Skip to main content

    Privacy Policy

    Effective date: May 5, 2026 · Last updated: May 5, 2026

    Prefer a copy?

    Download our complete Privacy Policy as a PDF.

    📄 Download PDF

    Legal entity: Write in a Click, Ltd. ("Write in a Click", "we", "us", "our")
    Contact: privacy@writeinaclick.com

    What this Policy covers

    This Privacy Policy explains how we collect, use, disclose, and protect information when you use Write in a Click (the "Service"), which includes:

    • Our website at writeinaclick.com;
    • The Write in a Click web app at app.writeinaclick.com;
    • The Write in a Click iOS app distributed through the Apple App Store;
    • The Write in a Click Android app distributed through Google Play (package name: com.writeinaclick.mobile); and
    • Related communications, support, and content.

    Where we provide the Service directly to individual users, we act as a data controller. Where business customers upload or connect their own end-user data, we act as a data processor and our Data Processing Addendum (DPA) governs that relationship.

    We update this Policy from time to time. If changes are material, we will notify you in the app (web or mobile) or by email.

    Summary of recent changes

    This version expands the Policy to cover our iOS and Android mobile apps. New disclosures cover push notifications, mobile crash analytics, mobile device identifiers, the Apple App Tracking Transparency framework, camera and microphone access for dictation and photo import, on-device storage for offline drafting, and in-app purchase data handled by the Apple App Store and Google Play.

    1. Information we collect

    1.1 Account and contact data

    Name, email, password credentials, country, and communication preferences.

    1.2 Payment data

    • Web purchases. Billing address and payment method details handled by our payment processor; we do not store full card numbers.
    • In-app purchases (iOS and Android). Purchases made on a mobile app are processed by Apple (App Store / StoreKit) or Google (Google Play Billing). We receive only purchase confirmations, transaction identifiers, product identifiers, country, currency, and renewal status from those platforms. We do not receive your card number, CVV, or full billing address from the stores.

    1.3 Content and usage

    Text you enter to generate content ("prompts"), uploaded files, generated outputs, project metadata, session timestamps, and feature usage.

    1.4 Device and network

    IP address, device or browser type, language, time zone, system settings, crash diagnostics, and performance metrics.

    1.5 Cookies and similar technologies (web)

    First-party cookies for core functionality and analytics; optional advertising and retargeting cookies on the marketing site (see Section 9).

    1.6 Information we collect on mobile

    When you use the iOS or Android app we additionally collect:

    • Push notification tokens. When you opt in to push notifications, we receive a token from Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) so we can send you service notices and product updates you have requested. You can revoke this at any time in your device's notification settings.
    • Mobile crash diagnostics and performance telemetry. We use a mobile crash reporting and performance SDK to detect, reproduce, and fix crashes and slow code paths. This includes anonymized device model, OS version, app version, stack traces, breadcrumbs, and non-personal performance metrics. Crash payloads are scrubbed of obvious personal data before transmission.
    • Mobile device identifiers. On iOS we use the Identifier for Vendor (IDFV); on Android we use the Android ID. These identifiers are scoped to our app or vendor and are used for fraud prevention, abuse mitigation, quota enforcement, and basic analytics. We do not use the Identifier for Advertisers (IDFA) on iOS or the Android Advertising ID (AAID) for cross-app advertising tracking. If we ever change that practice on iOS, we will request your consent through the Apple App Tracking Transparency (ATT) prompt before doing so.
    • Camera and microphone access. The mobile app may request access to your camera (for example, to import a photo of a printed page) or microphone (for dictation). These permissions are requested only when you trigger a feature that needs them. We do not record audio in the background and we do not access the camera or microphone unless you start a feature that uses them.
    • Photo library access (iOS) and media access (Android). Requested only when you import an image. We access only the items you select.
    • Local on-device storage. Manuscripts you draft on mobile are stored locally on your device so you can keep writing offline. Where supported by the operating system, this storage is encrypted at rest by the device. Sync to our servers happens over TLS when you reconnect.
    • In-app purchase metadata. Receipts, subscription identifiers, renewal events, and entitlement status from Apple and Google.

