This Privacy Policy explains how we collect and use your information. Please also review our Terms of Service for information about billing, cancellation, content ownership, and legal terms.
Data Controller
In compliance with the EU General Data Protection Regulation (GDPR - Regulation 2016/679) and Spanish Organic Law 3/2018 (LOPDGDD), we identify the data controller as follows:
- Data controller: PLOTWELL, S.L.
- Registered address: Calle Princesa 31, 2-2, 28008 Madrid, Spain
- NIF (Tax ID): B26924068
- Contact email: privacy@plotwell.ai
Given the nature and scale of our data processing activities, we are not required to appoint a Data Protection Officer (DPO). For any data protection inquiries, please contact us at the email above.
Information We Collect
We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support.
- Account Information: Name, email address, and password
- Content: Scripts, treatments, characters, and other creative content you create
- Usage Data: How you interact with our platform and features
- Device Information: Browser type, IP address, and device identifiers
- Billing Information: Payment details processed securely through Stripe (we do not store full credit card numbers)
- Subscription Data: Plan type, billing cycle, addon purchases, and payment history
How We Use Your Information and Legal Basis
Under GDPR Article 6, we process your personal data on the following legal bases:
- Contract performance (Art. 6.1.b): Providing, maintaining, and improving our services; processing transactions; managing your account and subscription
- Legitimate interest (Art. 6.1.f): Monitoring and analyzing usage trends; personalizing user experience; sending technical notices and support messages; fraud prevention and security
- Legal obligation (Art. 6.1.c): Tax and accounting compliance; responding to lawful data requests from authorities
- Consent (Art. 6.1.a): Marketing communications and promotional emails (you can withdraw consent at any time); non-essential cookies and analytics tracking
AI Processing and Data Handling
plotwell integrates AI-powered features through third-party providers. Understanding how your data is handled during AI processing is important:
What Data Is Sent to AI Providers
- Project Context: When you use AI features (brainstorming, script generation, scene creation, Script Doctor analysis), relevant portions of your project content are sent to third-party AI providers for processing. This may include script excerpts, character descriptions, location details, story outlines, and other project data
- Prompts and Instructions: Your messages, instructions, and requests to AI features are transmitted to AI providers
- No Personal Data: We do not send your personal account information (email, name, payment details) to AI providers — only creative project content necessary for generating responses
Third-Party AI Providers
- Providers Used: Our AI features are powered by third-party services including Replicate, OpenAI, OpenRouter, and xAI. We may change providers to improve service quality
- Provider Privacy Policies: Data sent to AI providers is subject to their respective privacy policies and data handling practices
- Training Data: We request that our AI providers do not use your content for training their models. However, we cannot guarantee how third-party providers handle data once it is transmitted. Please review their privacy policies for details
- Data Retention by Providers: Third-party AI providers may temporarily retain data for processing, abuse prevention, or legal compliance as described in their own policies
AI Output Limitations
Important: AI-generated content is produced by machine learning models and is inherently imperfect. Outputs may contain errors, inaccuracies, biases, or content that resembles existing copyrighted works. You are solely responsible for reviewing and verifying all AI-generated content before use. See our Terms of Service for full AI disclaimers.
Usage Tracking
- Usage Metrics: We track AI feature usage (number of requests, token counts, feature types) for billing, rate limiting, and service improvement
- No Content Storage: We do not permanently store the content of AI requests or responses beyond what is necessary to provide the service (e.g., conversation history you explicitly save)
- Anonymized Analytics: We may use anonymized, aggregated usage data to improve our AI features and service quality
Payment Processing
All payment processing is handled securely by Stripe, a PCI-compliant third-party payment processor:
- Credit Card Data: We never store your full credit card information on our servers. All payment details are securely stored by Stripe.
- Billing Information: We store minimal billing data (customer ID, subscription status) needed to provide service.
- Transaction Records: Payment history and invoices are stored for accounting and tax compliance.
- Stripe Privacy: Your payment information is subject to Stripe's Privacy Policy.
