Privacy Policy

Last updated: 2026-05-06

This Privacy Policy explains how Writz (“Writz,” “we,” “us,” or “our”), operated by Writz About Life LLC in Florida, United States, collects, uses, shares, and protects your personal information when you use writzstudio.com (the “Service”), and the rights you have. It applies to all users of the Service.

If you have questions about this Policy, contact brett.gordon@writzaboutlife.com.

1. Information we collect

1.1 Information you provide.

• Account information: email address, name, hashed password, profile photo (optional), public display name, biography (Freelancers).
• Content: manuscripts, voice samples, cover art, audio files, listings, descriptions, messages, and any other material you upload, generate, or publish through the Service.
• Voice biometric data: if you train a voice model, the audio samples and the derived voice model. See Section 5 below for details.
• Payment information: handled by Stripe. We do not see or store your full card number, bank account number, or government tax ID. We store a Stripe customer ID, subscription status, and limited transaction metadata (date, amount, last 4 digits, billing country).
• Communications: messages you send to us (support, abuse reports), and between users on the platform.

1.2 Information collected automatically.

• Usage data: generations performed, voice training minutes, listings created, books purchased or downloaded, login timestamps, feature usage.
• Device & log data: IP address, browser type and version, operating system, language preference, referring URL, request timestamps, and error logs.
• Cookies and similar technologies: see Section 4.

1.3 Information from third parties. If you sign in via Google, we receive your name, email, and a unique identifier from Google. We do not receive your password.

2. How we use information

We use information to:

• Provide, operate, and improve the Service;
• Authenticate you, secure accounts, and prevent fraud or abuse;
• Process payments and disburse Marketplace earnings;
• Generate, store, and serve AI-narrated audio you create;
• Enforce usage limits, plan tiers, and acceptable-use rules;
• Send transactional email (receipts, password resets, security alerts, service notices) — you cannot opt out of these while you have an account;
• Send occasional product updates and offers — you can opt out (Section 9);
• Respond to legal process, comply with law, and protect our rights;
• Conduct analytics on aggregate, non-identifying usage patterns to improve the Service.

We do not sell your personal information as “sale” is defined under the California Consumer Privacy Act, and we do not share it for cross-context behavioral advertising. We do not run advertising on the Service.

3. How we share information

3.1 With other users. Information you choose to publish (listings, public profile, books, reviews) is visible to other users and the public. Be deliberate about what you publish.

3.2 With sub-processors. We share information with the following third-party service providers as needed to operate the Service. These providers are contractually obligated to protect your information and use it only for the purposes we direct:

• Railway — application hosting, Postgres database (United States).
• Stripe — payments, subscription billing, Connect Marketplace payouts, identity verification (United States, Ireland for EU residents).
• Cloudflare — CDN, DDoS protection, R2 object storage for large files and avatars (United States, global edge).
• Resend — transactional email delivery (United States).
• Anthropic — AI text processing, feedback summarization, and support assistance. Anthropic processes only the data required for each request and, per our agreement, does not train on customer data.
• RunPod — GPU compute for AI narration generation and voice training (United States).
• Google OAuth — only if you sign in with Google.
• Dropbox — only if you connect Dropbox from your account page to use it as a secure file bridge for Freelancer Marketplace orders. Files uploaded through orders are stored in your own Dropbox under /Writz Studio/. You can disconnect at any time.

3.3 For legal reasons. We may share information when we believe in good faith it is necessary to: comply with law, regulation, legal process, or governmental request; enforce our Terms; detect, prevent, or address fraud, security, or technical issues; or protect the rights, property, or safety of Writz, our users, or the public. Where the matter involves child sexual abuse material, we will report it to the National Center for Missing & Exploited Children (NCMEC) and law enforcement as required by 18 U.S.C. §2258A.

3.4 In a business transfer. If Writz is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your information.

3.5 With your consent. We will share information for any other purpose disclosed at the time you provide it, with your consent.

4. Cookies & tracking technologies

We use a small number of cookies. We do not use third-party advertising trackers, social-media pixels, or cross-site behavioral advertising.

• Session cookie (essential): keeps you logged in. HTTP-only, Secure, SameSite=Lax. Expires when you log out or after a period of inactivity.
• CSRF token (essential): protects against cross-site request forgery on form submissions.
• Preference cookies (functional): remember settings such as theme or playback volume.
• Cloudflare cookies (essential): identify trusted web traffic and prevent abuse. See Cloudflare’s documentation for details.

You can disable cookies in your browser, but parts of the Service (in particular login) will not function without the essential cookies.

Do Not Track. Our Service does not currently respond to “Do Not Track” signals from browsers, because no common standard for them has been finalized. We do not engage in cross-site tracking.

5. Voice biometric data (BIPA, CUBI & similar laws)

The Service permits you to train an AI voice model from audio samples. The samples and the resulting voice model may constitute “biometric identifiers” or “biometric information” under laws such as the Illinois Biometric Information Privacy Act (740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act, the Washington H.B. 1493 biometric statute, and similar laws in other jurisdictions.

Notice and consent. By submitting voice samples and confirming the training prompt, you provide written consent to our collection, storage, and processing of those samples and the derived voice model.

Purpose. Voice biometric data is collected solely to: (a) generate synthetic audio narration through the Service at your direction; (b) operate and improve the voice models you train; and (c) comply with our legal obligations.

Retention schedule. Voice samples and voice models are retained for as long as you maintain an active account or until you delete them. On deletion (whether by you or on account closure), we destroy the samples and the model within thirty (30) days, except where retention is required by law. We never sell, lease, trade, or otherwise profit from voice biometric data.

