Privacy Policy

Last updated: May 2025 · AI Rewriter · ai-rewriter.cc

This Privacy Policy explains how AI Rewriter (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit ai-rewriter.cc and use our text-rewriting service. We are committed to handling your data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

AI Rewriter
Website: https://ai-rewriter.cc
Contact: available through the in-app support channels or via the contact links in the navigation.

2. What Data We Collect

We collect only the data necessary to provide and improve our service:

Account data: your email address, provided when you create an account via our authentication provider (Clerk). We may also store a display name or profile image if supplied.
Payment data: transaction references and plan details to confirm your subscription. Payment card details are handled exclusively by Paystack and are never stored on our servers.
Usage analytics: anonymised metrics such as rewrite counts, selected models, and session duration. These contain no raw text and cannot be linked back to you individually.
Technical data: IP address, browser type, device type, and session identifiers collected automatically when you access the service. We use this data for security, fraud prevention, and analytics.
Cookies & local storage: session cookies necessary to keep you logged in and first-party analytics cookies to measure traffic. We do not use advertising cookies or third-party tracking pixels.

Text you submit for rewriting is never stored. Your input passes through our rewriting model and is returned directly to you. No copy of your text is retained on our servers after the request completes.

3. How We Use Your Data

We process your personal data for the following purposes:

Service delivery: to authenticate you, manage your subscription, and provide the rewriting tool.
Payment processing: to verify and record your subscription payments.
Communication: to send important account or service updates (e.g. subscription expiry notices). We do not send marketing emails unless you have explicitly opted in.
Security and fraud prevention: to detect and prevent abuse, ban evasion, and unauthorised access.
Service improvement: to analyse anonymised usage patterns and improve the rewriting models and user experience.
Legal compliance: to fulfil our obligations under applicable law.

4. Legal Basis for Processing

Under the GDPR, we rely on the following legal bases:

Performance of a contract (Article 6(1)(b)): processing your account and payment data is necessary to provide the service you have subscribed to.
Legitimate interests (Article 6(1)(f)): processing technical data for security, fraud prevention, and anonymised analytics, where these interests are not overridden by your rights.
Legal obligation (Article 6(1)(c)): retaining certain transaction records as required by law.
Consent (Article 6(1)(a)): where we ask for your consent (e.g. optional communications), you may withdraw it at any time without affecting prior processing.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We share data only with:

Clerk — our authentication provider. Clerk processes your email address and account credentials. See Clerk’s Privacy Policy.
Paystack — our payment processor. Paystack handles all card and M-Pesa transactions. We only receive a transaction reference and status. See Paystack’s Privacy Policy.
Hosting provider — our infrastructure provider (Linode / Akamai) hosts the application and data in accordance with applicable data protection standards.
Legal authorities: we may disclose data if required to do so by law or in response to a valid legal process.

All third-party processors are contractually bound to process your data only as instructed and to maintain appropriate security measures.

6. International Transfers

Your data may be processed in countries outside the European Economic Area (EEA), including the United States, where our infrastructure and some service providers are located. When we transfer data outside the EEA we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

7. Data Retention

We retain your data only for as long as necessary:

Account data: retained for the duration of your account, and deleted within 30 days of account deletion upon request.
Payment records: retained for up to 7 years to comply with financial and tax regulations.
Usage analytics: anonymised data may be retained indefinitely as it cannot identify you.
Security logs (IP, session): retained for up to 12 months for fraud prevention purposes.

8. Your Rights Under the GDPR

If you are located in the EEA or UK, you have the following rights regarding your personal data:

AccessRequest a copy of the personal data we hold about you.

RectificationAsk us to correct inaccurate or incomplete data.

ErasureRequest deletion of your personal data (“right to be forgotten”).

RestrictionAsk us to restrict processing of your data in certain circumstances.

PortabilityReceive your data in a structured, machine-readable format.

ObjectObject to processing based on legitimate interests or for direct marketing.

Withdraw consentWithdraw any consent you have given at any time without affecting prior processing.

Lodge a complaintFile a complaint with your local data protection authority (e.g. the ICO in the UK).

To exercise any of these rights, please contact us through the support channels available in the application. We will respond within 30 days.

9. Cookies

We use the following types of cookies:

Strictly necessary cookies: session and authentication cookies required for the service to function. These cannot be disabled without breaking your login session.
Analytics cookies: first-party cookies that help us understand how the service is used (page views, session counts). No data is shared with advertising networks.

You can control or delete cookies through your browser settings. Disabling strictly necessary cookies will prevent you from logging in.

10. Children’s Privacy

Our service is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that a minor has provided us with personal data, we will delete it promptly.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include encrypted connections (HTTPS), hashed credentials, and access controls limiting who can view personal data within our systems.

12. Google API Services User Data Policy

AI Rewriter uses Google Sign-In (OAuth 2.0) to allow you to authenticate using your Google account. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we commit to the following:

Limited use: We only use the Google user data we receive (your email address and basic profile information) to provide and improve the AI Rewriter service. We do not use this data for any other purpose.
No data transfer: We do not transfer Google user data to third parties except as necessary to provide the service (e.g. our hosting provider), or as required by law.
No advertising: We do not use Google user data for serving advertisements, and we do not allow advertising networks to access it.
No unauthorised human access: We do not allow humans to read Google user data unless you have given explicit consent, it is required for security purposes, or we are legally obligated to do so.
Text is never stored: Text you submit for rewriting is processed in memory and returned directly to you. It is never written to disk, associated with your Google account, or visible to any person.

This disclosure satisfies the Google API Services User Data Policy Limited Use requirements for apps that access Google OAuth scopes.

13. Account Deletion

You may request the permanent deletion of your account and all associated personal data at any time. To do so:

Contact us through the in-app support channel or via the contact form at ai-rewriter.cc.
Include “Account Deletion Request” in your message and the email address associated with your account.

We will process your request and confirm deletion within 30 days. Note that we may retain certain transaction records for up to 7 years as required by financial regulations (see Section 7), but these will be de-linked from your personal profile.

You may also disconnect Google Sign-In from your account at any time by visiting your Google account permissions page and revoking access for AI Rewriter.

14. Do Not Track

Some browsers send a “Do Not Track” (DNT) signal. We currently do not alter our data collection practices in response to DNT signals, as there is no industry-wide standard for honouring them. We encourage you to use our cookie controls (described in Section 9) to manage your preferences directly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or via an in-app notice. The “Last updated” date at the top of this page always reflects the most recent revision. Continued use of the service after changes are published constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to raise a concern, please contact us through the support channels available within the application or by visiting ai-rewriter.cc.

You also have the right to lodge a complaint with a supervisory authority. In the EU, you may contact your national data protection authority. In the UK, you may contact the Information Commissioner’s Office (ICO).

Also see our Terms & Conditions.