Make It Write - Privacy Policy

Last Updated: February 8, 2026 | App Version: 1.0.0

1. Introduction

Make It Write ("we", "our", "us") is owned and operated by Differson LLC. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Make It Write app ("Service").

By using Make It Write, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address (required for Firebase Authentication)
• Display name (username/author name)
• Profile image (optional, if uploaded)
• Password (securely hashed, never stored in plain text)
• Author bio (optional)

2.2 User-Generated Content

We collect and store:

• AI chat conversations (messages exchanged with the AI writing assistant)
• Book generation prompts (story concepts, character descriptions, plot outlines)
• Generated book manuscripts (AI-generated text, chapters, full books)
• User-written content (books you write manually, drafts, edits)
• Book metadata (titles, genres, word counts, publication dates)
• Cover images (if uploaded or generated)
• Author profile information (bio, published book count, reader statistics)
• Reading preferences (genres, writing styles, story themes)
• AI story preferences (tone, length, genre preferences for AI generation)

2.3 Payment Information (Future Feature)

Note: Make It Write does not currently process payments for in-app book sales. This section is for future monetization features.

If/when we introduce creator monetization, we may collect:

• Stripe Connect Account ID (generated by Stripe)
• Account verification status (pending or verified)
• Connection timestamp

Important: We do NOT store bank account numbers, credit card details, or full payment credentials. All payment processing is handled securely by Stripe.

2.4 Usage Data & Analytics

We automatically collect:

• Device information (iOS version, device model, device identifier)
• App usage patterns (features used, session duration, navigation paths)
• Reading data (books read, reading time, completion rates)
• Library activity (books favorited, authors blocked, content reported)
• Error logs (crash reports, API failures, technical diagnostics)
• IP address (for security and fraud prevention)

2.5 Firebase Services Data

We use Firebase services that collect:

• Authentication tokens (managed by Firebase Auth)
• Database operations (Firestore read/write logs)
• Storage access (file upload/download metadata)
• Analytics events (Firebase Analytics)
• Performance data (app load times, API response times)

2.6 Third-Party AI Services Data

Your interactions with AI services:

• OpenAI (GPT-4, GPT-4 Turbo): Chat messages, book generation prompts, story concepts, character descriptions
• Anthropic Claude (Planned): Enhanced creative writing prompts
• Stable Diffusion / DALL-E (Planned): Cover art generation prompts

Data processed by: OpenAI API, Anthropic API (planned). These services have their own privacy policies (see Section 9).

3. How We Use Your Information

3.1 Service Functionality

• Account Management: Authentication, profile management, account settings
• AI Features: Generate books, chat assistance, story development
• Book Library: Store, organize, and publish your books
• Reading Platform: Allow users to read published books from other authors
• Analytics: Track reads, favorites, and engagement metrics
• Content Moderation: Review reported content, enforce community guidelines
• Subscription Management: Track subscription tiers and feature access

3.2 Communication

• Service Updates: Important announcements, feature updates, new AI capabilities
• Support: Respond to inquiries sent to contact@differson.net
• Security Alerts: Unusual account activity, security issues, potential breaches
• Promotional: New features, writing tips, platform updates (opt-out available)

3.3 Service Improvement

• Analytics: Understand feature usage and user behavior
• Bug Fixes: Identify and resolve technical issues
• Feature Development: Improve existing features and develop new ones
• Performance Optimization: Enhance app speed and reliability
• AI Model Improvement: Use anonymized, aggregated data to improve AI book generation quality

3.4 Legal & Security

• Fraud Prevention: Detect fake accounts, abuse of AI generation limits
• Copyright Enforcement: Remove infringing content, respond to DMCA notices
• Terms Enforcement: Ensure compliance with Terms of Service
• Legal Compliance: Respond to valid legal requests, subpoenas, court orders
• Community Safety: Investigate harassment, hate speech, or harmful content

4. Data Storage & Security

4.1 Cloud Infrastructure

All data stored using Google Firebase:

• Firestore Database: Real-time database for user accounts, books, conversations (hosted by Google Cloud)
• Firebase Storage: Book manuscripts (text files), cover images, profile pictures, audio files (planned)
• Firebase Authentication: User account credentials and session tokens
• Server Location: United States (Google Cloud US data centers)

