leaves our infrastructure
  • Cafe Sharing: When you share a Cafe via a read-only link, other authenticated Coffeescribe users can view your research sources and tray items. No data is sent to external services — sharing is internal to the Coffeescribe platform only

Resend

Transactional email delivery (SMTP relay). Resend is the email provider behind Supabase Auth — it sends signup verification codes, password reset codes, and any future transactional emails (e.g. account notifications) to your inbox. When Coffeescribe needs to email you a 6-digit code, your email address and the code itself are passed to Resend so it can route the message to your mail server. We do not use Resend for marketing or product newsletters. Resend retains delivery logs (sender, recipient, subject, timestamp, delivery status) for approximately 30 days for deliverability and abuse-prevention purposes; message bodies are not retained beyond what is needed to deliver the message.

Resend Privacy Policy →

Vercel

Web hosting and serverless functions. Our application is hosted on Vercel's infrastructure, which may collect access logs and analytics.

Vercel Privacy Policy →

4. Data Retention

We retain your data for as long as necessary to provide our services:

Account Data

Until you delete your account

Book Content (private)

Until you delete the book or account

Book Content (public)

Retained in library on account deletion, re-attributed to "Deleted User"

Deleted Book Snapshots

Up to 90 days, then automatically and permanently purged

AI Generation Logs

Indefinite (billing audit trail)

Token Transactions

Indefinite (billing audit trail)

Audiobook Playback Position

Until you delete the scribe or account

Imported Source Files (Scribe Conversion)

Deleted after successful conversion (or after 7 days for abandoned uploads)

Publish-Consent Timestamps (Imports)

Retained for as long as the imported scribe is published, plus 90 days after take-down (audit trail)

Email Delivery Logs (Resend)

~30 days (sender, recipient, subject, timestamp, delivery status — message bodies not retained beyond delivery)

Hosting Logs

Per Vercel/Supabase policies

After account deletion, we may retain anonymised, aggregated usage statistics for analytics purposes.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

GDPR Rights (EU Users)

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

CCPA Rights (California Users)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising rights

How to Exercise Your Rights

  • Export Data: Use the profile settings to export your book data
  • Delete Books: Delete individual books from your dashboard
  • Delete Account: Use the "Danger Zone" in profile settings to delete your account
  • Other Requests: Email billing@coffeescribe.ai for other data requests

6. Data Security

We implement appropriate security measures to protect your data:

  • All data transmitted over HTTPS encryption
  • Passwords are hashed and never stored in plain text
  • Database access is restricted with row-level security policies
  • Regular security audits and updates
  • Authentication tokens with appropriate expiration
  • Payment data handled entirely by Paddle — we never store card details

While we take security seriously, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

7. Cookies and Local Storage

We use cookies and local storage for:

  • Authentication: Session cookies to keep you logged in
  • Preferences: Storing your theme preference (light/dark mode), and Workspace editor preferences such as whether you prefer the WYSIWYG view or Source (raw Markdown) view, and your chosen text size and alignment
  • Functionality: Maintaining application state and user experience

We do not use third-party tracking or advertising cookies.

Coffeescribe is built on a foundation of open-source software. For the full list of third-party packages we include and their licenses, see our Open Source Acknowledgements page.

8. Children's Privacy

Coffeescribe is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children under these ages. If you believe we have collected information from a child, please contact us immediately at billing@coffeescribe.ai so we can delete the data.

9. International Data Transfers

Your data may be processed in countries outside your residence, including the United States and other countries where our service providers operate. These countries may have different data protection laws. By using our service, you consent to the transfer of your data to these countries. We ensure appropriate safeguards are in place with our service providers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we may notify you via email or a prominent notice on our platform. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related inquiries, data requests, or to exercise your rights:

  • Data & privacy requests: billing@coffeescribe.ai
  • General support: Use the in-app feedback button
  • Postal address (data controller): 7sumcreations LLC, 1309 Coffeen Ave, Suite 1200, Sheridan, Wyoming 82801, USA

For data protection inquiries in the EU, you may also contact your local data protection authority.

This Privacy Policy should be read alongside our Terms of Service and AI Content Policy.