Privacy Policy

Last revised: [INSERT DATE]

This policy is a template provided for your convenience and does not constitute legal advice. Have it reviewed by qualified counsel and adapt the bracketed items to your jurisdiction and your actual data practices before relying upon it.

This Privacy Policy explains how [LEGAL ENTITY NAME] ("we," "us," or "our") collects, uses, and safeguards information in connection with Theophilus (the "Service"). By using the Service, you consent to the practices described here.

1.Information we collect

We collect only what is needed to operate the Service:

Account information — the email address you register and an encrypted form of your password. We never store your password in readable form.
Correspondence — the letters you write to Theophilus and the replies it returns, stored so that your conversations persist across visits.
Subscription information — your subscription tier and status, and a customer identifier from our payment provider. Your full payment-card details are handled by Stripe and are not stored by us.
Limited technical data — ordinary information generated when any website is used, such as request logs, used to operate and secure the Service.

2.How we use information

We use the information we collect to provide and maintain the Service, to authenticate your account, to preserve your conversation history, to process your subscription and renewals, to protect the Service against abuse, and to communicate with you about your account when necessary. We do not sell your personal information.

3.Service providers

We rely on a small number of trusted providers to operate the Service, and your information is shared with them only to the extent necessary:

Supabase — stores your account and your correspondence.
Stripe — processes payments and manages subscriptions.
Anthropic — provides the artificial-intelligence model that composes replies; the content of your letters is transmitted to it to generate a response.
Netlify — hosts and serves the Service.

Each provider processes information under its own terms and privacy practices. We encourage you to review them.

4.Data retention

We retain your account and correspondence for as long as your account remains active, and thereafter as needed to meet legal, accounting, or security obligations. You may request deletion of your account and associated data as described below.

5.Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, contact us at [CONTACT EMAIL]. We will respond as required by applicable law. [If you serve users in the European Economic Area, the United Kingdom, or California, consult counsel regarding GDPR, UK GDPR, and CCPA/CPRA disclosures specific to those regimes.]

6.Security

We take reasonable measures to protect your information, including encryption in transit and access controls. No method of transmission or storage is perfectly secure, however, and we cannot guarantee absolute security.

7.Children

The Service is intended for adults and is not directed to children. We do not knowingly collect information from anyone under the age of eighteen, or the age of majority in their jurisdiction.

8.Changes and contact

We may update this policy from time to time, and where changes are material we will take reasonable steps to notify you. Questions about this policy or your information may be directed to [CONTACT EMAIL].