Scriblio

Privacy Policy

Last updated: March 18, 2026

1. Information We Collect

When you create an account on Scriblio, we collect the following information:

  • Name — to personalize your experience.
  • Email address — to authenticate your account and send important notifications.
  • Profile picture — if you sign in with Google and your Google account has a profile photo, it may be displayed as your avatar within Scriblio.

We also collect content you create within the app, such as stories, characters, notes, and other creative works, which are stored securely in your account.

2. Google User Data

Scriblio offers sign-in via Google OAuth as a convenience. This section specifically describes how we handle data received from Google.

Data Accessed

When you choose to sign in with Google, Scriblio requests the following data from your Google account:

  • Email address — used as your unique account identifier.
  • Name — displayed as your display name within Scriblio.
  • Profile picture — optionally displayed as your avatar.

Scriblio does not request access to your Gmail, Google Drive, Google Calendar, contacts, or any other Google services. We only use the basic profile scope required to identify you and create your account.

Data Usage

Google user data is used exclusively to:

  • Create and authenticate your Scriblio account.
  • Display your name and avatar within the app.
  • Send transactional emails (account notices, billing receipts) to your email address.

We do not use your Google data for advertising, profiling, or any purpose beyond operating your Scriblio account. We do not use Google user data to train AI models.

Data Sharing

Your Google user data is never sold, rented, or traded to third parties. It is shared only with the following services, strictly as required to operate Scriblio:

  • Supabase — stores your email and name in our secure database to maintain your account.
  • Resend — receives your email address solely to deliver transactional emails you request (e.g., password resets, billing receipts).
  • Vercel — hosts the Scriblio application; does not independently store or process your personal data.

No other third parties receive your Google user data.

Data Storage & Protection

Your Google-derived data (name, email, profile picture URL) is stored in Supabase, a SOC 2 Type II certified cloud database. We protect your data using:

  • Encrypted connections (TLS) for all data in transit.
  • Row-level security policies so users can only access their own data.
  • Secure OAuth token handling — we never store your Google account password or refresh tokens beyond what is required for session management.
  • Access controls limiting which team members can query production data.

Data Retention & Deletion

Your Google-derived personal data is retained for as long as your Scriblio account is active. Specifically:

  • Active accounts: name, email, and profile picture are retained to operate your account.
  • After account deletion: your personal data (name, email, profile picture) is permanently deleted from our database within 30 days of your deletion request.
  • Your creative content (stories, characters, notes) is deleted immediately upon account deletion.
  • Billing records may be retained for up to 7 years to comply with financial record-keeping requirements, but contain only payment metadata — not your creative content.

To request deletion of your account and all associated data, please email scriblio@scriblio.co with the subject line "Delete My Account". We will confirm deletion within 5 business days. You may also delete your account directly from the Settings page inside Scriblio.

3. How We Use Your Information

We use your personal information for the following purposes:

  • To create and manage your account.
  • To authenticate you via Google OAuth or email and password.
  • To communicate important updates about the service.
  • To provide and improve the Scriblio writing platform.

4. AI-Assisted Features

Scriblio uses AI (powered by Anthropic's Claude) to provide writing assistance features such as workshop conversations, manuscript analysis, and editorial suggestions. When you use these features, portions of your writing may be sent to Anthropic's API for processing. This data is used solely to generate responses for you and is not used to train AI models. Anthropic's data retention and privacy practices are governed by their own privacy policy.

Scriblio's AI is designed to assist your creative process — it never writes for you. All AI-generated suggestions are presented as recommendations that you choose whether to accept.

Google user data is never sent to AI services. AI features operate exclusively on the creative content you write within Scriblio.

5. Data Storage & Security

Your data is stored securely using Supabase, a trusted cloud database provider. We implement industry-standard security measures including encrypted connections, row-level security policies, and secure authentication practices to protect your information.

6. Third-Party Services

We use the following third-party services to operate Scriblio:

  • Supabase — for authentication and data storage.
  • Anthropic (Claude API) — for AI-powered writing assistance features.
  • Stripe — for processing subscription payments.
  • Google OAuth — for optional sign-in via Google (see Section 2 for details).
  • Resend — for sending transactional emails.
  • Vercel — for hosting and serving the application.

Each of these services has their own privacy policies governing how they handle your data.

7. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We only share your data with the third-party services listed above, and only as necessary to provide the Scriblio service. Your creative writing is never shared with other users or made public without your explicit consent.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Export your stories and creative content at any time.
  • Request deletion of your account and associated data.
  • Withdraw consent for data processing at any time.

To exercise any of these rights, please contact us at scriblio@scriblio.co. Account deletion requests are processed within 5 business days.

9. Cookies

Scriblio uses cookies and similar technologies solely to operate the service:

  • Authentication cookies — set by Supabase to keep you signed in during your session. These are strictly necessary for the service to work.
  • Preference cookies — used to remember your theme setting (light/dark mode) across visits.

We do not use advertising cookies, tracking pixels, or any cookies that monitor your activity across other websites. We do not use analytics services that track individual users. You can disable cookies in your browser settings, but doing so will prevent you from staying signed in.

10. Children's Privacy

Scriblio is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use Scriblio or provide any personal information.

If you are a parent or guardian and believe your child under 13 has created an account or provided personal information to us, please contact us at scriblio@scriblio.co and we will promptly delete that information.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by posting the updated policy on this page with a revised date.

12. Contact Us

If you have questions about this privacy policy or your personal data, please contact us at: scriblio@scriblio.co

Scriblio is operated by Matthew Lancaster, Covington, Kentucky, USA.

← Back to Scriblio