4.2 Security Measures

We implement industry-standard security:

• Encryption in Transit: HTTPS/TLS for all data transmission between your device and our servers
• Encryption at Rest: Firebase encrypts data on Google Cloud servers using AES-256
• Access Control: Firestore Security Rules restrict unauthorized access to user data
• Authentication: Firebase Auth with secure password hashing (bcrypt)
• API Keys: Stored securely using environment variables, never exposed in client code
• Regular Security Audits: Periodic review of security rules and access patterns

4.3 Access Restrictions

• User Data: Users can only access their own books, conversations, and profile data
• Published Books: Public books visible to all users, private books only to author
• Profile Images: Validated to prevent unauthorized uploads (file type, size restrictions)
• Admin Access: Limited to essential operations (content moderation, user support, abuse prevention)
• AI Provider Access: OpenAI receives only the specific prompts/messages you send (see Section 5.1)

4.4 Data Backups

• Firestore: Automatic daily backups by Google Firebase
• Storage Files: Redundant storage across multiple Google Cloud data centers
• Disaster Recovery: Google Cloud handles infrastructure resilience and 99.95% uptime SLA
• Backup Retention: Backups retained for 30 days

5. Data Sharing & Third Parties

5.1 Third-Party Services We Use

OpenAI (GPT-4, GPT-4 Turbo)

• Purpose: AI writing assistant, book generation, chat conversations, story development, character creation
• Data Shared: Your chat messages, book prompts, story concepts, and conversation history
• Privacy Policy: https://openai.com/policies/privacy-policy
• Data Retention: Subject to OpenAI's retention policy (30 days for API data as of 2024)
• Note: OpenAI may use data to improve their models unless you opt out (per their policy)

Firebase (Google)

• Purpose: Authentication, database, file storage, analytics, performance monitoring
• Data Shared: All user data (see Section 2)
• Privacy Policy: https://firebase.google.com/support/privacy
• Data Processing: Google processes data as a service provider under our instructions
• GDPR Compliance: Firebase is GDPR compliant with Standard Contractual Clauses (SCCs)

Stripe (Payment Processing - Future Feature)

• Purpose: Creator monetization payouts via Stripe Connect (when implemented)
• Data Shared: Stripe Connect Account ID only
• Privacy Policy: https://stripe.com/privacy
• Note: We do NOT store bank account details or payment tokens
• Security: All banking information secured by Stripe's PCI DSS Level 1 infrastructure

5.2 We Do NOT Sell Your Data

• We do not sell, rent, or trade your personal information to third parties
• We do not share data with advertisers or data brokers
• Third-party services used only for functionality, not monetization
• We do not use your books for marketing without your explicit permission

5.3 Legal Disclosures

We may disclose information if required by:

• Law Enforcement: Valid legal requests (subpoenas, court orders, warrants)
• Legal Obligations: Compliance with applicable laws (DMCA, copyright law, etc.)
• Safety: Prevent harm, fraud, illegal activities, or threats to public safety
• Rights Protection: Enforce our Terms of Service, investigate violations
• Corporate Transactions: In connection with a merger, acquisition, or sale of assets (users will be notified)

6. Your Privacy Rights

6.1 Access & Portability

You have the right to:

• Access your personal data stored in Make It Write
• Download your data: Request a copy of your data (email contact@differson.net)
• Export your books: Download all book manuscripts as text files
• View your conversation history: Access past AI chat conversations

6.2 Correction & Updates

You can:

• Update your profile information via Settings → Profile
• Correct inaccurate data by contacting us at contact@differson.net
• Change your email address through account settings
• Edit or update published books at any time

6.3 Deletion Rights (Right to be Forgotten)

You can:

• Delete Account: Via Settings → Account → "Delete Account"
• Request Data Deletion: Email contact@differson.net with subject "Data Deletion Request"

What Gets Deleted:

• Account information (email, username, password)
• Private conversations and chat history
• Unpublished book manuscripts and drafts
• Personal settings and preferences
• Profile images and author bio
• AI story preferences

What Remains (for legal/operational reasons):

• Published books (per license granted in Terms of Service) - anonymized after 90 days
• Public reading data (anonymized after 90 days)
• Transaction records (if applicable, required for financial compliance for 7 years)
• Reported content under investigation (legal hold)

