Skip to main content
Good Writing App

Privacy Policy

Privacy Policy

Effective date: June 9, 2026
Last updated: June 9, 2026

Notice — United States only. This Service is available only to users in the United States. We do not currently offer the Service in the European Economic Area, the United Kingdom, or Switzerland. If you are accessing from outside the United States, please do not create an account or use the Service.

This Privacy Policy explains how Good Writing App, LLC ("we," "us," "our") collects, uses, and protects information when you use the Good Writing App at goodwriting.app (the "Service").

We've tried to write this in plain language. If anything is unclear, email us at support@goodwriting.app.

The short version

  • We do not train our tools on your writing.
  • By default, we do not store the text you submit for analysis. Your text is sent to our language analysis provider, processed under a contractual no-training agreement, and may be retained in provider API logs for up to 30 days under standard API terms.
  • We collect the minimum information needed to run your account and keep the Service working: your email address, account identifiers, and basic usage metadata (word counts, timings, which rules ran).
  • Payments are handled by our payment processor. We do not store your card information.
  • We do not sell your information, and we do not display ads inside the app.
  • We advertise the Service on platforms like Meta and Google. To measure how well those ads work, we send a limited amount of conversion data (for example, that a signup or purchase happened, and its value) to those platforms from our servers. We do not install advertising pixels in your browser, do not set advertising cookies, and do not use you to build retargeting or "lookalike" advertising audiences.
  • You can request deletion of your account at any time by emailing privacy@goodwriting.app. We will process the request within 30 days.

The full policy follows.

1. Information we collect

Account information

When you create an account, we collect:

  • Your email address
  • A password, if you choose to set one. Passwords are stored as a one-way hash by our authentication provider.
  • Your account ID and timestamps (when you signed up, when you last logged in)

By default, accounts are created with email only and you sign in using a magic link sent to your inbox. You may optionally set a password during signup, in which case you can also sign in with that password.

Subscription and payment information

If you subscribe to a paid plan, payment is processed by our payment processor. We send the payment processor your email address and account identifier so it can associate the subscription with your account. We do not store your card number or security code. Your payment information is collected and processed directly by our payment processor. Limited billing metadata (such as the last four digits of your card or your country) may be visible to us through our payment processor's dashboard for support and reconciliation purposes.

What we store on our side: a customer identifier, subscription identifier, plan, status, and the end date of your current billing period.

If a payment attempt fails, the payment processor automatically retries on a schedule. We send you an email noting the attempt number and the next scheduled retry. If a subscription transitions to an unpaid state, paid features are suspended on your next request.

The text you submit for analysis

When you paste or type text into the editor and click "Analyze," your text is sent to our servers and forwarded to our current language analysis subprocessor, identified on our Subprocessors page. The provider returns the highlights and explanations you see in the app.

By default, we do not store text submitted for analysis on our servers and do not log it, unless you choose to save a document to your account as described below. Under our provider agreement, your text is not used to for training. The provider may retain API logs for up to 30 days under its standard API terms, after which they are deleted according to those terms. To improve performance, analysis results may be temporarily cached in server memory using a non-reversible identifier derived from your text. The cache is short-lived and your original text cannot be reconstructed from it.

Documents you save to your account

If you choose to save a document to your account, it is stored in our database so you can return to it later. Saved documents — including the document text, the analysis issues recorded, and any dismissals — are stored in our database, which encrypts data at rest. We do not access the content of your saved documents except as needed to maintain database infrastructure (such as backups and migrations) or where you specifically request our help with an issue involving a document.

When you delete a saved document, it is removed from our active systems. Copies may persist briefly in routine backups before being overwritten (see Section 6 for specific windows).

Information stored in your browser

The Service stores a small amount of information in your browser's local and session storage so the editor and sign-in flow can work — including your current draft, your settings and preferences, and short-lived helpers used by the interface. This information stays on your device and is not transmitted to our servers unless you save your document to your account.

Feedback you submit

The app includes a feature that lets you flag a highlighted issue as unhelpful. When you submit feedback this way, we receive limited information about the flagged issue and the surrounding context, plus any optional note you choose to add.

