Privacy Policy

Information You Provide Directly

• Account information: Name or pen name, email address, and password when you create an account.
• Profile information: Writing preferences, genre, pen names, notification preferences, and account settings.
• Creative content: Manuscripts, chapters, character bibles, series notes, beat sheets, voice profile samples, book project details, and any other content you create or upload.
• Payment information: Billing details processed through Stripe. We never store your full credit card number — only last four digits, card type, and expiration for display purposes.
• Communications: Messages to our support team, feedback, and survey responses.
• BYOK API keys: Your Anthropic API key if using the BYOK tier — encrypted before storage.

Information Collected Automatically

• Usage data: Pages visited, features used, time spent, writing session duration, word counts, and interaction patterns.
• Device information: Browser type, operating system, device type, screen resolution, and IP address.
• Writing statistics: Daily word counts, streak data, chapter completion dates, and goal progress — used to power your stats dashboard and Belle's check-ins.

We make the following commitments about your creative content:

• We will never use your manuscripts to train AI models. Your creative work is never used to improve, train, or fine-tune any AI system — ours or anyone else's.
• We will never share your unpublished writing with third parties. Your manuscripts are private and treated with the same confidentiality as any personal creative work.
• We will never read your manuscripts for any purpose other than operating the Platform. AI processing of your content happens solely to deliver features you requested.
• Your content is encrypted at rest. Manuscripts and sensitive creative content are encrypted in our database.
• You can export everything anytime. All your content is exportable from account settings at any time. Your writing is never held hostage.
• Your content is deleted when you leave. When you close your account creative content is permanently deleted within 30 days. You have a 30-day grace period to export first.

When you use AI features your content is sent to the Anthropic API for processing. We use API access which means Anthropic does not use API-processed content to train their models per their current API usage policies. Review Anthropic's privacy policy at anthropic.com/privacy for current information.

We work with carefully selected third party services. Each receives only the data necessary for their specific function.

We do not sell your data. We do not share your data with advertisers. We do not allow third parties to use your data for their own marketing.

• All data transmitted between your device and our Platform is encrypted using HTTPS/TLS.
• Manuscripts and creative content are encrypted at rest in our database.
• BYOK API keys are encrypted using industry-standard encryption before storage.
• Passwords are hashed — we never store plain text passwords.
• Database access restricted using Row Level Security — users access only their own data.
• Regular automated backups protect against data loss.

Data Retention

We use a minimal set of cookies necessary to operate the Platform. We do not use advertising cookies or cross-site tracking.

• Access: View all data we hold about you and request a complete data export from account settings.
• Correct: Update your name, email, pen name, and preferences directly in account settings.
• Export: Download all your creative content in standard formats from account settings anytime.
• Delete: Close your account and trigger permanent deletion of all personal data and creative content within 30 days.
• Notifications: Adjust or turn off all notification types in account settings. Transactional emails cannot be turned off as they are necessary for account operation.
• Analytics: Opt out of Google Analytics via browser settings.
• Withdraw consent: Unsubscribe from marketing emails anytime. Withdrawal does not affect lawfulness of prior processing.

Contact: finishthebook@finishthebook.ai — we respond within 30 days.

If you are located in the EU or EEA the GDPR gives you additional rights regarding your personal data.

Your GDPR Rights

• Right of access — obtain a copy of your personal data
• Right to rectification — correct inaccurate personal data
• Right to erasure — request deletion of your personal data
• Right to restrict processing — limit how we use your data
• Right to data portability — receive your data in a portable format
• Right to object — object to processing based on legitimate interests

Your data is stored and processed in the United States. We rely on Standard Contractual Clauses with our service providers where required. Contact: finishthebook@finishthebook.ai. You also have the right to lodge a complaint with your local data protection authority.

• Right to know: Request disclosure of what personal information we collect, use, and share.
• Right to delete: Request deletion of personal information we have collected.
• Right to opt out of sale: We do not sell your personal information.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

Contact: finishthebook@finishthebook.ai — we respond within 45 days. We do not sell your personal information.

FinishTheBook.ai is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. The explicit romance content features are strictly restricted to users 18 and older. If you believe a person under 18 has created an account please contact finishthebook@finishthebook.ai immediately.

• The fact that you have enabled adult content features is treated as sensitive personal information and never shared with third parties except as required by law.
• Adult content you generate or write is subject to the same ownership and privacy protections as all other creative content — it belongs to you and is never shared or used for AI training.
• Content processed via adult features is subject to those AI providers' data handling policies for the duration of processing.

• Your API key is encrypted using AES-256 encryption immediately upon receipt.
• Your API key is decrypted only on our secure servers at the moment needed — never in the browser.
• Your API key is never logged, never transmitted to any party other than Anthropic for your API calls, and never visible to our team.
• You can remove your API key from our system immediately from account settings.
• In the event of a security breach we will notify you immediately so you can revoke your key through your Anthropic account.

When we make material changes we will send an email to your registered address at least 30 days before changes take effect and display a prominent notice on the Platform. Your continued use after the effective date constitutes acceptance. Previous versions are available upon request at finishthebook@finishthebook.ai.

We aim to respond to all privacy inquiries within 5 business days and complete all data subject requests within 30 days.