Qué hacemos
con tu borrador.

01 · What you give us

Three kinds of input pass through DraftGuard:

• Drafts. The text you paste into a tool — essay paragraph, sentence, claim, paragraph for tone calibration.
• Metadata. The mode you picked (e.g. "More Personal"), the writing type ("academic"), the level ("college"), and any optional personal detail you typed into a rewrite panel.
• Identifiers. Your IP address, used for per-day rate limiting on the free tier. If you sign up, we store account identifiers from Supabase, your email, usage period counters, subscription state, and billing identifiers from Stripe.

02 · What we store

We do not store your draft text on our servers beyond the lifetime of the request that produced your result. The analyzer and rewriter call OpenRouter, return JSON to your browser, and the request log entry contains only the request ID, route, status code, and IP-derived rate-limit counter — not the body of your draft.

In your browser, your last draft is kept in sessionStorage so the workspace can pick up where you left off. Closing the tab clears it.

03 · How we use it

The text you paste is used for one purpose: to produce the analysis or rewrite you asked for. We do not read it, do not send it to humans, do not use it to compute anything else, and do not match it against any database.

04 · Third parties

These providers may process your data:

• OpenRouter (openrouter.ai), which we use to access the underlying language model. They forward your request to the model provider (currently DeepSeek). Both may log requests for abuse monitoring per their respective privacy policies.
• Vercel, which hosts the application. They see request metadata (URL, IP, user agent, timing) but not request bodies.
• Supabase, which provides authentication and account storage when you sign in. Supabase stores your user ID, email, authentication session, and DraftGuard account records.
• Stripe, which processes paid subscriptions and credit purchases. Stripe receives billing details; we store only the customer ID, subscription state, payment event IDs, and credit balance needed to operate your account.

05 · Cookies and browser storage

We use cookies and browser storage for language preference, authentication, security, checkout, and workspace continuity. We do not currently use advertising cookies or cross-site behavioral tracking cookies. The full list is in our Cookie Policy.

06 · Training data

We do not use your drafts to train any model — ours or anyone else's. We have no model to train; we use third-party models on a per-request basis. The model providers we use have their own training policies, which we have configured to opt out of training where supported.

07 · Your rights

Because we don't keep your drafts, there is nothing to request, export, or delete in that category. For account data (email, subscription state) you can request a copy or deletion at any time by writing to support@whispen.io. We respond within 30 days.

If you are in a jurisdiction with stronger data rights — EU, UK, California — those rights apply, and the same email is the route to exercise them.

08 · Changes to this policy

We will not narrow your privacy by silent edit. Material changes to this policy will be announced on the landing page and in any active subscription email at least 14 days before taking effect. The previous version will remain accessible for reference.