If you are signed in when you submit feedback, we may attach a short-lived pseudonymous identifier so we can group related submissions and limit abuse. The identifier is not your account ID and rotates over time. If you are not signed in, no identifier is attached.

This feature is enabled by default but is fully manual: nothing is sent unless you click the flag button. You can disable it in Settings, after which the flag button will be inactive.

Book-proof verification artifacts

If you choose to access paid features by verifying ownership of Good Writing: 36 Ways to Improve Your Sentences, you may upload a photograph of the book, a receipt, or another proof we accept. You may redact any personal information (such as your name, address, or payment-card details) from the artifact before uploading. We review the artifact only to confirm ownership and prevent fraud, and we delete it within 30 days of the verification decision. Verification artifacts are stored only in our database; we do not share them with our subprocessors beyond the storage host.

Usage and analytics data

We use a single product analytics provider to understand how the Service is used. We do not use third-party advertising trackers.

We collect:

  • Page views and which features you use
  • Word counts, analysis timings, and which rules fired (no text content)
  • Browser type, device type, and approximate city-level location derived from your IP
  • First-touch UTM parameters, recorded once on your first visit and not overwritten by later visits
  • Advertising click identifiers (such as `fbclid` and `gclid`) captured from the address of the page you land on, recorded once and used to attribute conversions to our ads
  • A cookie used to assign you to a stable variant for landing-page experiments

Anonymous visitors are not profiled; our analytics provider only creates a person profile after you sign up. Once a profile exists, your email address is sent as a person trait so we can match analytics events to your account.

We do not currently record user sessions. If we enable session recording in the future, we will update this Privacy Policy and mask the editor surface so the content of your writing is not captured.

Advertising and conversion measurement

We advertise the Service on third-party platforms, including Meta and Google. To understand which ads lead to signups or purchases, we measure conversions on our servers rather than by tracking you in your browser.

When you arrive from one of our ads, the link may include a click identifier (for example, Meta's `fbclid` or Google's `gclid`) in the page address. We record that identifier and associate it with your eventual signup or purchase so we can attribute the conversion to the ad that brought you here.

When a conversion happens, our server sends a limited event to Meta and/or Google that includes the type of event (such as a signup or purchase), its value, and the click identifier. We do not send the content of your writing, your browsing history, or scraped form fields. We configure Meta's Limited Data Use and Google's Restricted Data Processing so this data is used to measure our advertising, not to build advertising profiles of you.

We do not install a Meta Pixel or other advertising tag in your browser, do not set advertising cookies, and do not build retargeting or "lookalike" audiences from your activity on the Service.

IP addresses

For abuse prevention, our system derives a short, non-reversible fingerprint from your IP and uses it for rate limiting. We do not retain raw IP addresses in our application database, although our hosting provider may log them at the edge for routing and security purposes per its own standard practice.

Email communications

We use email service providers to deliver authentication emails (such as magic links and password resets) and marketing or lifecycle messages.

We share with our email providers the limited information needed to deliver messages and target lifecycle communications appropriately, including your email address, plan information, and product activity signals such as signups and payment events. You can unsubscribe from marketing email at any time using the link at the bottom of any marketing message. Authentication and billing notifications are required to operate your account and cannot be unsubscribed from while you have an active account.

2. What we do not collect

We are listing this explicitly because it matters:

  • We do not sell, rent, or share your information with data brokers
  • We do not use third-party advertising cookies, advertising pixels, or behavioral advertising trackers in your browser, and we do not build retargeting or lookalike audiences. (We do measure conversions from our own ads on our servers — see "Advertising and conversion measurement" in Section 1.)
  • We do not train any model on your writing
  • We do not record what you type in the editor
  • We do not collect your contacts, calendar, files, or anything outside the app

3. How we use your information

We use the information we collect to:

  • Provide the Service (run analyses, save your documents, manage your account)
  • Process payments and manage subscriptions
  • Send you transactional emails (receipts, password resets, payment-failure notices)
  • Send you product updates and marketing emails (only if you have not unsubscribed)
  • Understand how the Service is used and improve it
  • Diagnose bugs, prevent abuse, and enforce our Terms
  • Comply with legal obligations

We do not use your information for any purpose not described in this policy.