6.4 Opt-Out Rights

You can:

• Email Communications: Unsubscribe via email footer links or Settings → Notifications
• Analytics: Disable analytics tracking in Settings → Privacy
• AI Services: Stop using AI features to prevent data sharing with OpenAI
• Push Notifications: Disable in device Settings → Make It Write → Notifications

6.5 GDPR Rights (EU Users)

If you are in the European Union, you have additional rights under GDPR:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to certain data processing activities
• Right to Withdraw Consent: Withdraw consent at any time (does not affect prior processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise GDPR rights: Email contact@differson.net with subject "GDPR Request". Response Time: We will respond within 30 days as required by GDPR.

6.6 CCPA Rights (California Users)

If you are a California resident, you have rights under CCPA:

• Right to Know: What personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Of sale of personal information (we do not sell data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights
• Right to Correct: Request correction of inaccurate information

To exercise CCPA rights: Email contact@differson.net with subject "CCPA Request". Response Time: We will respond within 45 days as required by CCPA.

7. Data Retention

7.1 Account Data

• Active Accounts: Retained indefinitely while account is active and in good standing
• Inactive Accounts: Retained for 2 years of inactivity, then auto-deleted (with email warning 30 days before)
• Deleted Accounts: Data removed within 30 days (except as noted below for legal/financial records)

7.2 Content Retention

• Unpublished Books: Deleted immediately when user deletes or account closes
• Published Books: Retained indefinitely per Terms of Service license; anonymized after account deletion
• Chat Conversations: Retained for 90 days, then auto-deleted
• AI Generation History: Retained for 30 days for debugging, then deleted
• Cached Content: Deleted after 24 hours

7.3 Financial Records (Future Feature)

When creator monetization is implemented:

• Payment Information: Retained for 7 years (tax/legal compliance)
• Transaction History: Retained for 7 years (financial audits, IRS requirements)
• Payout Calculations: Retained for 3 years (dispute resolution)

7.4 Legal Holds

Data may be retained longer if:

• Subject to legal investigation or litigation
• Required by court order or legal hold notice
• Part of ongoing dispute (copyright claim, Terms violation)
• Necessary for legal compliance (regulatory requirements)

8. Children's Privacy

8.1 Age Requirement

• Make It Write requires users to be 13 years or older
• We do not knowingly collect data from children under 13
• Age verification: Self-reported during account creation

8.2 Parental Consent

• Users aged 13-17 should obtain parental permission before using the Service
• Parents may request deletion of minor's data by contacting contact@differson.net
• Parents may review data associated with their child's account

8.3 COPPA Compliance

• We comply with the Children's Online Privacy Protection Act (COPPA)
• If we discover data from a child under 13, we will delete it immediately
• Parents will be notified if we discover underage account

To report underage users: Email contact@differson.net with subject "Underage Account Report"

9. Third-Party Links & Services

9.1 External Links

Make It Write may contain links to:

• OpenAI website (privacy policy, terms)
• Anthropic website (AI provider)
• Amazon Kindle Direct Publishing (self-publishing)
• Apple Books (distribution platform)
• Social media platforms (if books are shared)
• Other self-publishing resources

We are not responsible for the privacy practices of external websites.

9.2 Third-Party Privacy Policies

Review these policies separately:

• OpenAI: https://openai.com/policies/privacy-policy
• Anthropic: https://www.anthropic.com/privacy
• Firebase/Google: https://firebase.google.com/support/privacy
• Stripe: https://stripe.com/privacy

10. International Data Transfers

10.1 Data Location

• Primary Storage: United States (Google Cloud Firebase)
• Firebase Services: May process data globally across Google data centers
• AI Services: OpenAI (United States), Anthropic (United States)

10.2 Transfer Mechanisms

• EU-US Data Transfers: Firebase complies with GDPR via Standard Contractual Clauses (SCCs)
• Privacy Shield: Google participates in EU-US Data Privacy Framework
• Adequacy Decisions: We follow European Commission adequacy decisions where applicable

10.3 Non-US Users

By using Make It Write, you consent to:

• Data transfer to the United States and other countries where our service providers operate
• Processing by third-party services (OpenAI, Firebase) located in the US
• Storage on US-based servers (Google Cloud)

If you do not consent to international data transfers, you should not use the Service.