Information Sharing
We do not sell, trade, or otherwise transfer your personal information to third parties, except:
- With your consent
- To comply with legal obligations
- To protect our rights and safety
- With service providers who assist our operations under strict confidentiality and data processing agreements
International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA). We ensure appropriate safeguards for international data transfers in compliance with GDPR Chapter V:
- Stripe (USA): Payment processing. Transfers protected by Standard Contractual Clauses (SCCs) and EU-U.S. Data Privacy Framework certification
- Supabase (USA): Database and authentication. Transfers protected by SCCs and Data Processing Agreement
- Vercel (USA): Frontend hosting and deployment. Transfers protected by SCCs
- Render (USA): Backend hosting. Transfers protected by SCCs and Data Processing Agreement
- AI providers — Replicate, OpenAI, OpenRouter, xAI (USA): AI content generation. Creative project content (not personal data) is sent for processing. Transfers protected by SCCs where applicable
- Amplitude (USA): Analytics. Anonymized usage data. Transfers protected by SCCs
You can request a copy of the applicable Standard Contractual Clauses by contacting us at privacy@plotwell.ai.
Children's Privacy
plotwell is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly. If you believe a minor has provided us with personal data, please contact us at privacy@plotwell.ai.
Data Security
We implement appropriate security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure.
Content Ownership and Data Responsibility
You Own Your Content: All creative work you create on plotwell remains your intellectual property. We do not claim ownership of your scripts, characters, treatments, or any other content.
Your Responsibility: While we implement robust backup and security measures, you are ultimately responsible for maintaining backups of your important work. We strongly recommend regularly exporting your projects.
Service Role: We provide storage and processing services for your content but are not liable for data loss due to technical failures, account termination, or other circumstances. Always maintain personal backups of critical work.
Data Retention
We retain your personal data only for as long as necessary for the purposes described in this policy:
- Account data: Retained while your account is active, and deleted within 30 days of account deletion request
- Creative content: Retained while your account is active. After account termination, you have 30 days to export before permanent deletion
- Billing and transaction records: Retained for 5 years after the transaction, as required by Spanish tax law (Ley General Tributaria)
- AI usage logs: Anonymized usage metrics retained for service improvement. Request/response content is not permanently stored
- Analytics data: Anonymized and aggregated analytics retained for up to 24 months
- Support communications: Retained for up to 3 years after resolution
Your Rights (GDPR)
Under the GDPR and Spanish LOPDGDD, you have the following rights regarding your personal data:
- Right of access (Art. 15): Request a copy of all personal data we hold about you
- Right to rectification (Art. 16): Correct inaccurate or incomplete personal data
- Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
- Right to restriction (Art. 18): Request that we limit the processing of your data
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format. You can also export your creative content at any time in PDF and JSON formats
- Right to object (Art. 21): Object to processing based on legitimate interest, including profiling
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
How to exercise your rights: Send your request to privacy@plotwell.ai. We will respond within one month, as required by GDPR Article 12. In complex cases, we may extend this period by two additional months, with prior notification.
Supervisory authority: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Agencia Española de Protección de Datos (AEPD) at www.aepd.es, Calle Jorge Juan 6, 28001 Madrid, Spain.
Cookies
In compliance with the LSSI-CE (Spanish Law 34/2002) and the ePrivacy Directive, we provide detailed information about the cookies used on our platform:
Essential Cookies (no consent required)
These cookies are strictly necessary for the platform to function. They cannot be disabled.
| Cookie | Provider | Purpose | Duration |
|---|
| sb-*-auth-token | Supabase | User authentication session | Session |
| plotwell-auth | plotwell | Cross-subdomain login detection | Session |
| plotwell-consent | plotwell | Stores your cookie consent preference | 1 year |
| __stripe_* | Stripe | Payment security and fraud prevention | Varies |
Analytics Cookies (consent required)
These cookies help us understand how you use the platform. They are only activated after you give consent.
| Cookie | Provider | Purpose | Duration |
|---|
| AMP_* | Amplitude (EU servers) | Usage analytics, session replay, feature tracking | 1 year |
Advertising Cookies (consent required)
These cookies are used to measure advertising effectiveness and attribution.
| Cookie | Provider | Purpose | Duration |
|---|
| _gcl_* | Google Ads | Conversion tracking and ad attribution | 90 days |
| _gac_* | Google Ads | Campaign information storage | 90 days |
Managing Your Preferences
You can change your cookie preferences at any time by clicking "Cookie Preferences" in the website footer or in your account settings. You can also control cookies through your browser settings. Note that disabling essential cookies may prevent the platform from functioning correctly.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at privacy@plotwell.ai
PLOTWELL, S.L. · NIF: B26924068 · Calle Princesa 31, 2-2, 28008 Madrid, Spain