Privacy Policy

Last updated: April 15, 2026

1. Introduction

PoliWriter ("we," "our," or "us") operates the poliwriter.com website and the PoliWriter compliance documentation platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, and password when you create an account.
  • Company Profile Data: Industry, employee count, cloud providers, security tools, and other details you provide during onboarding to customize your compliance documents.
  • Contact Information: Name, email, phone number, and company details when you submit a contact or demo request form.
  • Payment Information: Billing details processed by our payment provider (DodoPayments). We do not store credit card numbers on our servers.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, documents generated, and actions taken within the platform.
  • Device Information: Browser type, operating system, IP address, and device identifiers.
  • Cookies: We use essential cookies for authentication and session management. We do not use third-party advertising cookies.

2.3 Integration Data

If you connect third-party integrations (AWS, GitHub, Okta, etc.), we collect API responses and configuration snapshots solely for compliance monitoring and evidence collection. Integration credentials are encrypted at rest and decrypted only during scheduled compliance scans.

3. How We Use Your Information

  • Generate and customize compliance documents using AI based on your company profile.
  • Provide, maintain, and improve the Service.
  • Process payments and manage subscriptions.
  • Send transactional emails (document acknowledgments, account notifications).
  • Respond to your inquiries and support requests.
  • Monitor integration health and compliance posture on your behalf.
  • Analyze usage patterns to improve the platform (in aggregate, not individually).

4. AI Processing

We use Anthropic's Claude AI to generate compliance documents. Your company profile data is sent to the AI model to produce customized policies. We do not use your data to train AI models. Generated documents are stored in your account and are not shared with other customers.

5. Data Sharing

We do not sell your personal information. We share data only with:

  • Service Providers: Supabase (database and authentication), Anthropic (AI document generation), DodoPayments (payment processing), Resend (transactional email), Vercel (hosting).
  • Auditors: Only when you explicitly enable your Trust Center or share an auditor portal link.
  • Legal Requirements: When required by law, regulation, or legal process.

6. Data Security

  • All data transmitted over HTTPS with TLS encryption.
  • Integration credentials encrypted at rest using AES-256.
  • Database hosted on Supabase with row-level security policies.
  • Access controls enforced via Supabase Auth with optional multi-factor authentication.
  • Regular security reviews of our infrastructure and dependencies.

7. Data Retention

We retain your account data and generated documents for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law. Usage logs are retained for up to 12 months for analytics purposes.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and personal data.
  • Export your documents and data.
  • Object to or restrict certain processing activities.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at privacy@poliwriter.com.

9. International Data Transfers

Our services are hosted in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US. We rely on standard contractual clauses and our service providers' compliance programs to ensure adequate protection of transferred data.

10. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: