Last updated: July 2026 (updated 10 Jul — W52B Writing Prompts Editor: you can now view and edit the AI writing instructions CoffeeScribe uses — either as a saved default for a genre/content-type/age/level/style/tone combination (Settings → Writing Prompts) or as a one-off rewrite for a single book (a book's "Edit writing prompt" button). Your saved edits are stored in a new owner-only user_prompt_overrides table (versioned, RLS-protected, cascade-deleted with your account) and a new custom_writing_prompt column on your book; no new category of data beyond content you author, and no new third-party service — edited prompts are still sent to OpenRouter as part of the same prompt already covered below. See §1 and §4. Also updated 10 Jul — W39 Strip Pro/Creator Tiers: previously Pro/Creator-only research tools (Apify social/scholar Actors, Identifier Paste, Find the Truth) are now available to every signed-in user, gated only by token balance and the same per-Cafe consent as before — no new external providers, no new data categories. See §3 Apify and §3 Research Mode below. The Free-tier vs paid-tier AI-training-data distinction described in §2 and §3 OpenRouter is unchanged by W39. Prior entry: updated 07 Jul — W34.4 Polar Payments: Paddle is replaced by Polar as our Merchant of Record for one-time token-pack purchases; your name, email, and payment information for a purchase go to Polar and its downstream card processor Stripe — Coffeescribe never stores card data; see §3 Polar below. Prior entry: updated 6 Jul — W51 Book-Grade PDF Export: the optional "Customise with AI" / "Enhance with AI" design pass sends a clamped book excerpt (chapter titles, description, ~400 chars/section) plus any typed design instructions to OpenRouter to receive a PDF design specification (accent, chapter labels/intros, pull-quotes, cover copy); owner-only, token-billed, saved on the book as pdf_design_spec — no new category of personal data. Quick Download and the plain Preview & Customise page make no model calls. See §3 OpenRouter below. Prior entry: updated 3 Jul — W1.11 Find the Truth: a new Pro/Creator claim-verdict feature and an ungated Claim Evidence Matrix view. No new external providers — reuses the existing OpenRouter, OpenAlex/arXiv/PubMed, Apify news, and Wikipedia paths already described below. Adds three new tables (cafe_claims, cafe_claim_evidence, cafe_truth_runs) storing claim text, evidence quotes/urls, and verdict scores — no new categories of personal data, private to your Cafe, cascade-deleted with the Cafe or account. Earlier: updated 12 Jun — W40 "Show, Don't Tell": adds two further anonymous OpenRouter calls on the homepage — word definition lookup and passage Q&A ("Ask AI") in the read beat, both gated behind having brewed, both stateless (no DB writes); typed question text and highlighted word/phrase are forwarded to OpenRouter; see §3 OpenRouter below. Earlier: updated 11 Jun — W37 Landing Refresh: anonymous Brew Preview widget on homepage makes platform-key OpenRouter calls for visitors with no account; preview_scribes table stores AI-generated content + topic tied to an unverified email when a visitor joins the waitlist after brewing — email is not verified at write time and the row is only claimed at first verified signup; see §1 and §3 below)
Coffeescribe is operated by 7sumcreations LLC, a Wyoming limited liability company with registered address at 1309 Coffeen Ave, Suite 1200, Sheridan, Wyoming 82801, USA ("Company", "we", "our", "us"), which is the data controller for personal information collected through the Service. "Coffeescribe" is a trade name (DBA) of 7sumcreations LLC. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered book creation platform. Please read this policy carefully to understand our practices regarding your personal data.
We never sell your personal data. We never share personal data with third parties for their own marketing purposes.
user_prompt_overrides table with row-level security (only your account can read or modify your own rows) — every save keeps the prior version so you can view history and revert. A per-book edit is stored directly on that book as a custom_writing_prompt column. Both are entirely optional; leaving them unedited means CoffeeScribe's default writing instructions are used. This is content you author, handled the same way as your book content — see Third-Party Services for what happens when a prompt (edited or default) is sent to generate a book.preview_scribes table. The email address is unverified at the time of storage — we cannot confirm the visitor owns it until they complete a verified signup. This data is stored with service-role access only (no authenticated user can read another person's preview rows via the API). When a person later creates a verified account with the same email, the stored brew is converted into a real draft scribe in their library and the row is marked claimed. Unclaimed rows are not linked to any account and are not exported as part of a user data export (there is no account to export from). If you submitted an email to the waitlist brew form but do not intend to create an account, email billing@coffeescribe.ai to request deletion of the row.We use your information for the following purposes:
We do not train AI models on your content.Your prompts, your books, your research notes, and your uploaded documents are never used to train our own models or any third-party model on our behalf. If we ever decide to offer an opt-in option to use de-identified content for training future versions of our own models, we will give active users advance notice and an explicit opt-in — nothing changes without your consent.
Separately, when you send a prompt to an AI model via Coffeescribe, the prompt is forwarded to our AI provider (OpenRouter) for processing. OpenRouter and the underlying model provider may, depending on the model and tier you select, use prompts for their own training — see the OpenRouter section below for details. This is independent of Coffeescribe and governed by their privacy policy.
We use the following third-party services to operate Coffeescribe:
Database hosting, authentication, and file storage. Your account data, books, and preferences are stored securely on Supabase infrastructure.
Supabase Privacy Policy →AI model routing and inference. Your prompts and book content are processed through OpenRouter to generate AI content. Free tier prompts may be used for model training by underlying providers. Paid tier prompts are not shared for training. When you enable Web Search for a scribe, OpenRouter's web search plugin queries third-party search providers and returns source URLs and titles, which Coffeescribe stores as citations. Clicking a citation opens the third-party URL in a new tab — we do not proxy or auto-fetch these URLs on your behalf.
PDF Design Pass — “Customise with AI” (W51):If you press “Customise with AI” or “Enhance with AI” when exporting a scribe as a PDF, we send a clamped excerpt of your book — chapter titles, your book description, and roughly the first 400 characters of each section (never the full text) — plus any optional design instructions you type, to OpenRouter. The model returns a design specification (an accent colour, short chapter labels, optional chapter intros and pull-quotes, and cover copy) that our own code uses to lay out the PDF — the model never generates or touches the PDF file itself, and pull-quotes are validated server-side to be verbatim excerpts of your own text. This is owner-only and token-billed, and the resulting design is saved on the book (pdf_design_spec) so re-exports don't re-send your text. Quick Download and the plain Preview & Customise page never send your book to a model— only this explicit “Customise with AI” action does.
Anonymous Brew Preview calls (W37 + W40):The homepage Brew Preview widget makes OpenRouter API calls on behalf of anonymous visitors who have no Coffeescribe account. These calls use Coffeescribe's own platform API key — no visitor account or personal data is included in the request. The following text inputs from visitors are forwarded to OpenRouter:
All three call types use Coffeescribe's platform key. No visitor-identifying information is sent. Define and Ask AI are gated behind having brewed a section and are subject to small per-session caps. These anonymous calls are subject to OpenRouter's privacy policy for platform/API-key calls.
OpenRouter Privacy Policy →Payment processing for one-time token-pack purchases. Polar is our Merchant of Record: when you buy a token pack, Polar receives your name, email address, and payment information to process the transaction, and handles billing, sales tax/VAT/GST, receipts, and order-related inquiries and returns. Polar uses Stripe as its downstream card processor. Coffeescribe never receives or stores your payment card details. After your first purchase you can open the Polar customer portal from Settings to view invoices and manage your payment method.
Polar Privacy Policy →Optical character recognition for scanned PDFs uploaded via Scribe Conversion. When you upload a PDF that contains no embedded text (a scan or image-only PDF), we send the page images to Mistral's OCR API to extract the text. Mistral receives only the file bytes of your upload — no account information, no email, and nothing else. The OCR cost is billed to your token allowance and is shown in the cost preview before you commit. We do not send Mistral any content from your already-created scribes, your research, your notes, or any other part of your account.
Mistral Privacy Policy →Web scraping and data extraction for Research Mode. When you extract YouTube transcripts, scrape web pages, run an optional Apify Actor search (Google Scholar, Twitter/X, Reddit, LinkedIn, Instagram, TikTok, YouTube Search, or News search) in a Cafe, or enable those tools in Auto-Research, your search query or URL is sent to Apify for content extraction. No personal data is shared — only the query or URL you provide.
Social-network and Scholar Actors (LinkedIn, Instagram, TikTok, Twitter/X, Reddit, Google Scholar): These Actors are opt-in and require explicit per-Cafe consent before use. They are available to every signed-in user. Consent is enforced both in the UI and server-side in the Auto-Research agent executor — a step that lacks consent is skipped and surfaced as a skipped step, never silently discarded. When enabled, your search query is forwarded to Apify, which runs the Actor on its own infrastructure. Your query is not attributed to your personal account on those platforms. We store the consent timestamp in the cafe_actor_consents table (per Cafe, per Actor) as an audit record. Consent records are deleted when you delete the Cafe or your account.