11. Security Incidents & Breach Notification

11.1 Our Commitment

We take security seriously and monitor for:

• Unauthorized access attempts (brute force, credential stuffing)
• Data breaches (unauthorized disclosure of personal information)
• System vulnerabilities (security patches, code audits)
• Suspicious activity (unusual login locations, mass data access)

11.2 Breach Notification

In the event of a data breach affecting personal information, we will:

1. Investigate the incident immediately (within 24 hours)
2. Contain the breach and prevent further unauthorized access
3. Notify Affected Users via email within 72 hours (GDPR requirement)
4. Report to Authorities as required by law
5. Provide Details about what data was affected and steps to protect yourself

11.3 What You Should Do

If you suspect unauthorized access to your account:

• Change Password immediately via Settings → Security
• Sign Out of all devices (Settings → Security → "Sign Out Everywhere")
• Contact Us: contact@differson.net with subject "Security Concern"
• Monitor Account: Check for unusual activity

12. Cookies & Tracking

12.1 Cookies

Make It Write is a native iOS app and does not use traditional web cookies.

12.2 Local Storage

We store data locally on your device:

• Authentication Tokens: For session management (secure keychain storage)
• Cached Content: Book text, images for offline reading and performance
• User Preferences: Settings, reading position, favorite books
• Temporary Files: Downloaded book manuscripts, cover images

12.3 Analytics

We use Firebase Analytics to collect:

• App Usage: Features used, session duration, navigation paths
• Device Info: iOS version, device model, screen size
• Crash Reports: Error logs for debugging (via Firebase Crashlytics)
• Performance Data: App load times, API response times

You can opt-out by: Settings → Privacy → "Disable Analytics"

12.4 Advertising

Make It Write does not currently display ads or use advertising trackers. If we introduce ads in the future, we will update this policy and provide opt-out options.

13. Changes to This Privacy Policy

13.1 Updates

We may update this Privacy Policy to reflect changes in:

• Our practices (new features, services)
• Legal requirements (new privacy laws, regulations)
• New AI providers or third-party services
• User feedback or security improvements

13.2 Notification

Material Changes: We will notify you via:

• Email to your registered address
• In-app notification (banner or popup)
• Prominent notice on login screen

Minor Changes: Updated on this page without notification (check "Last Updated" date)

13.3 Effective Date

• Changes effective immediately upon posting (unless otherwise stated)
• Continued use after changes constitutes acceptance
• Check this page regularly: Review "Last Updated" date at top

14. Contact Us

For privacy questions, concerns, or requests:

• Company: Differson LLC
• Email: contact@differson.net
• Legal Inquiries: jinashim@differson.net
• Website: www.differson.net

Subject Line Suggestions:

• "Privacy Inquiry"
• "Data Deletion Request"
• "Data Access Request"
• "GDPR Request" (EU users)
• "CCPA Request" (California users)
• "Security Concern"
• "Underage Account Report"

Response Time: We aim to respond within 7 business days (30 days for GDPR/CCPA requests)

15. Summary of Key Points

Your Rights:

• ✓ Access your data
• ✓ Correct inaccurate data
• ✓ Delete your account
• ✓ Export your books and data
• ✓ Opt-out of emails and analytics
• ✓ GDPR/CCPA rights (if applicable)
• ✓ Withdraw consent at any time

We Do NOT:

• ✗ Sell your data
• ✗ Share data with advertisers
• ✗ Store payment credentials (handled by Stripe)
• ✗ Collect data from children under 13
• ✗ Use your books for marketing without permission
• ✗ Share your unpublished work with third parties

Data Retention:

• Active accounts: Indefinitely
• Inactive accounts: 2 years, then deleted
• Chat conversations: 90 days
• Published books: Indefinitely (anonymized after account deletion)
• Financial records: 7 years (when applicable)

Security Measures:

• 🔒 Encryption in transit (HTTPS/TLS)
• 🔒 Encryption at rest (AES-256)
• 🔒 Secure authentication (Firebase Auth with bcrypt)
• 🔒 Access controls (Firestore Security Rules)
• 🔒 Regular security audits

© 2026 Differson LLC. All rights reserved.