Privacy Policy

OpusDraft, LLC (“OpusDraft,” “we,” “us”) collects only the information necessary to operate the Service. We do not collect your name, physical address, or payment card details directly.

We do not sell your information, and we do not use your writing content to train AI models. See Section 03.

We use your information only to operate and improve OpusDraft. Specifically:

• To create and maintain your account.
• To process your AI tool requests using your provided API key (or, during the free trial, our shared key — see Section 05).
• To store and retrieve your writing projects, chapters, canon, rule packs, and style guides.
• To communicate with you about your account, billing, security, or material changes to the Service.
• To diagnose technical problems, fix bugs, and improve product features.
• To enforce our Terms of Service, including detecting and preventing abuse of the Instant Mode trial or promotional codes.
• To comply with legal obligations (e.g., responding to lawful requests, tax reporting, fraud prevention).

We do not use your information for advertising, profiling, or any purpose unrelated to operating OpusDraft.

Your writing projects, chapters, canon entries, rule packs, and style guides are your intellectual property. OpusDraft stores this content in our database solely to provide you with the Service.

We do not:

• Use your writing content to train AI models.
• Sell, license, or share your content with any third party except as required to provide the Service (Section 07) or as required by law.
• Access your content for purposes other than operating and supporting the Service.
• Display your content to other users (unless you publish it via the Service’s public-share feature).

For paid users, your Anthropic Claude API key is encrypted with AES-256 and stored in our database. It is decrypted in memory only when you initiate an AI tool request, transmitted to Anthropic’s servers as part of that request, and used for no other purpose.

You are responsible for:

• Keeping your API key secure (do not share screenshots, do not paste it into untrusted forms).
• Monitoring your Anthropic account for unauthorized API usage.
• All costs incurred through your key while using OpusDraft.
• Compliance with Anthropic’s Terms of Service.

Specifically, during the Instant Mode trial:

• Each AI tool call transmits your prompt (including any excerpts from your writing, canon, or rule-pack context the tool requires) to Anthropic’s API.
• Those requests are billed to OpusDraft’s Anthropic account, not to you.
• Anthropic handles, logs, and retains those requests according to its own data-use, abuse-monitoring, and retention policies — which apply independently of this Privacy Policy. We recommend reviewing Anthropic’s privacy and usage policies if you are sensitive to how your prompts are handled on their end.
• OpusDraft records metadata about trial calls in a per-user audit log (the “Trial Usage Log” in Section 01), which we use to enforce the rolling 24-hour cap, measure trial duration, and detect abuse. The audit log includes a truncated prompt preview (up to 2,000 characters) for each call to help diagnose abuse and produce-fix issues. The audit log is internal-only and is not shared with third parties or used for any purpose beyond trial enforcement and debugging.
• Instant Mode is limited by design — a rolling per-user call cap and a fixed total duration per account, both described in our Terms of Service.

Once you move off the trial, AI tool calls are made using your Claude API key (BYOK) and are billed to your Anthropic account. From that point forward, Section 04 (API Key Security) describes the data flow.

We do not sell your personal information or writing content. We share data only in these limited circumstances:

• Service providers — see Section 07 for the list and the data each receives.
• Legal requirements — we may disclose information if required by law, court order, subpoena, or to protect the rights, safety, or property of OpusDraft, its users, or the public.
• Business transfers — in the event of a merger, acquisition, dissolution, or sale of substantially all OpusDraft assets, user data may be transferred. We will notify users of such changes by email and/or by a notice on the Service.
• Consent — when you have explicitly directed us to share specific data with a specific third party (e.g., publishing a chapter to a public link).

OpusDraft operates on infrastructure and services provided by third parties. Each provider is bound by its own terms and privacy policy, which apply independently of this Privacy Policy. The current list of service providers and the data each receives:

We recommend reviewing the privacy policies of these providers for full information on how they handle data.

OpusDraft uses cookies and equivalent browser storage technologies (localStorage, sessionStorage) for the following purposes:

• Strictly necessary cookies — authentication session tokens, CSRF protection, and security-policy nonces. Required for the Service to function. You cannot opt out and continue using the Service.
• Local preference storage — a small number of localStorage entries (for example, your default voice / style preferences and your dismissal of certain in-app nudges). These remain on your device and are never transmitted to OpusDraft’s servers except when you sign in from another device and explicitly opt to sync.
• Analytics cookies — set by PostHog to assemble per-user product analytics and session replay. We use these to understand which features are used and to improve the Service. The session replay capture has input masking enabled so that password fields, API keys, payment fields, and prose surfaces are not recorded.
• Customer support cookies — set by Intercom to maintain your in-app support chat identity and conversation history.
• Error-tracking cookies — set by Sentry to associate errors with the same browsing session for debugging purposes.

We do not use:

• Advertising cookies.
• Cross-site tracking cookies.
• Third-party data brokers, ad networks, or social-media tracking pixels.

You may configure your browser to refuse cookies, but doing so may prevent you from logging in or using portions of the Service properly.

We retain account data and Your Content for as long as your account is active.

• Active accounts — content is retained until you delete projects/chapters or delete your account.
• Cancelled subscriptions — your data remains stored and accessible at the free / no-AI tier until you request account deletion.
• Account deletion — to request deletion of your account and all associated data, contact us at the email below or use the in-app “Delete account” option in Settings → Account. We will process deletion requests within 30 days. Some records (billing records, abuse-prevention logs, security incident logs) may be retained as required by law or for legitimate business purposes.
• Trial usage log — retained for 90 days after each call, then automatically purged.
• Sentry error data — retained for 90 days after the error, then automatically purged.
• PostHog product analytics — retained for 12 months, then automatically purged.
• Intercom support conversations — retained for the lifetime of your account so support history is available; purged on account deletion subject to the legal-retention exceptions above.

Depending on your jurisdiction (including the EU, UK, California, and other states with comprehensive privacy laws), you may have rights regarding your personal data, including:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate data.
• Deletion — request deletion of your account and personal data, subject to the retention exceptions in Section 09.
• Portability — request your data in a portable format. The in-app Settings → Account → Download my data export is the canonical mechanism for this.
• Objection / restriction — object to certain processing or request that processing be restricted.
• Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at the address in Section 14. We will respond within the timeframes required by applicable law (generally within 30 days).

We implement reasonable technical and organizational security measures to protect your data, including:

• HTTPS / TLS encryption for all data in transit.
• AES-256 encryption for stored API keys.
• Row-level security policies in our database, enforced by Supabase.
• Strict Content Security Policy (CSP), HSTS, and other modern HTTP security headers.
• Regular dependency audits and vulnerability scanning.
• Service-role isolation between the public-facing application and privileged admin operations.

However, no method of internet transmission or electronic storage is completely secure. We cannot guarantee absolute security. You use the Service at your own risk and are encouraged to use strong, unique passwords for your account.

OpusDraft is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date above and, where appropriate, notify you by email or through a notice on the Service.

Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

For privacy questions, data requests, or to report a concern, contact us at:

We aim to respond to all privacy requests within 10 business days.

This Privacy Policy is governed by the laws of the State of Louisiana, without regard to its conflict of law provisions. Any disputes shall be resolved in the courts of East Baton Rouge Parish, Louisiana.