Chaptora · Vol. IPrivacy PolicyEst. MMXXVINo. 03
The Confidence

Your words.
Your rights.

How we collect, use, and protect personal data — written plainly, in line with the GDPR.

Last revised on the 26th of April, MMXXVI
I

Controller

The controller responsible for the processing of your personal data within the meaning of the EU General Data Protection Regulation (GDPR) is:

Nezir Basar (Chaptora)
Leopold-Kohr-Straße 1, 1220 Vienna, Austria
info@chaptora.com

II

Scope of this policy

This policy explains how we collect, use, store, and share personal data when you visit our website or use Chaptora (the “Service”), an AI-assisted writing platform for authors. It applies to data we process as a controller. It does not cover third-party websites linked from the Service.

III

Data we collect

We process the following categories of personal data:

  • Account data — email address, first and last name, and a unique user identifier provided by our authentication provider when you sign up or sign in.
  • Content data — the manuscripts, chapters, notes, resources, prompts, and other text or files you create, upload, or generate while using the Service.
  • Usage data — technical information automatically transmitted by your browser, including IP address, browser type, operating system, referrer URL, pages viewed, and timestamps.
  • Communications — the content of any messages you send us (e.g. support emails) and our replies.
  • Billing data — if you subscribe to a paid plan, our payment provider processes your payment information; we receive only the subscription status and a customer reference, not your full card details.
IV

Purposes & legal bases

  • Providing the Service (creating your account, storing your projects, running AI features at your request) — Art. 6(1)(b) GDPR (performance of contract).
  • Securing & operating the Service (logging, abuse prevention, debugging) — Art. 6(1)(f) GDPR (legitimate interest in a stable, secure platform).
  • Communicating with you (responding to support, sending service-related notices) — Art. 6(1)(b) and (f) GDPR.
  • Legal obligations (e.g. tax and accounting records) — Art. 6(1)(c) GDPR.
V

AI processing of your content

When you use AI features in Chaptora, the relevant parts of your content (e.g. selected text, chapter context, prompts) are sent to third-party AI providers so they can return a response. We instruct these providers contractually not to use your content to train their models. Outputs are returned to you and stored in your project.

You should not paste highly sensitive personal data (e.g. health data, government identifiers, payment card numbers) into the editor. AI outputs may be inaccurate or unoriginal; you are responsible for reviewing them before use.

VI

Service providers (sub-processors)

We rely on the following providers, which process personal data on our behalf under data processing agreements:

  • Clerk, Inc. (USA) — user authentication and account management.
  • Neon, Inc. (USA / EU) — managed PostgreSQL hosting for application data.
  • Anthropic, PBC (USA) — large language model provider (Claude).
  • Google LLC (USA / EU) — large language model provider (Gemini).
  • Hosting & infrastructure providers used to deliver the website and API.
VII

International transfers

Some of the providers above are based outside the European Economic Area, in particular in the United States. Where data is transferred outside the EEA, we rely on appropriate safeguards under Art. 46 GDPR — in particular the European Commission’s Standard Contractual Clauses, and where applicable, the EU–U.S. Data Privacy Framework.

VIII

Cookies & local storage

We use strictly necessary cookies and similar technologies to keep you signed in, remember your preferences, and protect the Service. These do not require consent under § 165 Abs. 3 TKG 2021. We do not use advertising or cross-site tracking cookies. If we introduce non-essential analytics in the future, we will ask for your consent first.

IX

Retention

We keep your account and content for as long as your account exists. If you delete a project, chapter, or your account, we delete the corresponding data from our active systems within a reasonable period and from backups in accordance with our backup rotation. We retain data longer where required by law (e.g. seven years for accounting records under Austrian law) or to defend legal claims.

X

Your rights

Under the GDPR, you have the right to: access your data (Art. 15), have inaccurate data corrected (Art. 16), have your data erased (Art. 17), restrict processing (Art. 18), receive your data in a portable format (Art. 20), and object to processing based on legitimate interests (Art. 21). Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise these rights, contact us at info@chaptora.com. You also have the right to lodge a complaint with a supervisory authority, in particular the Austrian Data Protection Authority (www.dsb.gv.at).

XI

Security

We use encryption in transit (HTTPS), access controls, and reputable infrastructure providers to protect your data. No online service can be guaranteed fully secure; please use a strong, unique password and notify us of any suspected unauthorized access.

XII

Children

The Service is not directed to children under 16. If you believe a child has provided us with personal data, please contact us so we can delete it.

XIII

Changes to this policy

We may update this policy to reflect changes to the Service or applicable law. We will post the updated version on this page and adjust the “last revised” date. Significant changes will be communicated by email or in-app notice.

XIV

Contact

Questions about this policy or your personal data? Write to info@chaptora.com.