Privacy Policy

Last updated: March 24, 2026

Scrivvy LLC ("Scrivvy," "we," "us," or "our") operates the Scrivvy service at scrivvy.ai, including its website, browser extensions, and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the Service.

By accessing or using the Service, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

Account information: When you create an account, we collect your name, email address, and password. Your password is stored as a cryptographic hash — we never store or have access to your password in plain text.

Payment information: When you subscribe to a paid plan, payment is processed by Stripe. We do not store your full credit card number, CVC, or other sensitive payment card details on our servers. We may receive and store limited payment information from Stripe, such as the last four digits of your card, card brand, expiration date, and billing address, for record-keeping and customer support purposes.

Content data: When you use the Service, we receive and process:

  • URLs of videos and podcasts you submit for summarization
  • Transcripts generated from the audio or video content
  • AI-generated summaries and related outputs
  • Any preferences, settings, or configurations you provide

Communications: If you contact us by email or other means, we collect the information you provide in those communications.

1.2 Information Collected Automatically

Log data: When you access the Service, our servers may automatically record information including your IP address, browser type, operating system, referring URL, pages visited, and date/time of access. This information is used for security, troubleshooting, and service operation purposes.

Cookies and local storage: We use:

  • Session cookies — required for authentication and to keep you logged in. These are essential for the Service to function.
  • CSRF token cookies — required for security to prevent cross-site request forgery.
  • Browser local storage — to store your theme preference (light/dark mode). This data remains in your browser and is not transmitted to our servers.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. We do not use Google Analytics, Facebook Pixel, or similar tracking services.

1.3 Information from Browser Extensions

Our browser extensions for Chrome and Firefox access page content only as necessary to provide summarization functionality (e.g., detecting video IDs on YouTube pages). The extensions do not collect browsing history, track your activity across websites, or transmit data except as needed to request summaries from the Service.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: Process your summarization requests, generate transcripts and summaries, and deliver them to you.
  • Account management: Create and manage your account, authenticate your identity, and process subscription payments.
  • Communication: Send you service-related notices, respond to your inquiries, and provide customer support.
  • Security and fraud prevention: Detect, prevent, and address fraud, abuse, security issues, and technical problems.
  • Service improvement: Analyze usage patterns to maintain, improve, and develop the Service.
  • Legal compliance: Comply with applicable laws, regulations, legal processes, or governmental requests.

We do not use your information for targeted advertising. We do not sell your personal information.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following limited circumstances:

Service providers: We share information with third-party service providers who perform services on our behalf, including:

  • Stripe — for payment processing. See Stripe's Privacy Policy.
  • AI providers (e.g., OpenAI, Anthropic) — we send transcript data to AI providers to generate summaries. This data is processed according to their respective privacy policies and data processing agreements. We do not send your account information (name, email) to AI providers.
  • Google reCAPTCHA — to protect against automated abuse during registration and form submission. See the Google Privacy Policy and Google Terms of Service.
  • Hosting and infrastructure providers — for server hosting and content delivery.

Legal requirements: We may disclose your information if required to do so by law or in response to valid legal process, such as a subpoena, court order, or government request.

Protection of rights: We may disclose information when we believe disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.

Business transfers: If Scrivvy LLC is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4. Data Retention

We retain your information as follows:

  • Account information: Retained for as long as your account is active.
  • Transcripts and summaries: Retained for as long as your account is active to enable access to your summary history and allow re-summarization.
  • Payment records: Retained as necessary for accounting, tax, and legal compliance purposes.
  • Log data: Retained for a reasonable period for security and troubleshooting purposes, then deleted or anonymized.

Upon account deletion, we will delete or anonymize your personal data within thirty (30) days, except where we are required by law to retain certain information or where retention is necessary for legitimate business purposes (e.g., fraud prevention, resolving disputes).

5. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Secure cryptographic hashing of passwords
  • Encrypted storage of sensitive data
  • Access controls limiting who can access your data
  • Regular security reviews

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: You can access your personal data by logging into your account. You may also request a copy of additional data we hold about you.
  • Correction: You can update your account information through your profile settings.
  • Deletion: You may request deletion of your account and associated data by contacting us. Upon deletion, we will remove your data in accordance with Section 4.
  • Export: You may request an export of your data in a machine-readable format.
  • Restriction: You may request that we restrict the processing of your personal data under certain circumstances.
  • Objection: You may object to processing of your personal data under certain circumstances.

To exercise any of these rights, contact us at scrivvyai@fastmail.fm. We will respond to your request within thirty (30) days. We may ask you to verify your identity before fulfilling a request.

7. Do Not Track Signals

We do not track users across third-party websites and therefore do not respond to Do Not Track (DNT) signals. As noted above, we do not use third-party analytics or advertising trackers.

8. Children's Privacy

The Service is not directed to children under 13 years of age (or under 16 in jurisdictions where a higher age of consent applies). We do not knowingly collect personal information from children under these ages. If we learn that we have collected personal information from a child under the applicable age, we will take steps to delete that information as promptly as possible. If you believe a child has provided us with personal information, please contact us at scrivvyai@fastmail.fm.

9. International Data Transfers

The Service is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your information to these countries, which may have different data protection laws than your jurisdiction.

10. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. As stated above, we do not sell personal information.

To exercise your California privacy rights, contact us at scrivvyai@fastmail.fm. We will not discriminate against you for exercising your rights.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date and, where feasible, by email. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Scrivvy LLC
Email: scrivvyai@fastmail.fm