Legal
Privacy Policy
Plain-language answers about what we keep, why we keep it, and the control you have over your writing.
Author Desk (myauthordesk.com) is an independent writing app, operated by Nimrod Klemer — a sole proprietor based in Israel — who is the data controller for your personal data under the GDPR and applicable privacy laws ("we", "us", "our"). This policy explains, in plain language, what we keep, why we keep it, and the control you have over it.
Our GDPR commitment
Author Desk is designed to comply with the EU General Data Protection Regulation (GDPR) and the UK GDPR. In practice that means we:
- name a single data controllerresponsible for your data (Nimrod Klemer, Israel — an EU-adequate country);
- process your data only to provide the service or with your consent, and never use your writing to train AI;
- put data-processing terms with Standard Contractual Clauses (or the UK equivalent) in place with the sub-processors that handle your data for international transfers (section 3);
- give you working tools to access, export, and delete your data (section 5).
To exercise a right or ask a data-protection question, email support@myauthordesk.com.
1. What We Keep
To make Author Desk work, we store a few things on your behalf. You always own your writing — we never use it to train AI, and we never sell it. Here is exactly what we keep, and why.
Your account
When you sign up, we receive your name, email address, and profile picture through our authentication provider, Clerk, and store them so we can recognize you and set up your account.
Your documents
The documents and folders you create — along with details like title, description, genre, and word count — are saved so they are waiting for you each time you come back. Cover images you upload are kept too. Everything stays private to your account unless you choose to share or publish it.
AI & search
When you use our AI features (Librarian chat, editor tools, or document syncing), portions of your document content are sent to third-party AI providers to generate the response you asked for. To power search and retrieval, your documents are also split into chunks and turned into embeddings (numerical representations of the text) so the Librarian can find the right passages; both the chunk text and its embedding are stored alongside your other content.
Our AI providers do not use your writing to train their models. We send your content to these providers through their APIs, which are governed by data-processing terms that prohibit training on your data. Providers may retain copies briefly (typically up to 30 days) solely to detect abuse, after which the copies are deleted; where a provider lets us reduce or disable that retention, we do (see section 4). We never sell your writing or share it for advertising.
Usage
We track AI credit usage (tokens consumed per request) to enforce plan limits. Writing statistics (word counts, streaks, daily goals) are stored to power your dashboard. We use Sentry for error tracking. We also collect anonymous, aggregated usage and performance metrics (page views, referrers, and load-speed vitals) via Vercel to understand traffic and improve the app. This uses no cookies, stores nothing on your device, and does not profile or identify you.
Billing
Payments are processed by Polar, who acts as our billing provider. We do not store your payment card details. Polar shares your subscription status and plan tier with us so we can activate your account features.
2. How We Use Your Information
- To provide and improve Author Desk's features
- To process your writing through AI tools when you explicitly request it
- To enforce plan limits and prevent abuse
- To diagnose errors and monitor performance
- To communicate service updates when necessary
3. Third-Party Services
We share data with the following providers as needed:
- Clerk— authentication and session management
- Convex— database and backend functions
- Anthropic— AI text generation for editor tools, Librarian chat, and character creation (our primary AI provider)
- OpenAI— document embeddings for search, behind-the-scenes steps that improve search relevance, and an optional Librarian chat model
- xAI— behind-the-scenes steps that improve search relevance when your documents are synced or searched, and an optional Librarian chat model (beta). Short excerpts of your text or search queries are sent for these steps.
- Google— an optional Librarian chat model (Gemini). When selected, your chat messages and relevant document excerpts are sent to generate responses.
- Polar— subscription billing
- Resend— transactional email delivery (such as account and waitlist notifications). Only your email address and the message content are sent; no document content is shared.
- Sentry— error monitoring (no document content is sent)
- Vercel— hosting and privacy-friendly, cookieless analytics
We do not sell your personal data or writing content to any third party.
International Data Transfers
Most of these providers are based in the United States, so using Author Desk involves transferring your data outside the EU/EEA and the UK. Where required, these transfers are covered by the European Commission's Standard Contractual Clauses (or the UK equivalent) included in each provider's data-processing agreement. The list of providers in section 3 above is our current list of sub-processors, which we keep up to date on this page.
4. Data Retention
Your account data and documents are kept for as long as your account is active. When you delete a document, it is permanently removed from our database along with its embeddings and version snapshots. Librarian chat conversations are retained until you delete them or delete your account. If you delete your account, all associated data is removed within 30 days.
Content sent to AI providers is handled under their data-processing terms as described in section 1 — it is not used to train their models. Providers typically retain inputs for up to 30 days for abuse detection and then delete them. Where a provider offers a way to reduce or eliminate this retention, we enable it: our Anthropic requests use an ephemeral cache that is not retained after the request, and our OpenAI requests are sent with storage disabled. For providers that do not offer a per-request retention control on our current plan, the standard 30-day abuse-detection window applies.
5. Your Rights
You can:
- Export your documents at any time (PDF, DOCX, HTML, TXT)
- Delete any document yourself at any time, or permanently delete your entire account and all associated data from the Billing page. If you prefer, you can instead email support@myauthordesk.com and we will complete the deletion for you.
- Access all data we hold about you by contacting us
If you are located in the EU/EEA, you also have rights under the GDPR including data portability, rectification, erasure, and the right to lodge a complaint with a supervisory authority. Business customers who require a Data Processing Agreement can request one at the contact address below.
If you are a California resident, the CCPA gives you the right to know what personal information we collect and how we use it, to request deletion of your personal information, and to not be discriminated against for exercising these rights. We do not sell your personal information or writing content. To exercise these rights, contact us using the address in section 9.
Children.Author Desk is not directed to children under 13, and we do not knowingly collect personal data from them. If you believe a child under 13 has provided us data, contact us at the address in section 9 and we will delete it. If you are under 18, you may only use Author Desk with the consent of a parent or guardian, as described in our Terms of Service.
6. Legal & Government Disclosure
We do not voluntarily share your writing or personal data with governments or law enforcement. We will disclose personal data or content only when we are required to by valid legal process — such as a subpoena, court order, or warrant — under applicable law, or where we reasonably believe disclosure is necessary to protect the rights, safety, or property of our users or the public, or to detect and prevent fraud or abuse. Where we are legally permitted to do so, we will notify you before responding to such a request.
7. Security
All data is transmitted over HTTPS. Authentication tokens are managed by Clerk. We enforce rate limits on AI requests and apply security headers (HSTS, X-Frame-Options, X-Content-Type-Options) across the application.
Your documents and other content are scoped to your account: our backend only returns them to you as the authenticated owner (or to people you have explicitly shared or published to). Content is protected by these access controls, by encryption in transit, and by the access controls of our infrastructure providers. Your writing is never included in our error-monitoring data — our monitoring is configured to drop any event that contains document content and to strip personal identifiers such as your email address.
Optional zero-knowledge encryption. You can enable writing encryption in your account settings. When enabled, your manuscripts, version history, writing samples, and wiki notes are encrypted in your browserwith keys derived from a passphrase and recovery code that only you hold — our servers store only ciphertext and reject readable copies of your writing. We cannot read your stored writing. Because we hold no key, losing both your passphrase and recovery code makes that writing permanently unrecoverable; there is no reset.
Encryption covers what you have written, with these boundaries, each under your control:
- AI features process text transiently.When you invoke a feature (grammar checking, rewrite tools, chat), the relevant text is decrypted on your device and sent for processing — to our self-hosted LanguageTool server and/or to our AI sub-processors (Anthropic; OpenAI for embeddings). It is processed in memory and is never stored by us in readable form. Our grammar-check proxy holds request data in a short-lived in-memory cache (at most 60 seconds) and writes nothing to disk.
- The Librarian is opt-in per book. Its recall works from a stored, readable index of that book (text excerpts and embedding vectors derived from your text) and readable chat history. You enable it per book after an explicit disclosure; disabling it deletes the index.
- Published works are publicand therefore stored readable — that is what publishing means. Unpublishing deletes the readable copy.
- Some metadata stays readable so the app can function: titles, wiki entry names and aliases, word counts, and timestamps.
- Sharing is unavailable while encryption is enabled (collaborators would need your key).
8. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of Author Desk after changes constitutes acceptance.
9. Contact
Author Desk is operated, and your data controlled, by Nimrod Klemer (Israel). For privacy questions, to request our current sub-processor list, or to exercise any of your rights, email us at support@myauthordesk.com.