News search and Wikipedia: The News search tool uses a platform-pinned Apify actor and is available to every signed-in user via Auto-Research (no per-actor consent row). Wikipedia uses the free MediaWiki REST API directly (no Apify, no consent).
Third-party platform terms:The social and scholar tools access content that is subject to each platform's own terms of service. By enabling a consent-gated tool you acknowledge this. Relevant terms: Reddit, Google (Scholar), X/Twitter, Instagram, LinkedIn, TikTok. An AUP / indemnification clause covering automated access is a planned legal follow-up and is not yet included in these terms.
Apify Privacy Policy →Academic paper search and identifier enrichment for Research Mode. When you search academic databases or paste an identifier (DOI, ISBN, PMID, arXiv ID, ISSN, or URL) in a Cafe, the identifier or query is sent to the relevant resolver.
No personal data (name, email, account ID) is shared with any of these services — only the search query or identifier you provide.
Your uploaded documents, notebook imports, and curated Serving Tray notes are stored only on our servers — the original files and notes themselves are never sent to external services. Text extraction (PDF, DOCX) and embedding vector generation both run entirely on our servers using an open-source model. However, when you actively use a feature that needs an external AI service, the following limited extracts are sent out:
cafe_artefacts row (private to your Cafe). Hard-capped at $1 per run.cafe_artefacts row. Hard-capped at $0.50 per run; soft 5-minute rate-limit between runs.is_shared flag and a share_token UUID on the cafe_artefacts row. Other authenticated Coffeescribe users who open the share link can read the report body, citations, and bibliography. The share token is deleted (and sharing is immediately revoked) when you toggle sharing off. Both fields are deleted when you delete the report, the parent Cafe, or your account. Recipients must be signed in — no anonymous access is granted. The content of the report (AI-generated prose) is not sent to external services as part of sharing; sharing is internal to the Coffeescribe platform onlycafe_actor_consents row (Cafe ID, Actor ID, timestamp) as an audit record. These records are deleted when you delete the Cafe or your account.cafe_sources row of type manual_entry containing the fields you typed (authors, title, journal, year, etc.). These rows are private to your Cafe and deleted with the Cafe or account.cafe_claims, cafe_claim_evidence, and cafe_truth_runs rows, private to your Cafe. The Claim Evidence Matrix (/research/[cafeId]/claims) is a read view of this same data and is available to every signed-in user — viewing it makes no external calls. The optional “Refine independence” pass sends ambiguous source pairs to OpenRouter to judge original-vs-relay provenance; it requires your explicit consent per run and the result is persisted so a claim is never re-analysed twice.Transactional email delivery. Coffeescribe uses Resend to send the following types of email:
We do not use Resend for third-party marketing or advertising. Resend retains delivery logs (sender, recipient, subject, timestamp, delivery status) for approximately 30 days for deliverability and abuse-prevention purposes; message bodies are not retained beyond what is needed to deliver the message.
Resend Privacy Policy →If you add your own API key for a provider in Settings → API Keys, your requests for that provider will be made directly to that provider using your key. This means:
Coffeescribe encrypts your key at rest (AES-256-GCM) and never shares it with any other party. The key is transmitted to the provider only at the time of the API call it is meant to authorise. Your key is never returned to your browser in plaintext after saving — only the last four characters are displayed. If you remove a key from Settings, the encrypted record is permanently deleted and future requests fall back to the platform key.
When you use a BYOK provider, your data-handling relationship for those calls is governed by that provider's privacy policy, not Coffeescribe's. Review the relevant policies before adding a key.
Web hosting and serverless functions. Our application is hosted on Vercel's infrastructure, which may collect access logs and analytics.