    1.7 Support and feedback

    Messages to support, bug reports, satisfaction surveys.

    1.8 Job applicant data (if applicable)

    Resume / CV, profile links, and interview notes.

    We do not intentionally collect special categories of personal data (for example, health data, biometric identifiers, precise geolocation) unless you include them in submitted content. Please avoid submitting sensitive data unless strictly necessary. Our mobile apps do not request precise location, contacts, calendar, health, or biometric data.

    2. App permissions on iOS and Android

    The mobile apps may ask for the following permissions. You can refuse any permission and continue using the app, with the indicated trade-off:

    • Notifications — to send service notices and product updates you ask for. If you decline, you will not receive push notifications.
    • Microphone — to convert your speech to text. If you decline, dictation features are unavailable.
    • Camera — to capture an image to import as text. If you decline, camera-based import is unavailable.
    • Photo library / media — to add selected images to your manuscript. If you decline, you can still import via files or drag-and-drop.
    • Local network (iOS) — to sync between devices on the same network. If you decline, local-network sync is unavailable.
    • Tracking (iOS ATT) — we currently do not request ATT permission.

    We never request: contacts, calendar, precise location, health, biometric, motion, or background-running permissions.

    3. How we use information (purposes and legal bases)

    • Provide and maintain the Service — create accounts, authenticate, generate content, store projects, deliver push notices you opted into, deliver in-app purchases. Legal basis: contract performance; legitimate interests.
    • Improve and secure the Service — debugging, mobile crash analytics, performance, abuse and fraud prevention, safety monitoring. Legal basis: legitimate interests; in some regions, consent for analytics or ads cookies.
    • Communicate with you — service notices, security alerts, transactional emails, push notifications. Legal basis: contract performance or legitimate interests.
    • Optional marketing — feature updates, newsletters. Legal basis: consent (where required), with the ability to opt out anytime.
    • Compliance — tax, accounting, legal obligations, lawful requests. Legal basis: legal obligation; legitimate interests.

    AI-specific handling

    • Ownership. You own your user-generated content and outputs as between you and us, subject to our Terms of Use.
    • Training. We do not use your prompts or outputs to train publicly available AI models.
    • Service improvement. We may process aggregated and/or de-identified usage signals to improve quality, safety, and performance. For paid and business plans, you may opt out of limited human review for abuse and quality checks where applicable.
    • Third-party model providers. If we route requests to third-party AI APIs, we configure them to not use your data to train their public models. See our Sub-processor List for current providers.

    4. When we share information

    We share only as needed to run the Service:

    • Service providers and sub-processors. Cloud hosting, analytics, email delivery, customer support, payment processing, push notification delivery (APNs and FCM), mobile crash analytics, and — if used — AI model providers, under contracts that limit their use of your data.
    • Apple and Google. When you make an in-app purchase, the relevant store processes the payment and provides us with the purchase data described in Section 1.2. Apple's and Google's own privacy notices apply to the data they collect directly from you.
    • Business customers (processor context). When a business customer controls the account, administrators may access data created in that tenancy.
    • Legal and safety. To comply with law, enforce our agreements, or prevent harm.
    • Business transfers. In a merger, acquisition, or asset sale we will give notice and continue protections consistent with this Policy.

    We do not sell personal information for money. If we use advertising or cross-context behavioral advertising tools on the marketing website (for example, certain pixels), those disclosures may constitute "sharing" under California law. The mobile apps do not run advertising pixels and do not engage in cross-context behavioral advertising.

    5. App Store and Google Play privacy disclosures

    We maintain alignment between this Privacy Policy and:

    • The App Privacy labels we publish on our App Store listing; and
    • The Data Safety form we publish on our Google Play listing.

    If you find a discrepancy, this Policy is the authoritative source and we will update the store listings to match.

