This Privacy Policy describes how PolicyPen (“we,” “us,” or “our”) collects, uses, and shares information about you when you visit policypen.io and use our AI-powered policy generation service (the “Service”). By using the Service you agree to the practices described in this policy.
PolicyPen is an independent SaaS product. For questions about this policy, contact us at hello@policypen.io.
We use Clerk for authentication. When you sign up, Clerk collects your email address, name, and (if you use OAuth) your Google or GitHub profile. We receive and store your Clerk user ID, email address, and display name in our database to identify your account.
We store the information you provide when creating products and generating policies — including product names, website URLs, business descriptions, jurisdiction selections, and the questionnaire answers you submit. Generated policy content (HTML text) is stored in our database linked to your account.
We use Dodo Payments to process subscriptions. Your payment card details are collected and stored by Dodo Payments — we never see or store your full card number. We receive billing events (subscription created, renewed, cancelled) and store your Dodo customer and subscription IDs for plan management.
We track token usage per month (to enforce free plan limits) and count policy generations and products created. We do not sell this data or use it for advertising.
Our infrastructure (Vercel) automatically collects standard web server logs including IP addresses, browser type, pages visited, and timestamps. This data is used for security, debugging, and performance monitoring and is retained according to Vercel’s data retention policies.
We do not use your policy content to train AI models. Prompts and content are sent to Anthropic’s Claude API solely to generate your requested documents; Anthropic’s data usage policies apply to that processing.
We share data with the following sub-processors to operate the Service:
Each of these providers has their own privacy policy governing their use of data. We encourage you to review them. We do not share your personal data with any advertising networks or data brokers.
We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data and policy content within 30 days, except where retention is required by law (for example, billing records may be retained for up to 7 years for tax purposes).
You may request deletion of your data at any time by emailing hello@policypen.io.
We use cookies solely for authentication (Clerk session cookies) and to remember your preferences. We do not use advertising or third-party tracking cookies. Your browser can be configured to reject cookies, though this will prevent you from staying signed in.
Regardless of where you are located, you may contact us at any time to:
Our lawful basis for processing is performance of a contract (operating the Service for you) and legitimate interests (security, abuse prevention). For marketing emails, we rely on your consent. You have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK).
We do not sell or share your personal information with third parties for advertising purposes. You have the right to know, access, correct, and delete your personal information. To exercise these rights, email hello@policypen.io.
We use industry-standard measures to protect your data: TLS encryption in transit, encrypted database storage via Supabase, Row Level Security (RLS) policies ensuring each user can only access their own data, and Clerk’s battle-tested authentication infrastructure. No method of internet transmission is 100% secure, and we cannot guarantee absolute security.
The Service is not directed to children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a minor has created an account, contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email at least 14 days before the change takes effect. The “Last updated” date at the top of this page will always reflect the most recent revision.
Questions or concerns about this policy? Email us at hello@policypen.io. We respond within 5 business days.