4. Subprocessors

We rely on a small number of third-party service providers to operate the Service. They include a hosting and database provider, a payment processor, a language analysis service operating under a contractual no-training agreement, a product analytics provider, advertising-platform partners we use to measure the performance of our own ads (Meta and Google), email service providers, an embedded forms provider for our bug-report panel, and a font delivery service for our social-share preview images. The current list of named subprocessors is available at goodwriting.app/subprocessors. Each provider receives only the information needed for its specific function and is required to handle data with at least the same level of protection described in this policy.

We may add or change subprocessors from time to time. We will provide registered users at least 30 days' advance notice by email before adding a new subprocessor that processes personal information. Routine changes (such as replacing a provider with another in the same category, in the same region) will be reflected on the Subprocessors page without separate notice.

5. Where your data is stored

Our database is hosted in the United States, and most of our subprocessors operate in the United States. One subprocessor — the provider of our bug-report form embed — is based in the European Union; submissions from that form are processed in the EU before being forwarded to us. The Service is intended for users in the United States.

6. How long we keep your information

We retain personal information only as long as needed for the purpose for which it was collected. Our maximum retention periods are:

  • Account information (active): for the life of your account
  • Account information (after deletion request): purged from primary systems within 30 days and from encrypted backups within 35 days
  • Saved documents: retained until you delete them or your account is deleted.
  • Submitted text (not saved): not retained beyond what is needed to perform the analysis, except for a short-lived in-memory cache
  • Subscription and billing data: retained as long as legally required for tax and accounting purposes (typically up to 7 years), even after account deletion
  • Analytics events: retained on a rolling 7-year window; aggregate, non-identifying analytics may be retained indefinitely
  • Server logs (non-content): 30 days
  • Email logs: retained by our email providers per their standard policies

7. Your rights and choices

You can:

  • Access or update your account information by logging in and visiting Settings
  • Cancel your subscription at any time in Settings; you will retain access until the end of your billing period
  • Unsubscribe from marketing email using the link in any marketing message
  • Turn off feedback sharing in Settings (the toggle described in Section 1)
  • Request a copy of your data by emailing privacy@goodwriting.app
  • Request deletion of your account by emailing privacy@goodwriting.app. We will process the request within 30 days. Deletion covers the categories of personal information described in this policy. Limited billing and tax records may be retained as required by law (see Section 6).

You can also review these choices at goodwriting.app/privacy-choices, linked as "Your Privacy Choices" in the site footer.

Your privacy rights - United States

Regardless of which US state you live in, you have the right to:

1. Know the categories and specific pieces of personal information we have collected about you, including the sources, purposes, and categories of third parties to whom we have disclosed it.
2. Receive a copy of that information in a portable format.
3. Correct inaccurate personal information.
4. Request deletion of your personal information.
5. Opt out of any "sale" or "sharing" of personal information for cross-context behavioral advertising - we do not engage in either.
6. Opt out of profiling for decisions with legal or similarly significant effects - we do not engage in such profiling.
7. Appeal any decision we make in response to a privacy-rights request by replying to our response email.

We will not discriminate or retaliate against you for exercising these rights. To exercise any of them, email privacy@goodwriting.app.

We respond to privacy-rights requests within 45 days unless a shorter deadline is required by applicable law, and we may use lawful extensions where permitted.

California privacy rights

If you are a California resident, this section explains how we handle your personal information under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA").

Categories of personal information we collect. In the 12 months before the effective date of this policy, and on an ongoing basis, we collect the following categories of personal information described in the CCPA:

  • Identifiers — email address, account ID, IP address, device identifiers, advertising click identifiers (such as `fbclid` and `gclid`), and (if you set one) your hashed password
  • Customer records — limited billing metadata provided by our payment processor (such as the last four digits of your card or your country)
  • Commercial information — subscription plan, status, and billing-period information
  • Internet or other electronic network activity — pages viewed, features used, analysis timings, word counts, first-touch UTM parameters, and similar usage signals
  • Geolocation information — approximate city-level location derived from your IP address
  • Sensitive personal information — (a) account login credentials, where you set a password, used only to authenticate you and operate the Service; and (b) the text you submit and save in the editor ("Document Content"), which we treat as Sensitive Personal Information because it could contain content that reveals categories such as religious beliefs, health, or sexual orientation. We use Document Content only to provide the Service to you and do not use it for any purpose that would trigger your right to limit its use under the CCPA.

