Privacy — WriteKit

TL;DR. We store your account, your subdomain, and your pages. Nothing else. No analytics, no pixels, no ad networks, no training on your drafts. Export or delete at any time.

Who we are

WriteKit is operated by the project owner listed on GitHub. For privacy questions, email [email protected].

What we store (hosted)

Account: email address, OAuth provider identity, user ID.
Subdomain and any custom domain you configure.
Pages and collections: your content, in a SQLite file we hold for you.
Team members: emails and roles of people you invite.
Billing: a Stripe customer ID. Card details live with Stripe, never with us.
Server logs: request metadata (IP, path, status, timestamp) kept briefly for abuse and debugging.

What we don't collect

No third-party analytics, pixels, or session-replay scripts.
No advertising networks or data brokers.
We don't train AI models on your drafts or published pages.
We don't sell or share your content with anyone.

Subprocessors

Services we use to operate the hosted product:

Hosting / storage — our infrastructure provider runs the server and stores the SQLite files.
Stripe — subscription billing and card processing.
Amazon SES — transactional email (magic links, invitations).
GitHub, Google, Discord — OAuth sign-in, only when you choose that provider.

Cookies

We set a session cookie when you sign in and a CSRF cookie to protect form posts. Both are strictly necessary for the site to work — no tracking cookies.

Retention

Content stays until you delete it or delete your account.
Server logs are kept for a short window (days, not months).
Billing records are retained as required for tax and accounting.

Your rights

You can, at any time:

Access / export your content. Pages are Markdown; collections are standard rows. Contact us for a full dump if you can't self-serve.
Correct anything via site settings or the MCP tools.
Delete your account from settings — this removes your SQLite file and your account record.
Revoke MCP access from settings; tokens can be pulled at any time.

Under GDPR / UK GDPR you also have the right to object to processing and to lodge a complaint with your local data protection authority.

Desktop app

The desktop build doesn't send anything to writekit.dev. Content lives in a SQLite file in your OS user data directory. The only outbound traffic is a one-time embedding-model download from Hugging Face if you enable the semantic graph.

Changes

If this policy changes materially we'll announce it on the site and bump the "last updated" date above. Minor clarifications won't get a notice, but the latest version is always at writekit.dev/privacy.