Privacy Policy

SammyWrites is operated from Brisbane, Queensland, Australia. For the purposes of the EU/UK General Data Protection Regulation, we are the controller of the personal data described in this policy.

Privacy questions or requests: [email protected].

We collect only what we need to run the Service:

• Account data. When you sign in with Google we receive your name, email address, and your Google account identifier. We store these so we can identify you across sessions.
• Billing data. When you buy a plan, Stripe collects your payment details. We never see your full card number. We store the Stripe customer ID, plan and subscription state, credit balance, and billing-cycle metadata.
• Your content. The keywords, briefs, and writing samples you submit, the articles we generate for you, your SEO and internal-linking settings, and any sites you connect for publishing.
• Technical data. IP address, user-agent string, request timestamps, and similar log data. We use this to keep the Service running, enforce rate limits, investigate abuse, and debug.

• To generate the articles and run the features you asked for.
• To create and manage your account, credits, settings, and history.
• To bill you, manage your plan, and send transactional email (e.g. article-ready or billing notifications).
• To secure the Service, detect and prevent abuse, and enforce our Terms.
• To meet legal, tax, and accounting obligations.

We do not use your content to train our models. The writing samples and other material you submit are used only to produce your output and to operate the Service for you.

If you are in the EU or the UK, we process your personal data on the following bases:

• Contract. To deliver the Service you signed up for.
• Legitimate interests. To secure the Service and prevent abuse. We balance these against your rights and you can object at any time.
• Consent. Where required by law - for example, if we add optional analytics or marketing cookies in future, we will ask first.
• Legal obligation. Where the law requires us to keep records or respond to lawful requests.

We share your data with vendors who help us operate the Service. We pick vendors that offer contractual data-protection terms appropriate to the data they handle, and we use them only for the purposes listed:

• Google - sign-in (OAuth).
• Stripe - payments and subscription management.
• Cloud hosting & GPU/inference providers - compute for article generation.
• Third-party LLM providers (e.g. Anthropic, OpenAI) - model inference for some pipeline passes.
• Search-data providers - live ranking and SERP data used to structure articles.
• CMS platforms you connect (e.g. WordPress) - only to publish articles you choose to publish.
• Email provider - transactional email.

We may also share data when required by law, in response to a valid legal request, to protect the rights or safety of SammyWrites, our users, or the public, or in connection with a corporate transaction such as a merger or acquisition (in which case we will give notice of any change in controller).

We do not sell your personal information, and we do not share it for cross-context behavioural advertising.

SammyWrites is based in Australia. Some of our vendors process data in the United States, the European Union, and other countries. Where we transfer personal data out of the EU, the UK, or Australia, we rely on the Standard Contractual Clauses (or the relevant equivalent) and on the protections offered by the receiving vendor.

We do not operate to a fixed retention schedule. We keep your data for as long as your account is active, and for as long as we need it to run the Service, meet legal and accounting obligations, resolve disputes, and enforce our Terms.

You can ask us to delete your data at any time and we will action your request. Email [email protected] with the email address tied to your account. Some data may persist after deletion - for example, where backups have not yet rotated, or where we are required by law to keep a record.

Wherever you are, you can ask us to:

• Confirm whether we hold personal data about you and give you a copy.
• Correct inaccurate personal data.
• Delete your personal data.
• Provide a portable copy of the data you gave us.
• Stop or restrict certain processing.
• Withdraw any consent you previously gave.

To exercise any of these rights, email [email protected] from the email address on your account. We will respond within the time required by the law that applies to you, and at most within 30 days.

In addition to the rights in Section 8, you have the right to lodge a complaint with your local data protection supervisory authority. We do not currently have a designated EU representative under Article 27 GDPR; if that changes we will update this policy.

If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to know the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of recipients.
• Right to delete personal information we have collected from you.
• Right to correct inaccurate personal information.
• Right to limit the use of sensitive personal information (we do not currently use sensitive personal information beyond what is necessary to provide the Service).
• Right to non-discrimination for exercising any of these rights.

Categories of personal information we have collected in the last 12 months: identifiers (name, email, account ID), commercial information (plan and credit state), internet or other electronic network activity (request logs), and content you provide (keywords, briefs, writing samples, generated articles).

We do not sell personal information and we do not share it for cross-context behavioural advertising, as those terms are defined under the CPRA. To exercise any right above, email [email protected].

We handle personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). If you have a complaint about how we handle your personal information, please contact us first at [email protected]. If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

SammyWrites is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. In the EU and the UK, the minimum age is 16 unless a parent or legal guardian has consented. If you believe a child has given us personal information without authorisation, contact us and we will delete it.

We use a small set of essential cookies and browser storage:

• An authentication session cookie to keep you signed in.
• Cookies set by Stripe during Checkout and the Customer Portal.
• Browser storage for UI preferences and the sign-in flow.

We do not currently run analytics, advertising, or tracking cookies. If we add any in future, we will surface a consent control before they fire and update this policy.

We use TLS in transit and encryption at rest for our database and object storage. Our database enforces row-level security so an authenticated user can only read their own rows. Stripe handles card data on its own systems; we never see card numbers. No system is perfectly secure - if you notice a vulnerability, please tell us at [email protected].

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. Material changes will be flagged in-app or by email. Continuing to use the Service after a change takes effect means you accept the updated policy.

SammyWrites - Brisbane, Queensland, Australia.
Privacy contact: [email protected].

See also our Terms & Conditions.