We do not collect biometric information, precise geolocation, health information, government identifiers, or other categories of sensitive personal information beyond what is described above.

Sources. We collect this information directly from you (when you create an account, subscribe, or use the Service) and automatically from your device (through cookies and similar technologies, as described in Section 8).

Purposes. We use personal information for the purposes described in Section 3, including providing and operating the Service, processing payments, sending transactional and lifecycle email, understanding product usage, preventing fraud and abuse, and complying with law.

Categories of third parties to whom we disclose personal information for business purposes. We disclose the categories above to the service providers listed on our Subprocessors page — including a hosting and database provider, a payment processor, a language analysis service operating under a contractual no-training agreement, a product analytics provider, email service providers, an embedded forms provider for our bug-report panel, and a font delivery service. We also send limited conversion data to Meta Platforms, Inc. and Google LLC to measure the performance of our own advertising, as described in Section 1 ("Advertising and conversion measurement"). We engage these platforms on a service-provider / measurement basis (Meta Limited Data Use and Google Restricted Data Processing) and do not permit them to use this data to build advertising profiles or audiences. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

Global Privacy Control. We honor the Global Privacy Control (GPC) browser signal as a valid opt-out of any sale or sharing of personal information for cross-context behavioral advertising. We do not engage in such sales or sharing — so there is nothing to opt out of — but we recognize and respect the signal.

Retention. See Section 6 for how long we keep each category of personal information.

Authorized agents. California residents may designate an authorized agent to make a request on their behalf; we may require reasonable verification before fulfilling the request.

This Privacy Policy serves as our notice at collection under the CCPA. We link to this Privacy Policy at the points where we collect personal information.

8. Cookies and similar technologies

We use cookies and similar browser storage to keep you logged in, remember your preferences, and understand how the Service is used. We do not use third-party advertising cookies or behavioral advertising pixels.

The categories of cookies and similar technologies we use are:

  • Essential cookies — required to log you in and operate the Service
  • Preference and editor-state storage — remembers your settings, dismissed issues, and current draft
  • Analytics cookies — used by our analytics provider to understand product usage

You can disable cookies in your browser settings, but parts of the Service may not work correctly if you do.

9. Security

We protect your data in transit with TLS 1.2 or higher and at rest with AES-256 encryption provided by Supabase, our database host. We restrict access to personal data to personnel who need it to operate the Service, and we conduct due diligence on each subprocessor before engagement. No security program eliminates risk entirely, and we do not represent that ours does.

If we confirm a security incident that compromises your personal information, we will notify you without undue delay and consistent with applicable law.

10. Children and minors

The Service is intended for adults. We do not knowingly collect personal information from anyone under 13, and the Service is not directed to children under 13. If we learn that we have collected personal information from a child under 13, we will delete it. If you believe a child under 13 has provided us with personal information, email privacy@goodwriting.app.

If you are at least 13 but under the age of majority in your state (typically 18), you may use the Service only if a parent or legal guardian has reviewed and agreed to these Terms and this Privacy Policy on your behalf.

11. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email at the address on your account, or through the Service, at least 30 days before the change takes effect. We will also update the "Last updated" date at the top of this page. A version history is available at goodwriting.app/privacy/changelog. Continued use of the Service after a material change has taken effect means you accept the updated policy; if you do not accept the updated policy, you may stop using the Service and request deletion of your account at any time.

12. Contact us

For privacy questions, requests, or complaints, email privacy@goodwriting.app. For general product support, email support@goodwriting.app.

For postal mail:

Good Writing App, LLC
1968 S. Coast Hwy, #5356
Laguna Beach, CA 92651
United States

Privacy Policy — Good Writing