Privacy and data handling

The short version

We do not train models on your manuscripts. You own what you write. Your files are encrypted at rest and in transit, and only you can read them. When you run a generation pass, the model vendor you picked sees the content that pass needs. We use a short list of processors to run the service; each one is listed below.

What we collect

Account. Email address. Magic-link authentication means we do not handle a password.

Your writing. The manuscripts, chapters, scenes, outlines, notes, character and world entries, prompts, and configuration you create. Stored in our database in your own isolated rows.

Operational records. When a generation pass runs we keep a log of which model, which prompt version, how many tokens, which cost, and which output was produced. That log is what makes Pendraic auditable. You can always go back to a finding and see exactly how it was produced. These records are yours, scoped to your account, and deleted when you delete the content they relate to.

Billing.When you pay for a tier we hand you off to Stripe's hosted checkout. Stripe collects your name, email, billing address, and card details directly — we never see or handle them. Stripe sends back only the customer id, subscription id, plan, and the last four digits of the card so we can render your invoice and receipts in Account → Billing.

Model training and your work

What we control: Pendraic does not train any model on your manuscripts, outlines, registry entries, prompts, or any other content you write here. We do not sell your content. The only time your work leaves our database is when you initiate a generation pass.

What we don’t control: when a generation pass runs, your prompt and the context that pass needs are sent to whichever AI provider is powering the call. That provider operates under its own terms. We can describe what those terms typically say, but we can’t promise them on the provider’s behalf. Most major providers’ standard API tiers today do not use customer prompts for model training; that posture is the provider’s to keep, and providers occasionally change defaults. If you require direct control over how an upstream provider treats your content, BYOK is the right path: you connect a key from a provider whose terms you’ve reviewed and accepted yourself, and Pendraic routes the call through that contract.

The supported providers are Anthropic, OpenAI, Google, and OpenRouter (which brokers to a wider catalog). Pendraic Managed AI is a billing convenience that routes to those same providers; the provider terms still apply.

Processors we use

Pendraic uses industry-standard service providers to deliver the product: authentication, database hosting, application hosting, transactional email, payment processing, and durable job scheduling. Each processor is bound by a data-processing agreement that restricts them to operating the service on our behalf and prohibits them from using your content for any other purpose. Data is encrypted at rest and in transit.

Stripe. Card data goes to Stripe directly; we receive only the tokens, descriptors, and metadata needed to process your subscription. (Disclosed by name because PCI compliance norms expect this.)

AI providers. When you run an AI generation pass, the prompt and any retrieved context are sent to the provider that powers the call (the one whose key you connected, or the Pendraic Managed AI service). We do not send your work to any AI provider outside of a generation pass you initiate. Pendraic itself does not train on your work and does not sell your content. The provider that handles the call operates under its own terms; for a fuller breakdown of what we do and don’t control there, see “Model training and your work” above.

Your rights

You can export your manuscripts and indexes at any time from the Bookshelf export menu. You can delete any project or your entire account and we will remove the content within 30 days, retaining only records we are legally required to keep (for example, billing receipts for tax purposes).

If you live in a jurisdiction with formal data-subject rights (GDPR, UK GDPR, CCPA/CPRA, etc.), you can exercise those rights. That covers access, correction, deletion, portability, and objection to processing. Email help@pendraic.com. We will respond within the window your local law requires. We do not discriminate against users who exercise their rights.

Retention and backups

Live content lives in our database. Backups roll out on a 30-day window. When you delete content, it is removed from the live database immediately and rotates out of backups within that window.

Children

Pendraic is not directed to children under 13 and we do not knowingly collect personal information from them. If you believe a child has created an account, email us and we will remove it.

Changes

If we change this page in a way that affects how we handle your data, we will notify account holders by email before the change takes effect. That applies in particular to anything about model training, data retention, or processors.

Questions: help@pendraic.com. See also our terms.