Vercel Privacy Policy →We retain your data for as long as necessary to provide our services:
| Data Type | Retention Period |
|---|---|
| Account Data | Until you delete your account |
| Book Content (private) | Until you delete the book or account |
| Book Content (public) | Retained in library on account deletion, re-attributed to "Deleted User" |
| Deleted Book Snapshots | Up to 90 days, then automatically and permanently purged |
| AI Generation Logs | Indefinite (billing audit trail) |
| Token Transactions | Indefinite (billing audit trail) |
| Audiobook Playback Position | Until you delete the scribe or account |
| Imported Source Files (Scribe Conversion) | Deleted after successful conversion (or after 7 days for abandoned uploads) |
| Publish-Consent Timestamps (Imports) | Retained for as long as the imported scribe is published, plus 90 days after take-down (audit trail) |
| Apify Actor Consent Records | Until you delete the Cafe or your account (cascade delete) |
| PubMed Abstracts + MeSH Terms (cafe_sources columns) | Until you delete the source, the Cafe, or your account |
| Auto-Write Reports + Conflict Reports (cafe_artefacts) | Until you delete the artefact, the Cafe, or your account |
| Report Share Token (cafe_artefacts.share_token) | Until you toggle sharing off, delete the report, delete the Cafe, or delete your account — whichever comes first |
| Manual Citation Entries (cafe_sources type=manual_entry) | Until you delete the source, the Cafe, or your account |
| Brew Preview rows (preview_scribes — unclaimed) | Retained until claimed at verified signup, or until deleted on request (email billing@coffeescribe.ai). Not linked to any account until claimed; not included in account data exports. |
| Brew Preview rows (preview_scribes — claimed) | Row is marked claimed (claimed_customer_id, claimed_at set). The converted draft scribe follows standard Book Content retention. The preview_scribes row itself is retained as an audit trail and deleted when the account is deleted. |
| Find the Truth Claims & Evidence (cafe_claims / cafe_claim_evidence / cafe_truth_runs) | Until you delete the claim's Cafe or your account (cascade delete) |
| Email Delivery Logs (Resend) | ~30 days (sender, recipient, subject, timestamp, delivery status — message bodies not retained beyond delivery) |
| Provider API Keys (BYOK — encrypted) | Until you remove the key from Settings → API Keys or delete your account (cascade delete) |
| Custom Writing Prompts — Settings defaults (user_prompt_overrides) | Until you Reset to default or delete your account (cascade delete). Superseded versions are kept for your own version history and revert. |
| Custom Writing Prompts — per-book (bookDetails.custom_writing_prompt) | Until you Reset to default, delete the book, or delete your account — follows standard Book Content retention |
| Hosting Logs | Per Vercel/Supabase policies |
Account Data
Until you delete your account
Book Content (private)
Until you delete the book or account
Book Content (public)
Retained in library on account deletion, re-attributed to "Deleted User"
Deleted Book Snapshots
Up to 90 days, then automatically and permanently purged
AI Generation Logs
Indefinite (billing audit trail)
Token Transactions
Indefinite (billing audit trail)
Audiobook Playback Position
Until you delete the scribe or account
Imported Source Files (Scribe Conversion)
Deleted after successful conversion (or after 7 days for abandoned uploads)
Publish-Consent Timestamps (Imports)
Retained for as long as the imported scribe is published, plus 90 days after take-down (audit trail)
Apify Actor Consent Records
Until you delete the Cafe or your account (cascade delete)
PubMed Abstracts + MeSH Terms
Until you delete the source, the Cafe, or your account
Auto-Write + Conflict Reports (cafe_artefacts)
Until you delete the artefact, the Cafe, or your account
Report Share Token (cafe_artefacts.share_token)
Until you toggle sharing off, delete the report, delete the Cafe, or delete your account — whichever comes first
Manual Citation Entries
Until you delete the source, the Cafe, or your account
Brew Preview rows (preview_scribes — unclaimed)
Retained until claimed at verified signup, or until deleted on request (email billing@coffeescribe.ai). Not linked to any account until claimed.
Brew Preview rows (preview_scribes — claimed)
Row marked claimed; converted draft scribe follows standard Book Content retention. The preview_scribes row is deleted when the account is deleted.
Email Delivery Logs (Resend)
~30 days (sender, recipient, subject, timestamp, delivery status — message bodies not retained beyond delivery)
Provider API Keys (BYOK — encrypted)
Until you remove the key from Settings → API Keys or delete your account
Custom Writing Prompts — Settings defaults
Until you Reset to default or delete your account (cascade delete). Prior versions kept for your history/revert.
Custom Writing Prompts — per-book
Until you Reset to default, delete the book, or delete your account
Hosting Logs
Per Vercel/Supabase policies
After account deletion, we may retain anonymised, aggregated usage statistics for analytics purposes.
Depending on your location, you may have the following rights regarding your personal data:
We implement appropriate security measures to protect your data:
While we take security seriously, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.
Coffeescribe is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children under these ages. If you believe we have collected information from a child, please contact us immediately at billing@coffeescribe.ai so we can delete the data.
Your data may be processed in countries outside your residence, including the United States and other countries where our service providers operate. These countries may have different data protection laws. By using our service, you consent to the transfer of your data to these countries. We ensure appropriate safeguards are in place with our service providers.
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we may notify you via email or a prominent notice on our platform. Continued use of the service after changes constitutes acceptance of the updated policy.
For privacy-related inquiries, data requests, or to exercise your rights:
For data protection inquiries in the EU, you may also contact your local data protection authority.
This Privacy Policy should be read alongside our Terms of Service and AI Content Policy.