Trust & security
Built to protect the writer’s work.
We build tools for writers who’ve already been treated unfairly by software. The least we can do is treat their data with care. Here’s how we approach security, privacy, and the handling of the keys that make Authorship Certificates verifiable.
HOW WE PROTECT YOUR DATA
Security and privacy, in plain terms
No jargon walls. Here is what we actually do.
Encryption in transit and at rest
Traffic between your devices and our services runs over TLS. Stored data is encrypted at rest. Credentials for connected accounts — reference managers, integrations — are encrypted before they’re saved.
Authorship signing keys
Authorship Certificates are signed with ed25519 keys. Signing keys are handled as sensitive secrets, separated from general application data and access-controlled. The public key is what lets anyone verify a certificate — the private key never leaves our signing path.
Data protection & residency
We store what a feature needs and delete it when it’s no longer useful. Processing runs with reputable cloud providers; our subprocessor list describes the categories and regions involved.
Access control & least privilege
Access to systems and customer data is scoped to who needs it. User-facing endpoints are owner-scoped — you can only reach your own records. Administrative access is role-based and logged.
Privacy by design
We don’t train models on your writing. Recording features are opt-in. Where a task can run on-device, we prefer it; where it can’t, we minimize what we send and how long we keep it.
Transparency & your rights
You can export and delete your data. Our privacy policy and DPA describe what we collect, why, and how long we keep it — in language meant to be read, not survived.
A note on the Authorship Certificate
The certificate documents how a piece of writing was made. It is verifiable evidence of process — not a legal verdict, and not a guarantee against any detector.
Verification is public and key-based: anyone with the link can confirm a certificate wasn’t altered, without an account and without trusting us. The security that matters most here is the integrity of the signing keys — which is why we treat them as our most sensitive secret.
Found something?
Responsible disclosure
If you believe you’ve found a security issue, we want to hear about it. Email us and we’ll work with you in good faith to confirm and fix it.
Care for the work.
Care for the writer.
See how our security and privacy choices show up across the products we build.