Third-party voices. If you train a voice model on a person other than yourself, you must have that person’s express written consent meeting the requirements of all biometric laws applicable to their residence at the time of recording. You are solely responsible for obtaining that consent and may be required to provide proof on request.

6. AI processing of your content

When you use AI features (AI narration, AI cover description, AI support assistance), the relevant input is sent to our AI sub-processor (currently Anthropic) only for the duration of that request. Per our agreement with Anthropic, your inputs are not used to train Anthropic’s models. We do not share your private content with AI providers unless you actively trigger an AI feature on it. We retain prompts and outputs only as needed to deliver the feature and to investigate abuse.

7. Data retention

We retain personal information for as long as your account is active or as needed to provide the Service. After account closure:

• Account info and User Content are deleted within thirty (30) days;
• Voice biometric data is deleted within thirty (30) days (Section 5);
• Financial records, invoices, and tax-related transaction logs are retained for up to seven (7) years to comply with tax and accounting laws;
• Backups containing your data are overwritten on a rolling basis (typically within ninety (90) days);
• Legal hold data (e.g. data subject to a subpoena or active legal claim) is retained until the legal matter is resolved.

8. Data security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. Measures include: encryption in transit (HTTPS / TLS 1.2+); password hashing using industry-standard algorithms; HTTP-only, Secure, SameSite session cookies; least-privilege access controls; logging and monitoring; and regular review of vendor practices.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for using a unique, strong password.

Breach notification. If we discover a security incident affecting personal information, we will notify affected users and applicable regulators without undue delay and in any case within the time required by law (for example, within seventy-two (72) hours of awareness for incidents covered by GDPR Article 33).

9. Your privacy rights

Regardless of where you live, you may:

• Access personal information we hold about you;
• Correct inaccurate information from your account page or by request;
• Delete your account and User Content via your account page;
• Opt out of marketing email at any time using the unsubscribe link or by emailing us. (Transactional email cannot be opted out of while your account is active.)
• Export your data in machine-readable form on request.

To make a request, email brett.gordon@writzaboutlife.com with subject line “privacy request.” We respond within thirty (30) days (forty-five (45) days for complex requests, with notice). We will verify your identity before fulfilling a request, typically by requiring you to confirm from your account email address.

10. California privacy rights (CCPA / CPRA)

If you are a California resident, you have the rights described in Section 9 above plus the following under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to know categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it (this Policy provides those disclosures);
• Right to delete personal information we have collected from you, subject to legal exceptions;
• Right to correct inaccurate personal information;
• Right to opt out of “sale” or “sharing” of personal information. We do not sell or share personal information for cross-context behavioral advertising, so this right is not implicated, but you may confirm by emailing us;
• Right to limit use of sensitive personal information. We treat voice biometric data as sensitive and use it only for the purposes described in Section 5;
• Right to non-discrimination for exercising these rights. We will not deny service, charge different prices, or provide a different quality because you exercised a privacy right.

You may designate an authorized agent to make a request on your behalf. We may require proof of authorization and identity verification.

11. EU / UK / Swiss privacy rights (GDPR & UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (or its UK / Swiss equivalent) applies and you have the following additional rights:

• Right of access (Art. 15);
• Right to rectification (Art. 16);
• Right to erasure (“right to be forgotten”) (Art. 17);
• Right to restriction of processing (Art. 18);
• Right to data portability (Art. 20);
• Right to object to processing (Art. 21);
• Right not to be subject to a decision based solely on automated processing, including profiling (Art. 22). The Service does not make automated decisions that produce legal or similarly significant effects on users.
• Right to lodge a complaint with your local supervisory authority.

Legal bases. We process personal information on the following bases: performance of a contract (to provide the Service); legitimate interests (security, fraud prevention, improvement of the Service, communicating with users); consent (voice biometric data, marketing email, optional features); and legal obligation (tax records, response to lawful process).

International transfers. Personal information of EEA, UK, and Swiss users is transferred to and stored in the United States, where most of our infrastructure is located. We rely on the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable) with our U.S. sub-processors as a safeguard for these transfers.

12. Children’s privacy

The Service is not intended for users under eighteen (18) years of age. We do not knowingly collect personal information from children under thirteen (13) and, in compliance with the Children’s Online Privacy Protection Act (COPPA), will delete any such information we discover and terminate the related account. If you believe a child under 13 has provided us information, contact us at the email above.

13. Marketing communications

We may send occasional product updates, feature announcements, and newsletters. Every such email contains an unsubscribe link, and you may also opt out by emailing us. Unsubscribing from marketing email does not opt you out of transactional email related to your account, billing, or security.

14. Third-party links and services

The Service may contain links to third-party sites or integrate with third-party services (such as Stripe checkout, Google sign-in if you choose it, and Dropbox if you connect it for Freelancer order file transfers). Their privacy practices are governed by their own policies. We encourage you to read those policies before sharing information with third parties.

15. Changes to this Policy

We may update this Policy. The “last updated” date at the top reflects the most recent change. Material changes will be announced on the site and, where reasonable, by email at least fourteen (14) days before they take effect. Continued use of the Service after the effective date is your acceptance.

16. Contact

For privacy questions, requests, or to report a security concern:
Email: brett.gordon@writzaboutlife.com
Subject line: “privacy request,” “data export,” or “security report”
Mailing address: 1200 Fourth Street #1121, Key West, FL 33040, United States
Response time: within thirty (30) days (forty-five (45) for complex requests).