    6. International data transfers

    We operate globally. Where data is transferred internationally (for example, to the United States), we use recognized safeguards such as the EU Standard Contractual Clauses (SCCs) and comparable mechanisms where applicable. We assess local laws and implement additional security and contractual measures as needed.

    7. Retention

    We keep personal data only as long as necessary for the purposes described:

    • Account data. For the life of your account plus up to 24 months for records, dispute handling, and backups.
    • Content and projects. Until you delete them or the account is closed; backups roll off within 90 days.
    • Local on-device storage. Removed when you uninstall the app or clear app data on the device.
    • Analytics and logs. Typically 14–26 months (aggregated thereafter), subject to your cookie settings and our analytics tool configuration.
    • Mobile crash diagnostics. Up to 90 days at the SDK provider level; aggregated and de-identified analytics may be retained longer.
    • Support records. Up to 24 months from last interaction.
    • Legal holds. Longer if required by law or to establish or defend legal claims.

    8. Your privacy rights

    Depending on your location, you may have the right to access, correct, delete, restrict or object to processing, request portability, and withdraw consent. You also have the right to lodge a complaint with a supervisory authority (EU / UK).

    California and certain US states. Rights to know, delete, correct, opt out of sale or sharing (including cross-context behavioral advertising), and limit use of sensitive information. We honor Global Privacy Control (GPC) signals as an opt-out where required.

    How to exercise your rights

    • In-app account deletion. You can delete your account and request deletion of associated personal data directly from inside the iOS app, the Android app, and the web app, in line with Apple App Store guideline 5.1.1(v) and Google Play's Data deletion requirement.
    • In-app privacy controls for marketing, notifications, and opt-out of improvement uses where applicable.
    • Email: privacy@writeinaclick.com.
    • "Do Not Sell or Share My Personal Information" link in the website footer.

    We may ask for information to verify your identity and will respond within the timeframes required by law.

    9. Cookies, ads, and tracking

    Web

    We use cookies and similar technologies on the marketing site and the web app:

    • Strictly necessary — login, security, load balancing.
    • Preferences and features — saved settings, editor state.
    • Analytics — to measure usage and improve the product.
    • Advertising and retargeting (optional) — ad measurement and audiences (for example, Meta Pixel) on the marketing site only.

    Controls. EU / UK / EEA: we show a consent banner with granular choices for analytics and advertising. US (including California): you can opt out of sale or sharing via the site footer and we honor GPC where required. Browser settings may also let you delete or block cookies.

    Mobile

    The mobile apps do not use web cookies or third-party advertising SDKs. The mobile apps use only the SDKs disclosed in Section 1.6 and the sub-processor list.

    10. Security

    We use technical and organizational measures designed to protect personal data, including encryption in transit and at rest, role-based access controls, least-privilege, audit logging, regular vulnerability management, and incident response procedures. On mobile, drafts in local on-device storage are protected by the device's standard data protection features. No system is perfectly secure; if we learn of a breach, we will notify affected users and regulators as required.

    11. Children

    The Service is not intended for children under 16 in the EEA / UK or under 13 elsewhere. We do not knowingly collect personal data from children. The mobile apps rely on the App Store and Google Play age gates and do not target children. If you believe a child has provided personal data, contact us to request deletion. We do not direct the apps at children and the Apple App Store and Google Play "Designed for Families" / "Kids" categories do not apply.

    12. EU / UK specifics

    13. Business customers (processor terms)

    When we process personal data on behalf of a customer, we do so under a DPA that includes required processor terms (for example, purpose limitation, confidentiality, sub-processor flow-downs, assistance with data subject requests, and SCCs for international transfers). Customers control deletion schedules within their workspace.

    14. Changes

    We may update this Policy to reflect changes to our practices or the law. The "Effective date" and "Last updated" lines at the top show when it last changed. Material changes will be announced in the app or by email.

    15. Contact us

    privacy@writeinaclick.com

    Questions about Privacy?

    If you have any questions about our Privacy Policy or how we handle your data, please contact us: