Legal

Privacy Policy

Last updated: April 21, 2026

Back to Home

1. Introduction

This Privacy Policy explains how ScribeBolt ("ScribeBolt", "we", "us", "our") collects, uses, shares, and protects information when you use the website at https://www.scribebolt.me/, our browser extension, and related services (together, the "Service").

ScribeBolt is operated by an individual based in Serbia. By using the Service you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect the following categories of personal information:

  • Account information. Email address, first and last name, and a hashed password (for email/password sign-ups).
  • Social media / OAuth profile information. When you choose to sign in with a third-party provider (such as Google), we receive your name, email address, and a provider account identifier from that service. We may add additional providers (such as Facebook or X/Twitter) in the future on the same basis.
  • Content you submit. Templates ("scribbles"), prompts, sample messages, and any other text you upload, paste, or generate using the Service. This content is processed by our AI sub-processor (OpenAI) to produce replies for you.
  • Support correspondence. Messages, bug reports, and attachments you send us through the contact page, the browser extension, or by email, including any personal information you choose to include.
  • Billing information. Subscription tier, plan status, and identifiers returned by our payment processor (LemonSqueezy). Card numbers and other full payment details are entered on LemonSqueezy's checkout and are never received or stored by ScribeBolt.
  • Usage and device data. IP address, browser and device type, operating system, language, referring/exit pages, timestamps, feature usage, generation counts, and similar log data.
  • Cookies and similar technologies. Authentication cookies, security tokens, and analytics identifiers (see Section 7).

3. How We Use Information

  • Create and authenticate your account, including via Google sign-in.
  • Provide, maintain, and improve the Service, including generating replies via OpenAI.
  • Process subscriptions, renewals, refunds, and tax-related obligations through LemonSqueezy.
  • Send transactional emails (verification, password reset, billing receipts, security and service notices).
  • Respond to support requests and communicate with you about the Service.
  • Monitor, secure, and debug the Service, prevent abuse, and enforce our terms.
  • Measure and analyze usage with Google Analytics to improve product quality.
  • Comply with legal obligations and respond to lawful requests.

4. Legal Bases for Processing (GDPR)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:

  • Performance of a contract — to provide the Service you have signed up for and to process your subscription.
  • Legitimate interests — to secure the Service, prevent fraud and abuse, debug, and improve the product, balanced against your rights and freedoms.
  • Consent — for optional analytics cookies and for any optional marketing communications. You may withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, and other applicable laws.

5. Sharing of Information & Sub-processors

We do not sell your personal information. We share data only with service providers ("sub-processors") that help us run the Service, under contracts that require them to protect your information:

  • OpenAI — processes the prompts, templates, and content you submit in order to generate AI replies.
  • LemonSqueezy — merchant of record for payments, billing, invoicing, and tax. See LemonSqueezy's privacy notice at https://www.lemonsqueezy.com/privacy.
  • Google — for "Sign in with Google" authentication and Google Analytics measurement.
  • Hosting and email infrastructure providers — for running the website, API, database, and sending transactional email.

We may also disclose information to comply with applicable law, lawful requests, or to protect the rights, property, or safety of ScribeBolt, our users, or others, and as part of a corporate transaction (e.g., merger, acquisition, asset sale) with appropriate safeguards.

6. International Data Transfers

ScribeBolt is operated from Serbia and uses sub-processors located in the United States and other countries. When personal data of EEA/UK residents is transferred outside the EEA/UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, supplemented by additional measures where required.

7. Cookies, Analytics & Tracking

We use strictly necessary cookies to keep you signed in and to protect against abuse. With your consent, we also use Google Analytics to understand aggregate usage patterns. We do not show ads, do not use remarketing or cross-site advertising cookies, and do not sell or share your personal information for cross-context behavioral advertising.

You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on, by rejecting optional cookies in our consent banner, or by clearing cookies in your browser. Most browsers also let you block or delete cookies through their settings.

8. Email Communications

We send transactional emails (such as account verification, password resets, billing receipts, and important service notices) as part of operating the Service. These are required for the contract and cannot be opted out of without closing your account. Any optional product or marketing emails will only be sent with your consent and you can unsubscribe at any time using the link in those emails or by contacting us.

9. Data Retention

We retain personal information for as long as your account is active and for a reasonable period afterward to comply with legal, tax, and accounting obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete or anonymize it.

10. Security

We use industry-standard measures to protect your information, including TLS in transit, hashed passwords, access controls, and least-privilege practices. No method of transmission or storage is 100% secure; if we become aware of a breach affecting your personal data, we will notify you and the relevant authorities as required by law.

11. Your Rights under GDPR

If you are in the EEA or the UK, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request erasure ("right to be forgotten") where applicable.
  • Restrict or object to certain processing, including processing based on legitimate interests.
  • Receive your data in a portable, machine-readable format and, where technically feasible, have it transmitted to another controller.
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.
  • Lodge a complaint with your local data protection supervisory authority.

To exercise these rights, contact us at the email address in Section 17.

12. Your Rights under CCPA / CPRA (California Residents)

If you are a California resident, the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA") gives you the rights described below.

Categories of personal information collected in the last 12 months:

  • Identifiers — name, email address, account ID, IP address, OAuth provider IDs.
  • Customer records — account credentials and contact details.
  • Commercial information — subscription tier, plan status, billing history.
  • Internet or other electronic network activity — usage logs, feature interactions, analytics events.
  • User-generated content — templates, prompts, generated outputs, and support correspondence.
  • Inferences — basic preferences derived from product usage to improve the Service.

Sources: directly from you, from your device/browser, from sign-in providers (Google), and from our payment processor (LemonSqueezy).

Business purposes: providing and securing the Service, processing payments, customer support, analytics, and legal compliance (see Section 3).

Sale or sharing: we do not sell personal information and do not share it for cross-context behavioral advertising.

Sensitive personal information: we do not use sensitive personal information for purposes that would trigger your right to limit such use under the CPRA.

You have the right to:

  • Know what personal information we collect, use, disclose, and (if applicable) sell or share.
  • Request deletion of personal information we have collected from you.
  • Request correction of inaccurate personal information.
  • Opt out of the sale or sharing of personal information (not applicable — we do not sell or share).
  • Limit the use and disclosure of sensitive personal information.
  • Be free from discrimination for exercising your CCPA/CPRA rights.
  • Designate an authorized agent to make a request on your behalf.

To exercise these rights, contact us at the email address in Section 17. We will verify your request using the email associated with your account.

13. CalOPPA Disclosures

The California Online Privacy Protection Act ("CalOPPA") requires the following disclosures:

  • The categories of personally identifiable information we collect are listed in Section 2.
  • The third parties with whom we share that information are listed in Section 5.
  • You may review and request changes to your account information by signing in to your account or by contacting us at the email address in Section 17.
  • We will notify users of material changes to this Policy by updating the "Last updated" date and, where appropriate, by email or in-product notice (see Section 16).
  • Do Not Track ("DNT") signals. Our Service does not currently respond to DNT browser signals because no consistent industry standard has been established. You can still control tracking via our cookie banner and your browser settings, as described in Section 7.

14. Children's Privacy

The Service is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us at the email address in Section 17 and we will take steps to delete it.

15. Third-Party Links

The Service may link to third-party websites or services that we do not control. This Policy does not apply to those third parties, and we are not responsible for their privacy practices. Please review their privacy notices before using them.

16. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, give additional notice (such as a banner on the Service or an email). Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.

17. Contact Us

If you have questions, requests, or complaints regarding this Privacy Policy or your personal information, contact us at:

scribeboltofficial@gmail.com

ScribeBolt is operated by an individual located in Serbia.